Planning the Unplanned Experiment: Assessing the Efficacy of Standards for Safety Critical Software

Safe use of software in safety-critical applications requires well-founded means of determining whether software is fit for such use. While software in industries such as aviation has a good safety record, little is known about whether standards for software in safety-critical applications 'work' (or even what that means). It is often (implicitly) argued that software is fit for safety-critical use because it conforms to an appropriate standard. Without knowing whether a standard works, such reliance is an experiment; without carefully collecting assessment data, that experiment is unplanned. To help plan the experiment, we organized a workshop to develop practical ideas for assessing software safety standards. In this paper, we relate and elaborate on the workshop discussion, which revealed subtle but important study design considerations and practical barriers to collecting appropriate historical data and recruiting appropriate experimental subjects. We discuss assessing standards as written and as applied, several candidate definitions for what it means for a standard to 'work,' and key assessment strategies and study techniques and the pros and cons of each. Finally, we conclude with thoughts about the kinds of research that will be required and how academia, industry, and regulators might collaborate to overcome the noted barriers.

[1]  Shari Lawrence Pfleeger,et al.  Evaluating software engineering standards , 1994, Computer.

[2]  Stefania Gnesi,et al.  An Approach to Ambiguity Analysis in Safety-Related Standards , 2010, 2010 Seventh International Conference on the Quality of Information and Communications Technology.

[3]  Andrew Rae,et al.  Formalism of Requirements for Safety-Critical Software: Where Does the Benefit Come From? , 2014, ArXiv.

[4]  Rob Ashmore The Utility and Practicality of Quantifying Software Reliability , 2014, ArXiv.

[5]  John C. Knight,et al.  An improved inspection technique , 1993, CACM.

[6]  J. Reason Human error: models and management , 2000, BMJ : British Medical Journal.

[7]  Tim Kelly,et al.  Using argumentation to evaluate software assurance standards , 2013, Inf. Softw. Technol..

[8]  C. Michael Holloway Making the Implicit Explicit: Towards an Assurance Case for DO-178C , 2013 .

[9]  A. J. Rae,et al.  Acceptable Residual Risk - Principles, Philosophies and Practicalities , 2007 .

[10]  Iain Bate,et al.  Realistic Safety Cases for the Timing of Systems , 2014, Comput. J..

[11]  Kelly J. Hayhurst Framework for Small-Scale Experiments in Software Engineering Guidance and Control Software Project: Software Engineering Case Study , 1998 .

[12]  John A. McDermid,et al.  How did systems get so safe without adequate analysis methods , 2014 .

[13]  Leon Moonen,et al.  Assessing the value of coding standards: An empirical study , 2008, 2008 IEEE International Conference on Software Maintenance.

[14]  Lorenzo Strigini,et al.  Software Fault-Freeness and Reliability Predictions , 2013, SAFECOMP.

[15]  J Hayhurst Kelly,et al.  A Practical Tutorial on Modified Condition/Decision Coverage , 2001 .

[16]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[17]  Richard Hawkins,et al.  Arguing Conformance , 2012, IEEE Software.

[18]  Matthew John Squair,et al.  Issues in the application of software safety standards , 2006 .

[19]  Martyn Thomas,et al.  Software for Dependable Systems: Sufficient Evidence? , 2007 .

[20]  John A. McDermid Nothing is Certain but Doubt and Tests , 2014, ArXiv.

[21]  John Knight Safety Standards - a New Approach , 2014 .

[22]  Norman E. Fenton,et al.  A Strategy for Improving Safety Related Software Engineering Standards , 1998, IEEE Trans. Software Eng..

[23]  Robyn R. Lutz,et al.  Analyzing software requirements errors in safety-critical, embedded systems , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[24]  John C. Knight,et al.  A Taxonomy of Fallacies in System Safety Arguments , 2006 .

[25]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[26]  Thank You,et al.  Spurious Correlations , 2015, Science.

[27]  Dewi Daniels The Efficacy of DO-178B , 2014, ArXiv.

[28]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[29]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[30]  Donald MacKenzie,et al.  Mechanizing Proof: Computing, Risk, and Trust , 2001 .

[31]  Mario Fusani,et al.  On the efficacy of safety-related software standards , 2014, ArXiv.

[32]  Aircraft Ships space travel Vehicles Metro-North Railroad , 2010 .

[33]  Bev Littlewood,et al.  Evaluating the Assessment of Software Fault-Freeness , 2014, ArXiv.

[34]  T. Kuhn,et al.  The Structure of Scientific Revolutions. , 1964 .