From: Peter Bishop (pgb(at)adelard.com)
Date: Fri 16 Jul 2004 - 09:58:21 BST
On 15 Jul 2004 at 7:50, Peter B. Ladkin wrote: > [PBL] That's one catastrophic airplane-model > failure every 14 months. Happy with that? I wouldn't fly on an > airplane of which some example broke apart every 14 months. > > [PB] Surely the point of setting claim limits on an SRS > is that you need to use **several** **diverse** safety functions > to achieve a tolerable accident rate. > > Nobody is stopping you having several safety functions in the > aircraft to prevent the same accident(s). > > I don't think I was claiming that IEC 61508 *forces* one to build > inappropriate devices. But that is the argument your comment seems to > address. In that case - what is the issue you are worried about? the 61508 rules only put a reliability limit on one SRS but there is no limit on the number of different SRS So isn't the question: > that's one catastrophic airplane-model > failure every 14 months. Happy with that? based on a false premise that only one SRS is allowed? -- Peter Bishop Adelard LLP and Centre for Software Reliability, City University Drysdale Building, 10 Northampton Square, London, EC1V 0HB Tel: +44-20-7490-9467, Fax: +44-20-7490-9451 pgb(at)adelard.com, http://www.adelard.com/ pgb(at)csr.city.ac.uk, http://www.city.ac.uk/