1. A safety culture —
2. Experts —
3. Processes —
4. Explicit claims —
5. System failures —
6. Validation —
7. COTS and SOUP —
8. Certified components and their vendors —
9. Auditors —
10. It doesn’t end with the product release —
Conclusion
[+]
1. A safety culture
Without a company-wide safety culture, it is unlikely that a safe software product can be built. A safety-culture is not only a culture in which engineers are permitted to raise questions related to ...
2. Experts
Safety requires professionals. It takes specialized training and experience to define what a safe system must do and to verify that it meets its safety requirements. Safe systems must be simple. And creating a simple system is the hardest ...
3. Processes
It is no accident that standards such as IEC 62304 are about processes. Without good processes we will never be able to demonstrate that a system meets its safety requirements. Good processes are a measurable proxy for ...
4. Explicit claims
Safety claims must explicitly state dependability levels, and the limits within which these levels are claimed. The FDA states the case very well: &lqt;indirect process data showing that design and production practices are sound” is not adequate to demonstrate ...
5. System failures
No system is immune to bugs, especially Heisenbugs —mysterious bugs that “appear”, then “disappear” when we look for them. Failures will occur: build a system that will recover or move to its design safe state. EN 50128, for instance, explicitly states ...
Testing is insufficient to prove dependability. Other methods are required: formal design, statistical analysis, retrospective design validation, etc. Testing can indirectly detect faults in the design or implementation by uncovering the ...
7. COTS and SOUP
It is permissible to use COTS, and even SOUP, if these components come with sufficient evidence to support the overall system’s safety case. The best way to build a safe software system is usually not to build everything oneself ...
8. Certified components and their vendors
Components with safety certifications, such as an OS certified to IEC 61508, can speed development and validation, and facilitate approvals. If COTS is used, advantage can be gained by employing components that have received ...
9. Auditors
The auditors are our friends. Engage them early on. In the world of safe software development, certification auditors are our friends. They understand how we need to establish our processes to obtain the certifications, and they can help us structure ...
10. It doesn’t end with the product release
Our responsibility for a safe system does not end when the product is released. It continues until the last device and the last system are retired. The numbers below concern medical devices and are a little dated, but they are eloquent: updates
...
Conclusion
A product development culture in which safety is fundamental in no way guarantees that software will meet its dependability requirements, much less receive the indispensable certifications and pre-market approvals. However, a ...