Liability for software in safety-critical mechatronic systems: An industrial questionnaire

There is very little research on how industry is dealing with the risk of legal liability when constructing safety-critical mechatronic systems that are also software intensive. In this paper we propose a case study approach with the goal to understand how liability concerns in this setting impact software development in industry. The approach takes into account that software development is embedded into a complex socio-technical context involving stakeholders from technical, managerial and legal backgrounds. We present first results of our case study from a questionnaire involving six companies that develop software-intensive, safety-critical systems in the vehicular and avionics domains. The results of the questionnaire shed light on current industrial practices and concerns. The results indicate that liability seems indeed a concern and that a more in-depth analysis of this topic would be desirable to better understand the strategies that are used by industry to address liability risks.

[1]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[2]  Capers Jones,et al.  Software Engineering Best Practices , 2009 .

[3]  D. Dillman Mail and internet surveys: The tailored design method, 2nd ed. , 2007 .

[4]  Shihong Huang,et al.  Proceedings of the 22nd Annual International Conference on Design of Communication: The Engineering of Quality Documentation, SIGDOC 2004, Memphis, Tennessee, USA, October 10-13, 2004 , 2004, SIGDOC.

[5]  Peter Mykytyn,et al.  Expert Systems: A Question of Liability? , 1990, MIS Q..

[6]  W. Marsden I and J , 2012 .

[7]  M. Hecht,et al.  The role of safety analyses in reducing products liability exposure in "smart" consumer products containing software and firmware , 2003, Annual Reliability and Maintainability Symposium, 2003..

[8]  Christopher J. Palermo Software engineering malpractice and its avoidance , 1992, [1992] Proceedings Third International Symposium on Software Reliability Engineering.

[9]  Daniel M. Germán,et al.  Lawful software engineering , 2010, FoSER '10.

[10]  John Leslie King,et al.  Legal Sufficiency of Testing Processes , 1996, SAFECOMP.

[11]  Allison Coleman,et al.  Professional Issues in Software Engineering , 1991 .

[12]  C. Mangano Risky business. , 2003, The Journal of thoracic and cardiovascular surgery.

[13]  F. Khosmood,et al.  Rethinking Software Process : the Key to Negligence Liability , 2001 .

[14]  Carey Heckman Two views on security software liability: Using the right legal tools , 2003, IEEE Security & Privacy Magazine.

[15]  Rance Cleaveland,et al.  Automatic Requirement Extraction from Test Cases , 2010, RV.

[16]  Rikard Land,et al.  Can you afford not to certify your control system , 2009 .

[17]  Cem Kaner Liability for defective content , 2004, SIGDOC '04.

[18]  Jeffrey M. Voas,et al.  A 'Crystal Ball' for Software Liability , 1997, Computer.

[19]  Frances E. Zollers,et al.  No More Soft Landings for Software: Liability for Defects in an Industry That Has Come of Age , 2005 .

[20]  Luke Anderson,et al.  Using Codes of Conduct to Resolve Legal Disputes , 2010, Computer.

[21]  Watts S. Humphrey,et al.  Software Product Liability , 1993 .

[22]  S Dowlatshahi The role of product safety and liability in concurrent engineering , 2001 .

[23]  Michael A. Cusumano,et al.  Who is liable for bugs and security flaws in software? , 2004, CACM.