SlideShare una empresa de Scribd logo

Software Safety: An Oxymoron? - VanQ 2007

K
Ken Wong

It is a well-known maxim that complexity is an essential property of software. In spite of that, software-implemented functionality has increased dramatically in almost all safety-critical sectors. This increasing reliance on software provides great challenges to traditional practice of system safety, which focuses on the management of system hazards in order to mitigate safety risk. Software safety has emerged as sub-discipline of system safety to help address these challenges. However, the marriage of software and system safety has been an uneasy one. This talk discusses some of the issues that arise when software meets safety. Why safety is a distinct property from quality, reliability and other ilities will be addressed. The impact of software on system safety will be discussed. Finally, the need for safety verification of software-intensive systems will be briefly touched upon.

Tecnología
1 de 35
Descargar para leer sin conexión
Software Safety: An Oxymoron? March 29, 2007 Ken Wong, Ph.D., Senior Systems Analyst McKesson Medical Imaging Group
Points to Ponder* A system can be correct and reliable and yet unsafe Software safety is not about bugs Program testing can be used to show the presence of bugs, but never to show their absence * We will return to these statements in the discussion
Outline Introduction to Software Safety Software: Meet System Safety System Safety: Meet Software Verifying Software Safety
Introduction to Software Safety
Software In the Real World Therac 25 accidents Ariane 5 Flight 501 explosion Titan 4 Centaur/Milstar failure TCAS collision near Uberlingen, Germany
Ariane 501
Ariane 501 Events Destruction of Ariane 501 on 4 June 1996 (from final report): nominal behaviour of the launcher up to H0 + 36 seconds; failure of the back-up Inertial Reference System (SRI) followed immediately by failure of the active SRI;
Building Dependable Software … lity Qua Safe Corr ectne ss ty Reli ab ility ity Se cu r
Safety is a Distinct Property Safety is a distinct part of the interlocking puzzle of how to build dependable software A system can be “correct” and “reliable” and yet unsafe! Improved software process alone does not mean a safer system Note: These can be a contentious claims even among safety engineers.
Safety is … avoiding mishaps!
Software: Meet System Safety
“Is it Safe”? Christian Szell: Is it safe? Babe: Yes, it's safe, it's very safe, it's so safe you wouldn't believe it. - Marathon Man 1976
System Safety “System Safety” is a systematic approach to safety primarily developed in the US for the aerospace and defense industries Spreading to other industries, e.g., health care Focus on managing system hazards E.g., FDA Quality System Regulation recommends “risk analysis” (A.K.A. hazard analysis)
System Safety Hazard ID Hazard Analysis Risk Assessment Hazard Mitigation Safety Verification
Hazard A hazard is the system’s potential contribution to a mishap E.g., brake failure, engine overheating Key is understanding the system environment
Hazards and Mishaps hazard causes hazard mishap System Environment
Ariane 501: SRI Bug? Uncaught exception from floating point conversion From high value of BH (Horizontal Bias) Programming 101! Conversion check deliberately removed for performance reasons SRI reused from Ariane 4 Check not required for Ariane 4 trajectory
Safety is a System Property SRI worked exactly as specified – for Ariane 4! Ariane 5 trajectory different from Ariane 4 SRI spec did NOT include Ariane 5 trajectory data SRI NOT tested with Ariane 5 trajectory data “Safety” cannot be understood without knowing the operational environment FDA “use-related” vs “device failure” hazards E.g., TCAS collision in Germany
When Software Met Safety … there was a definite risk in assuming that critical equipment such as the SRI had been validated by qualification on its own, or by previous use on Ariane 4. ARIANE 5 Flight 501 Failure Report
System Safety: Meet Software
In the beginning (or Europe) …* Mechanical systems with well understood designs Hazards caused by component failure from random hardware faults Mitigation through integrity and redundancy * Myth, but there is underlying truth in all good myths
Fault Tree Analysis Basic Event Steering Fails Intermediate Event OR Steering Assembly Fails Driver Error OR OR Steering Wheel Fails Drive Shaft Fails Steering Control Software Fails
Is Software Another Component? What is the probability that the steering control software fails? If software is just another component: 1. Software cannot wear out or breakdown like a mechanical component 2. Only “fault” is a programming bug 3. Assuming programmers do their job, failure rate should be zero* *Paraphrased from talk by a system safety engineer
Software Revealed Basic Event Steering Fails Intermediate Event OR Steering Assembly Fails Driver Error OR OR Steering Wheel Drive Shaft Fails Steering Control Software Fails
The Software Werewolf Of all the monsters that fill the nightmares of our folklore, none terrify more than werewolves, because they transform unexpectedly from the familiar into horrors … The familiar software project, at least as seen by the nontechnical manager, has something of this character … Frederick P. Brooks, Jr. from No Silver Bullet : Essence and Accidents of Software Engineering
Ariane 501: Safety in Numbers? In response to “fault”, the Primary SRI was deliberately shutdown Attempt made to switch to backup SRI Typical strategy in face of random failures However, BOTH SRIs shutdown! “Fault” due to same design in both SRIs Exception in non-essential component
Safety is an Emergent Property Software safety is not about “faults” Many potential “faults” but not all created equal – most have no impact on safety “Correct” behaviour can contribute to the hazard! Hazards can emerge from complex interactions between “correct” components
When Safety Met Software An underlying theme in the development of Ariane 5 is the bias towards the mitigation of random failure. Board wishes to point out that software is an expression of a highly detailed design and does not fail in the same sense as a mechanical system. ARIANE 5 Flight 501 Failure Report
Verifying Software Safety
Software and Safety Process Requirements Hazards Hazard ID, Analysis and Mitigation Design Safety Verification Verification Source Code
Limits of Testing Program testing can be used to show the presence of bugs, but never to show their absence E. Dijkstra in Structured Programming
Hazard-Driven Testing Focus on hazard – force it to occur Consider: Hazard risk (“risk-based testing”) Mishap scenarios Hazard causes identified during hazard analysis Problem reports/issues with safety implications See Jeffrey J. Joyce and Ken Wong, Hazard-driven Testing of Safety-Related Software
Summary and Conclusions Safety is a distinct property Safety is a system property Operational and development environment factors Safety is an emergent property Hazards can emerge from complex interactions between “correct” components
Safety and Software: Happy Together?
References* ARIANE 5 Flight 501 Failure Report by the Inquiry Board, Paris, July 1996 Frederick P. Brooks, Jr., No Silver Bullet : Essence and Accidents of Software Engineering, Computer Magazine, April 1987 Jeffrey J. Joyce and Ken Wong, Hazard-driven Testing of Safety-Related Software, 21st International System Safety Conference, Ottawa, Ontario, August 4-8, 2003 *All available on-line

