[SystemSafety] Stupid Software Errors [was: Overflow......]
Les Chambers
les at chambers.com.au
Tue May 5 00:28:16 CEST 2015
There's a lot of wishful thinking going on here. Various levels of
certification are great ideas but their implementation has always been
patchy and probably always will be.
If you are a concerned person (and there are many of us, looking down the
barrel of retirement) all I can suggest is that you put your money on self
interest, because it's the only horse that's trying.
It turns out that you can't sustain a business that makes products that kill
people (commercial self-interest). So it's up to the people that manage
these companies, from board level down to the team leaders that manage these
cool, groovy, agile twentysomethings. I've never met one of these kids who
didn't want to do a good job and be recognised as a professional by his or
her peers (personal self-interest). It is up to management to define what
professionalism means in each individual workplace. Simple measures like
getting them in a room once a week and having a discussion about ugly,
unsafe code and general violence against software products, followed by
patterns for safe coding practice. This kind of activity used to be
facilitated by the software quality manager who unfortunately is becoming an
endangered species.
On the plus side I believe that there are two things that must happen, are
currently slowly happening and ultimately will happen because the commercial
enterprises that build and sell software will not be able to function
without them now and in the future:
1. Generation of code from models
2. Model validators
So returning to the self-interest theme, if you manage a team of developers,
get out of your chair and go down and have a look at them, ask yourself if
you really know what's going on inside their heads. If they are fresh out of
university it's probably not what you want. So do something about it for
your own sake and their's. Do something useful before you kick it into
touch, leave a legacy. You may rate a memorial.
On the subject of pledges, I add:
I pledge that I will occupy the jump seat on the first flight.
I actually volunteered to do this on an F 111 missile program once. The
program manager dismissed my enthusiasm as an irrelevance. A few years later
I met a guy on a bus. He just happened to be an F 111 airframe engineer. It
turned out that he routinely flew in the navigators seat. He told me
management made much of this measure as a safety motivator. Huh?
I continue to shake my head over these rear echelon types who think (with a
giggle) that software will come together on the day. I've been hoping they'd
die off and be replaced by new enlightened ones. I have a horrible feeling
that this is not happening ...
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Steve Tockey
Sent: Tuesday, May 5, 2015 7:09 AM
To: Andy Ashworth
Cc: The System Safety List
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]
There are three possible angles of attack:
*) Trust/certify the developers
*) Trust/certify the process
*) Trust/certify the product
While I personally would vote for a combination of all three-particularly in
safety- and mission-critical projects-one thing DO-178C/ED-12C does have
going for it is that it is a pretty good way (although definitely not
perfect) of trusting/certifying the process. I trust DO-178C/ED-12C much
more than the FDA's requirements on medical device software.
From: Andy Ashworth <andy at the-ashworths.org>
Date: Monday, May 4, 2015 2:02 PM
To: Steve Tockey <Steve.Tockey at construx.com>
Cc: Mike Ellims <michael.ellims at tesco.net>, "M.Pont at SafeTTy.net"
<M.Pont at SafeTTy.net>, The System Safety List
<systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]
So safety critical software today is being developed by inexperienced
personnel with little or no relevant training... I guess on the positive
side, development costs are cheap :(
Sent from my iPhone
On May 4, 2015, at 16:59, Steve Tockey <Steve.Tockey at construx.com> wrote:
With the average age of developers being about 29 years old, maybe most
aren't old enough. And many have no formal software education so even a
discussion of such failures in a degree program would have little effect on
the target population.
From: Mike Ellims <michael.ellims at tesco.net>
Date: Monday, May 4, 2015 1:01 PM
To: 'Andy Ashworth' <andy at the-ashworths.org>, "M.Pont at SafeTTy.net"
<M.Pont at SafeTTy.net>
Cc: 'The System Safety List' <systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]
> With the established history of date/time roll-over issues, shouldn't any
date be viewed with suspicion during design safety analysis appropriate
defensive design measures put in place?
The question is why?
I know this issue is documented in at least one book.
Did any of the programmers/coder on this even know about previous examples?
From:systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Andy Ashworth
Sent: 04 May 2015 13:55
To: M.Pont at SafeTTy.net
Cc: The System Safety List
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]
Why wait until testing? With the established history of date/time roll-over
issues, shouldn't any date be viewed with suspicion during design safety
analysis appropriate defensive design measures put in place?
Andy
Sent from my iPhone
On May 4, 2015, at 08:49, Michael J. Pont <M.Pont at SafeTTy.net> wrote:
Matthew:
"On the other hand I don't think we should loose sight of the fact that the
Boeing 'bug' was found by running a long duration simulation, not by an
airliner falling out of the sky. So perhaps thanks is due to the Boeing
safety or software engineer(s) who insisted on a long run endurance test and
who might have actually learned something from history?"
OK - but maybe next time we can ask them to do this testing before the
aircraft goes into service .
Michael.
Michael J. Pont
SafeTTy Systems Ltd.
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
_____
<http://www.avast.com/> Image removed by sender. Avast logo
This email has been checked for viruses by Avast antivirus software.
www.avast.com <http://www.avast.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150505/003fa69d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150505/003fa69d/attachment-0001.jpg>
More information about the systemsafety
mailing list