[SystemSafety] Safety Cases
Michael Jackson
jacksonma at acm.org
Mon Feb 10 12:43:43 CET 2014
Felix:
Yes. But surely there is a missing prior question here:
0. What constitutes going right?
How can we discuss 'going wrong' without a clear understanding of
'going right'?
Yet in much discussion of safety this question seems to be relegated
to a tacit
background understanding.
-- Michael Jackson
At 11:19 10/02/2014, nfr wrote:
>In the 1980s, 'the safety case' was defined as having the purpose of
>answering three questions:
>
>1. What could [possibly] go wrong?
>
>2. Why won't it?
>
>3. But what if it did?
>
>One or two of you might propose that each of these questions could
>be answered by a single sentence. But, with a bit of thought, you'll
>recognise that, in order to answer the questions fully, a great deal
>of evidence must be adduced, from a great deal of work - from
>complete and correct specification, through thorough design, hazard
>ID, risk assessment, etc., to emergency planning.
>
>Felix.
>_______________________________________________
>The System Safety Mailing List
>systemsafety at TechFak.Uni-Bielefeld.DE
More information about the systemsafety
mailing list