Recomendados

Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety why, what, and how Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety why, what, and how bdemchak
 
Concepts in Software Safety
Concepts in Software SafetyConcepts in Software Safety
Concepts in Software Safetydalesanders
 
Software project failure in new zealand – what’s killing us and what we can d...
Software project failure in new zealand – what’s killing us and what we can d...Software project failure in new zealand – what’s killing us and what we can d...
Software project failure in new zealand – what’s killing us and what we can d...Edwin Dando
 
Practical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementPractical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementAlbert V. Condello III CSP CHMM
 
Software Disasters
Software DisastersSoftware Disasters
Software DisastersArno Huetter
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Basic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringBasic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringGlobal Risk Forum GRFDavos
 
Software Failure Air Traffic Control System
Software Failure Air Traffic Control SystemSoftware Failure Air Traffic Control System
Software Failure Air Traffic Control SystemShakeel Ahmed
 

Recomendados

Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety why, what, and how Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety why, what, and how bdemchak
 
Concepts in Software Safety
Concepts in Software SafetyConcepts in Software Safety
Concepts in Software Safetydalesanders
 
Software project failure in new zealand – what’s killing us and what we can d...
Software project failure in new zealand – what’s killing us and what we can d...Software project failure in new zealand – what’s killing us and what we can d...
Software project failure in new zealand – what’s killing us and what we can d...Edwin Dando
 
Practical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementPractical Application Of System Safety For Performance Improvement
Practical Application Of System Safety For Performance ImprovementAlbert V. Condello III CSP CHMM
 
Software Disasters
Software DisastersSoftware Disasters
Software DisastersArno Huetter
 
System safety
System safetySystem safety
System safetysommerville-videos
 
Basic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringBasic Safety Concepts in Nuclear Engineering
Basic Safety Concepts in Nuclear EngineeringGlobal Risk Forum GRFDavos
 
Software Failure Air Traffic Control System
Software Failure Air Traffic Control SystemSoftware Failure Air Traffic Control System
Software Failure Air Traffic Control SystemShakeel Ahmed
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Más contenido relacionado

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Software Safety: An Oxymoron? - VanQ 2007

