I was recently asked if there was any specific training or certification on the topic of Software Safety.
Sadly my answer is I don't think so. I've seen some training specific to DO-178B, some related to FDA device compliance, and an occasional course at the MISRA office in the UK.
Part of the problem is defining what exactly do we mean by "Software Safety", as it always depends on the context. My simple working definition is that I never have to tell a person to "just push the reset button" or "you must reboot to recover". Do you really want to push the reset button on your defibrillator?
It also always must be kept in mind that even if the software is safe, it is still part of a system as a whole. If the system as a whole is unsafe, then having perfect software will not make a safe system.
Michael Barr at Netrino does offer Critical Software Safeguards Course: Lint and MISRA-C, for the Embedded space.
Jack Ganssle also offers his How to Develop Better Firmware Faster, one day class, again for the Embedded Space.
Do you know of any courses that would be relevant? If someone put together such a course what should be in it?
Yes, there is: I've been giving in-house software safety trainings for the EN 50128 standard (aka IEC 62279, the railway derivate of IEC 61508, part 3) for the last few years, mainly in Europe but also in India and South-America.
ReplyDeleteI introduce the standard and how it works (how to read it if you have to fulfill it), cover the planning first, then the development life-cycle in overview, then the separate phases: The "design" branch of the V-model (requirements, architecture, design, implementation), then the testing branch, and finally modifications. All of this fits in one day but tightly.
So is software safe when it's developed according to the standard? Well, it's better than without it. But you're right, it's always the complete (in my case railway-) system that must be addressed - the "system under control". The railway standard EN 50126 (aka IEC 62278) defines safety as "freedom from unacceptable risk of harm". You can't assess risk of software. You also can't assess risk of an electronic control system. Risk in this sense is connected to the influence of system-functions (e.g. "open doors on platform side") on human life and health. Software plays an important role but the process of designing a safe control system starts much earlier and cannot be limited to that control system.
Years ago I attended training on safe coding practices in C. The course was given to the company that employed me at the time by Les Hatton. Mr. Hatton is the author of Safer-C (ISBN 0-07-707640-0) and many other papers & publications on the subject. You can check out his website at www.leshatton.org.
ReplyDeleteSoftware Safety classes in the US are offerred at MIT on occassion from Dr Leveson's STAMP-view (organizational drivers included), at U of Maryland for reliability-centric point of view, and at University of Southern California (USC) twice a yer from a Systems Safety Engineering view using the Joint Software Systems Safety Engineering Handbook (JSSSEHdbk)(both FAA and Military centric). Bastion offers an on-call class and is writing an Army handbook right now that will be their basis-of-course. Instructors at USC and Bastion worked on both versions of the Joint Handbook.
ReplyDelete(Interesting how you've configured your "comment as" insert, cyber issue?)