[SystemSafety] [System Safety] FOSDEM talk by Paul Sherwood

Phil Koopman koopman.cmu at gmail.com
Tue Feb 11 23:23:16 CET 2025 

Paul,

Thanks for the thoughtful replies.

On 2/11/2025 7:43 AM, Paul Sherwood wrote:
> The current business model for standards is broken imo, and the lack 
> of general visibility discourages both adoption and improvement. 
I'm in agreement that there are serious issues with the world of 
standards, as others have pointed out (mentioned elsewhere so won't repeat).

One of the things I made sure of for UL 4600 is that it can be accessed 
without the steep paywall.
The original 1st edition voting draft is a free .pdf download. The 
latest version (3rd ed.) of the issued standard is free to browse in its 
entirety.  (Selected "Digital View". Hint: if it goes slow in your 
browser, go to the last page, have a coffee while it caches up into your 
browser, and then you can flip through pages with wild abandon without a 
delay.)
One decision I made when writing the original UL 4600 proposal to make 
it compatible with ISO 26262, IEC 61508, MIL-STD 882, and so on but not 
require that any of them be used if there is an alternate means to show 
that all the bases have been covered. You might find it a useful 
checklist to scrub against your proposal when it is ready for that type 
of analysis.  If there is something in there that you think is onerous, 
then the exercise is to go back to why it is there and understand why 
your approach covers the same issues some other way.   Launch page here: 
https://users.ece.cmu.edu/~koopman/ul4600/index.html

Elsewhere, indeed, I agree you never said standards were useless.  I 
make the additional point beyond your discussion that some (not all) AV 
companies have a public written statement making it clear that is their 
position. The private positions when you chat with engineers are more 
nuanced. Working engineers tend to see they have value, but they are in 
a hurry and the C-suite does not want to be held accountable for 
compliance. Some of what you say comes into play. But my understanding 
is that the situation extends to less complex microcontroller software 
that very clearly is completely suitable for ISO 26262 conformance as 
well. (Again, this depends on the company. Some of which aren't around 
any more after the big shakeouts of the last couple years.)  So the 
baby+bathwater issue to avoid is avoiding rejecting techniques where 
they are known to be viable and effective by using the excuse new 
techniques necessitated by new situations.  Again, I do not believe that 
you have advocated for that problematic approach, but it is something to 
keep in mind when one embarks on a new methodology.

Kind regards,
Phil

-- 
Prof. Phil Koopman   koopman at cmu.edu
(he/him)             https://users.ece.cmu.edu/~koopman/

More information about the systemsafety mailing list