On software quality and engineering
bhards at bigpond.net.au
Sat Nov 2 09:55:27 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
A concept that has been missed in all of this is that all things are designed
to meet acceptable risk. The Pinto example is where they mis-defined what
level of risk was acceptable.
Aircraft software is not designed to be bug free. It is designed to contribute
less than an acceptable conponent of aircraft crashes. Typical sort of
numbers are "1x10-9 per hour for safety critical items". You can't test to
that sort of number, so you go with "process" approach.
However most of the software on an aircraft isn't safety critical (RTCA
DO-178B level A). So you design to a lower level of reliability (eg. the
intercom is probably level C, and the in flight entertainment systems is
probably level E - so it doesn't have any software process requirements).
It is unrealistic to expect that complex systems will not fail. It only
realistic that a system fails at (or below) an acceptable level. Normally the
risks are defined in terms of probability of failure (or partial performance)
and the consequences of failure (or partial performance).
If the risk is low (not much chance of things going wrong, and it doesn't
matter much if it does), then you don't apply as much rigour. If risk is high
(either things have a good chance of failing, or the consequences of failure
are serious), then you get people with appropriate qualifications, training
and experience, and you set up a rigourous process environment.
Does really matter if your game crashes twice a week? Annoying - yes,
important - no.
In the defence aviation process, the engineers get used for the up-front
definition of requirements (specification), the risk assessment (judgement of
significance) and the design review part on significant designs. You don't
need a design engineer to conduct a simple fastener substitution.
This might make a decent topic for November CLUG. Not sure if I'll be there at
this stage, but I'm willing to present on this.
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the linux