Software Factors in Safety Cases

Software Factors in Safety Cases Introduction to Software Factors Software programs are used in many applications from weapon control systems, communication equipment, and flight control systems to medical support machines, banking and car engine management systems. Computer systems are used to perform a variety of essential non-safety functions, safety related functions and even safety critical functions (‘safety critical’ is an accepted industry standard phrase to be used where the failure of the computer program can lead directly to a fatality). Any safety assessment work must consider any existing software, as a potentially equal source of risk when compared to the equipment and people involved. It is often the case that a specific software safety case is called for where a particular system contains a software intensive product. The Software Caused the Accident The title to this section is not strictly true, the failure of software is not directly hazardous, however hazards arise from inappropriate computer-based control of a system and/or the presentation of hazardously misleading decision support information. The very idea of software failure is almost a misnomer – software does what it has been told to do, it doesn’t wear out, fracture or breakdown in a sort of normal statistical distribution of failure likelihood. As far as the software is concerned it does exactly what has been asked of it, it hasn’t failed. As far as the system is concerned, the software can fail to provide the required capability, causing the system to fail. This is a failure to satisfy the system requirements, OK so software has been used as the tool, but the real failure has been in the writing (or coding) of the software, not in the software performance. Failures of computer systems arise from systematic causes – flaws in specification, flaws in design implementation or unanticipated use influences. By their nature, systematic flaws are not known in advance, every historic or future design action could be responsible for them, so it is very difficult to find and remove them.