  • 1. Software Safety: An Oxymoron? March 29, 2007 Ken Wong, Ph.D., Senior Systems Analyst McKesson Medical Imaging Group
  • 2. Points to Ponder* A system can be correct and reliable and yet unsafe Software safety is not about bugs Program testing can be used to show the presence of bugs, but never to show their absence * We will return to these statements in the discussion
  • 3. Outline Introduction to Software Safety Software: Meet System Safety System Safety: Meet Software Verifying Software Safety
  • 5. Software In the Real World Therac 25 accidents Ariane 5 Flight 501 explosion Titan 4 Centaur/Milstar failure TCAS collision near Uberlingen, Germany
  • 7. Ariane 501 Events Destruction of Ariane 501 on 4 June 1996 (from final report): nominal behaviour of the launcher up to H0 + 36 seconds; failure of the back-up Inertial Reference System (SRI) followed immediately by failure of the active SRI;
  • 8. Building Dependable Software … lity Qua Safe Corr ectne ss ty Reli ab ility ity Se cu r
  • 9. Safety is a Distinct Property Safety is a distinct part of the interlocking puzzle of how to build dependable software A system can be “correct” and “reliable” and yet unsafe! Improved software process alone does not mean a safer system Note: These can be a contentious claims even among safety engineers.
  • 12. “Is it Safe”? Christian Szell: Is it safe? Babe: Yes, it's safe, it's very safe, it's so safe you wouldn't believe it. - Marathon Man 1976
  • 13. System Safety “System Safety” is a systematic approach to safety primarily developed in the US for the aerospace and defense industries Spreading to other industries, e.g., health care Focus on managing system hazards E.g., FDA Quality System Regulation recommends “risk analysis” (A.K.A. hazard analysis)
  • 14. System Safety Hazard ID Hazard Analysis Risk Assessment Hazard Mitigation Safety Verification
  • 15. Hazard A hazard is the system’s potential contribution to a mishap E.g., brake failure, engine overheating Key is understanding the system environment
  • 16. Hazards and Mishaps hazard causes hazard mishap System Environment
  • 17. Ariane 501: SRI Bug? Uncaught exception from floating point conversion From high value of BH (Horizontal Bias) Programming 101! Conversion check deliberately removed for performance reasons SRI reused from Ariane 4 Check not required for Ariane 4 trajectory
  • 18. Safety is a System Property SRI worked exactly as specified – for Ariane 4! Ariane 5 trajectory different from Ariane 4 SRI spec did NOT include Ariane 5 trajectory data SRI NOT tested with Ariane 5 trajectory data “Safety” cannot be understood without knowing the operational environment FDA “use-related” vs “device failure” hazards E.g., TCAS collision in Germany
  • 19. When Software Met Safety … there was a definite risk in assuming that critical equipment such as the SRI had been validated by qualification on its own, or by previous use on Ariane 4. ARIANE 5 Flight 501 Failure Report
  • 21. In the beginning (or Europe) …* Mechanical systems with well understood designs Hazards caused by component failure from random hardware faults Mitigation through integrity and redundancy * Myth, but there is underlying truth in all good myths
  • 22. Fault Tree Analysis Basic Event Steering Fails Intermediate Event OR Steering Assembly Fails Driver Error OR OR Steering Wheel Fails Drive Shaft Fails Steering Control Software Fails
  • 23. Is Software Another Component? What is the probability that the steering control software fails? If software is just another component: 1. Software cannot wear out or breakdown like a mechanical component 2. Only “fault” is a programming bug 3. Assuming programmers do their job, failure rate should be zero* *Paraphrased from talk by a system safety engineer
  • 24. Software Revealed Basic Event Steering Fails Intermediate Event OR Steering Assembly Fails Driver Error OR OR Steering Wheel Drive Shaft Fails Steering Control Software Fails
  • 25. The Software Werewolf Of all the monsters that fill the nightmares of our folklore, none terrify more than werewolves, because they transform unexpectedly from the familiar into horrors … The familiar software project, at least as seen by the nontechnical manager, has something of this character … Frederick P. Brooks, Jr. from No Silver Bullet : Essence and Accidents of Software Engineering
  • 26. Ariane 501: Safety in Numbers? In response to “fault”, the Primary SRI was deliberately shutdown Attempt made to switch to backup SRI Typical strategy in face of random failures However, BOTH SRIs shutdown! “Fault” due to same design in both SRIs Exception in non-essential component
  • 27. Safety is an Emergent Property Software safety is not about “faults” Many potential “faults” but not all created equal – most have no impact on safety “Correct” behaviour can contribute to the hazard! Hazards can emerge from complex interactions between “correct” components
  • 28. When Safety Met Software An underlying theme in the development of Ariane 5 is the bias towards the mitigation of random failure. Board wishes to point out that software is an expression of a highly detailed design and does not fail in the same sense as a mechanical system. ARIANE 5 Flight 501 Failure Report
  • 30. Software and Safety Process Requirements Hazards Hazard ID, Analysis and Mitigation Design Safety Verification Verification Source Code
  • 31. Limits of Testing Program testing can be used to show the presence of bugs, but never to show their absence E. Dijkstra in Structured Programming
  • 32. Hazard-Driven Testing Focus on hazard – force it to occur Consider: Hazard risk (“risk-based testing”) Mishap scenarios Hazard causes identified during hazard analysis Problem reports/issues with safety implications See Jeffrey J. Joyce and Ken Wong, Hazard-driven Testing of Safety-Related Software
  • 33. Summary and Conclusions Safety is a distinct property Safety is a system property Operational and development environment factors Safety is an emergent property Hazards can emerge from complex interactions between “correct” components
  • 34. Safety and Software: Happy Together?
  • 35. References* ARIANE 5 Flight 501 Failure Report by the Inquiry Board, Paris, July 1996 Frederick P. Brooks, Jr., No Silver Bullet : Essence and Accidents of Software Engineering, Computer Magazine, April 1987 Jeffrey J. Joyce and Ken Wong, Hazard-driven Testing of Safety-Related Software, 21st International System Safety Conference, Ottawa, Ontario, August 4-8, 2003 *All available on-line