[SystemSafety] Safety Cases

Matthew Squair mattsquair at gmail.com
Mon Feb 10 13:10:52 CET 2014


A deeper question might be, why do we think that we can easily distinguish
between a design that might 'go right' and one that will 'go wrong'?

Matthew Squair

MIEAust, CPEng
Mob: +61 488770655
Email; Mattsquair at gmail.com
Web: http://criticaluncertainties.com

On 10 Feb 2014, at 10:43 pm, Michael Jackson <jacksonma at acm.org> wrote:

Felix:

Yes. But surely there is a missing prior question here:

0. What constitutes going right?

How can we discuss 'going wrong' without a clear understanding of 'going
right'?
Yet in much discussion of safety this question seems to be relegated to a
tacit
background understanding.

-- Michael Jackson


At 11:19 10/02/2014, nfr wrote:

In the 1980s, 'the safety case' was defined as having the purpose of
answering three questions:


1. What could [possibly] go wrong?


2. Why won't it?


3. But what if it did?


One or two of you might propose that each of these questions could be
answered by a single sentence. But, with a bit of thought, you'll recognise
that, in order to answer the questions fully, a great deal of evidence must
be adduced, from a great deal of work - from complete and correct
specification, through thorough design, hazard ID, risk assessment, etc.,
to emergency planning.


Felix.

_______________________________________________

The System Safety Mailing List

systemsafety at TechFak.Uni-Bielefeld.DE


_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140210/7ebf9946/attachment.html>


More information about the systemsafety mailing list