Software Safety: Where's the Evidence?

McDermid, J.A.

    Standards for safety critical software usually either mandate or recommend development and assessment techniques which are deemed appropriate to reduce the risk of flaws in the software contributing to accidents. These recommendations are usually broken down into a number of 'levels' of rigour, with the highest levels being applied where the consequences of failure, or risk, are most severe. The paper discusses the extent to which it is possible to find evidence that there is a genuine variation in risk with level, i.e. that the principles in the standards are sound, and questions some of the assumptions underlying these standards. The paper then goes on to discuss the potential advantages of using product-based evidence to demonstrate safety of software, as opposed to relying on process prescription. It outlines current work on developing and applying 'evidence frameworks' as alternatives to the process-based approach, and identifies some of the challenges in gaining widespread acceptance of such approaches. Finally the paper discusses the ALARP principle, and what would be necessary to show that risks associated with safety-critical software have been reduced ALARP. The paper concludes that there are some fundamental difficulties with applying the ALARP principle to software, which neither the process nor evidence-based approaches to demonstrating software safety can readily resolve.
Cite as: McDermid, J.A. (2001). Software Safety: Where's the Evidence?. In Proc. Sixth Australian Workshop on Industrial Experience with Safety Critical Systems and Software (SCS 2001), Brisbane, Australia. CRPIT, 3. Lindsay, P., Ed. ACS. 1-6.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS