[trustable-software] A breakthrough (in my mind, at least)

Daniel Firth dan.firth at codethink.co.uk
Thu Sep 6 17:52:09 BST 2018


On 06/09/2018 11:52, Paul Sherwood wrote:
> Hi all
>
> Over recent weeks I've been struggling to understand how various 
> communities deal with safety (in general, not just software).
>
> Until last week I was finding occasional moments of insight (e.g. 
> "Aha, the IEC standards business model is a disgrace"), but mainly I 
> was getting drawn into the rabbit holes of 'safety argumentation', 
> 'safety manual', 'pre-certification', ''probabilistic risk assessment" 
> etc.
>
> This has been making me increasingly uncomfortable, since I personally 
> don't believe that the defacto approaches (including, sadly, the 
> MISRA/CERT C standard work, hence my cross-post to the study group 
> list) are widely fit-for-purpose in the world in which I find myself. 
> We're designing extremely complex systems, containing huge amounts of 
> software. Most of that software is and will continue to be produced by 
> people who will never follow the MISRA/CERT standards.
>
> And they certainly won't read ISO26262 or IEC 61508 (who in their 
> right mind would actually pay $3000 for that???)
>
> The elephant in the room for me is autonomous vehicles - no-one can 
> credibly claim that all of that software is going to behave 
> deterministically, let alone be safe and secure (in the real human 
> sense) if our best defence is what was mapped out by 
> embedded/electronics engineers decades ago.
>
> So in my heart of hearts I was beginning to think "eek... there's 
> **way** more work to do than i ever thought possible".
>
> And then, bingo. I came across Nancy Leveson. The work has been done! 
> Crisis averted! Nancy and her colleagues at MIT have been working for 
> decades on a systematic, defensible, grown up engineering approach to 
> safety [1]
>
> And security!
>
> And other emergent properties of complex systems.
>
> Happily, this work is freely available. So I don't have to pay for 
> unfit documents that will stay unfit because hardly anybody actually 
> reads them, and it's too hard to convince the rights holders that 
> their babies are ugly.
>
> So now the fun starts. I've asked colleagues to start working on FTPA 
> hazard analysis for autonomous vehicles. IIUC understand it, it won't 
> take very long :-)
>
> If you'd like to contribute please let me know.
>
> br
> Paul
>
>

Hi Paul

Can you elaborate on what exactly is the "breakthrough" here?

Br, Dan




More information about the trustable-software mailing list