ABSTRACT
Preventing incidents and accidents from recurring is a way of improving safety and reliability of safetycritical systems. When iterations of the development process can be rapid (as for instance for most web applications), the system can be easily modified and redeployed integrating behavioural changes that would prevent the same incident or accident from recurring. When the development process is more resource consuming by, for instance, the addition of certification phases and the need to abide by standards, the design and implementation of barriers (Hollnagel 2004) is considered. Previous research (Basnyat et al. 2007) proposes the specification and integration of barriers to existing systems in order to prevent undesired consequences. Such barriers are designed so that they can be considered as patches over an already existing and deployed system. These two aforementioned approaches are potentially complementary (typically, one would be preferred to the other depending on the severity of the failures or incidents that occurred), putting the system at the centre of the preoccupations of the developers.
