[SystemSafety] Safety Cases

Michael Jackson jacksonma at acm.org
Mon Feb 10 12:43:43 CET 2014


Felix:

Yes. But surely there is a missing prior question here:

0. What constitutes going right?

How can we discuss 'going wrong' without a clear understanding of 
'going right'?
Yet in much discussion of safety this question seems to be relegated 
to a tacit
background understanding.

-- Michael Jackson


At 11:19 10/02/2014, nfr wrote:

>In the 1980s, 'the safety case' was defined as having the purpose of 
>answering three questions:
>
>1. What could [possibly] go wrong?
>
>2. Why won't it?
>
>3. But what if it did?
>
>One or two of you might propose that each of these questions could 
>be answered by a single sentence. But, with a bit of thought, you'll 
>recognise that, in order to answer the questions fully, a great deal 
>of evidence must be adduced, from a great deal of work - from 
>complete and correct specification, through thorough design, hazard 
>ID, risk assessment, etc., to emergency planning.
>
>Felix.
>_______________________________________________
>The System Safety Mailing List
>systemsafety at TechFak.Uni-Bielefeld.DE



More information about the systemsafety mailing list