On software quality and engineering

Brad Hards bhards at bigpond.net.au
Sat Nov 2 09:55:27 EST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A concept that has been missed in all of this is that all things are designed 
to meet acceptable risk. The Pinto example is where they mis-defined what 
level of risk was acceptable.

Aircraft software is not designed to be bug free. It is designed to contribute 
less than an acceptable conponent of aircraft crashes. Typical sort of 
numbers are "1x10-9 per hour for safety critical items". You can't test to 
that sort of number, so you go with "process" approach.

However most of the software on an aircraft isn't safety critical (RTCA 
DO-178B level A). So you design to a lower level of reliability (eg. the 
intercom is probably level C, and the in flight entertainment systems is 
probably level E - so it doesn't have any software process requirements).

It is unrealistic to expect that complex systems will not fail. It only 
realistic that a system fails at (or below) an acceptable level. Normally the 
risks are defined in terms of probability of failure (or partial performance) 
and the consequences of failure (or partial performance). 

If the risk is low (not much chance of things going wrong, and it doesn't 
matter much if it does), then you don't apply as much rigour. If risk is high 
(either things have a good chance of failing, or the consequences of failure 
are serious), then you get people with appropriate qualifications, training 
and experience, and you set up a rigourous process environment.

Does really matter if your game crashes twice a week? Annoying - yes, 
important - no. 

In the defence aviation process, the engineers get used for the up-front 
definition of requirements (specification), the risk assessment (judgement of 
significance) and the design review part on significant designs. You don't 
need a design engineer to conduct a simple fastener substitution.

This might make a decent topic for November CLUG. Not sure if I'll be there at 
this stage, but I'm willing to present on this.

Brad

- -- 
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9wwZfW6pHgIdAuOMRAtI3AKCnwuzycBAo7liYY50kgJp0lPnS2ACgudGc
vtOmP5IwyVEVGqlmm7nIfNA=
=XzEm
-----END PGP SIGNATURE-----

More information about the linux mailing list