[SystemSafety] A couple of anecdotes on requirements engineering

Olwen Morgan olwen at phaedsys.com
Wed Oct 17 11:51:01 CEST 2018


In the really bad cases, I've tried to leave them in line for a 
monumental kick in the @rse from regulators but even that can backfire 
if the regulator isn't up to snuff.

O


On 17/10/2018 10:38, paul_e.bennett at topmail.co.uk wrote:
> On 17/10/2018 at 10:20 AM, "Martyn Thomas" <martyn at thomas-associates.co.uk> wrote:
>> Olwen
>>
>> You might have more success if you pointed out
>>
>> a) that any competent adversary wanting to compromise the system
>> will
>> certainly try fuzzing, and
>>
>> b) that any safety-related control system that hasn't been assured
>> against such attacks is potentially illegal in the UK under HSWA
>> 1974
>> (2) and (3) [because risks haven't been reduced SFAIRP] and may (if
>> disruption could affect enough people) also violate the NIS
>> directive
>> (leading to a fine of up to 4% of global turnover even if no
>> disruption
>> ever occurs).
>>
>> c) that a fatality could lead to a prosecution for corporate
>> manslaughter and that now the directors know of the problem, they
>> could
>> go to jail if such a prosecution is brought successfully.
>>
>> If you really want to stir things up, copy your message to the
>> auditors
>> for consideration in their "continuing business" test, as that
>> puts them
>> on the hook too.
>>
>> Martyn
> Where is the LIKE button when you need it?
>
> All very pertinent points. Always leave them with something to think about
> when you walk away and distance yourself from them.
>
> Regards
>
> Paul E. Bennett IEng MIET
> Systems Engineer
> Lunar Mission One Ambassador


More information about the systemsafety mailing list