On Jun 2, 2009, at 10:50 PM, Martyn Thomas wrote:
> And when the approach taken by a standard is shown to be  
> fundamentally unscientific, a professional abandons that standard  
> and works on a new one.

Given my informal prompting of a number of professionals, I can only  
report a couple that I think are working on
new standards, neither of them an alternative to 61508 (one is,  
obviously, DO-178C). I would classify my colleagues'
views as follows: (a) the debate is pointless; 61508 is obviously  
broken and inadequate for the applications in which
I work; the 61508 committee participants apparent refuse to listen to  
or attempt seriously to answer any arguments which
tell them so, or to bring their work up to scratch in any acceptable  
manner; (b) <silence>.

The majority of those who are silent had previously expressed views  
such as those in (a), but had obviously tired of
repetition.

Amongst those people are software engineers, and researchers who work  
on software engineering issues, with
significant international reputations, who are the most cited or  
amongst the most cited in their fields; who have worked
on significant, very visible assessments of software and software- 
based systems; who have achieved the highest
honors available to those working primarily on the engineering of  
software. And then there's me, too.

Contrast this situation with Bill Black's optimistic if not  
enthusiastic clarification of how swimmingly the 61508 maintenance
action is progressing. Almost everyone almost agrees, differences  
should be reconciled soon with only minor problems
remaining, and suggestions for changes received were mostly editorial.

The first question that occurs to one is: are these groups of people  
living on the same planet?

Checking the internet addresses, the answer appears to be yes. How can  
this be?
One answer was volunteered by a colleague of mine, privately:
"Voyez M. xxxxxxxxx, qui pratique la politique de l'autruche"

So, let's assume a newcomer to this mailing list, an engineer who has  
worked a few years, or many years, on
safety-related systems with programmable-electronic components and who  
is looking here for some guidance.

Heshe reads Bill's encomium. What does heshe conclude? 61508's the  
thing for me and my company! We are
so much going to improve the quality of our products if we use this  
standard! Thank goodness all these people
have worked so hard on it for so long!

This engineer is thereby missing an important piece of information.  
This piece of information is: that a large majority
of prominent dependable-software experts who know anything about 61508  
at all think that 61508's implications for,
and guidance concerning, the software bits of those programmable  
electronic systems are, well, la politique de l'autruche.

Then our engineer might like to ponder another piece of information.  
None of the national committees nor the international
committee responsible for 61508, nor the committees responsible for  
its "maintenance" (currently 30% overdue, gee,
it's almost like a software project!) contain, as far as I know, even  
one prominent dependable-software expert with an
international reputation. Unlike, for example, the U.S. National  
Research Council's Committee on
Certifiably Dependable Software Systems, which contains, well, lots of  
them.

In other words, our engineer could, correctly, conclude that these  
61508 committees are attempting to regulate stuff that
they don't know anything about (along with some stuff that they do  
know something about). And they appear to
be screwing it up.  Which, our engineer might go on to think, might  
well be why this person Martyn Thomas, whoever
he is, is saying
> The standards-making process is broken.

But wait, thinks our engineer, not so fast. Maintenance requires  
soliciting comments from everyone and anyone, and
Bill Black reports
> A large number of comments were received mostly of an editorial  
> nature.

So, heshe thinks, there are these people such as Thomas and Ladkin  
grumping on mailing lists about 61508 who
can't even be bothered to send in their comments for consideration  
during the maintenance stage. They're
probably just poseurs who like to blabber.

But here heshe needs another piece of information. One prominent  
software engineer, who has accumulated a certain
number of honors for his services to software engineering, spent some  
time and effort fitting his critical comments and
suggestions for improvement into the extremely restrictive format  
required by "official" IEC commentary procedures,
and then had his entire set of comments rejected *without  
explanation*. In other words, he tried hard and his stuff
was just thrown out, out of hand. I've got a copy.

In other words, there is good evidence that the maintenance committee  
just listens to the stuff it wants to listen to,
such as "comments...of an editorial nature" and throws out other  
stuff. Our engineer may be reminded here of two
concepts which occurred above: "politique", "autruche".

> Can anyone name a single, credible expert in software engineering  
> for safety-related systems who would be willing to go on record as  
> supporting IEC 61508?

(No, Martyn, no one can. But it's an unfair question - if somebody  
whom we thought of as a credible expert actually
went on record as supporting it, heshe would thereby lose that  
credibility.)

So what's going to happen? Rolf complains that no one joined in from  
certain critical industries in 1989-1997, but I
doubt he, or anyone else, can explain why the people such as Martyn  
and myself who have been discussing the
strengths and weaknesses of 61508 in detail on this list and elsewhere  
for the better part of a decade were ignored
during the recent maintenance action. Where is that going to lead?  
Nonsense about software - not only that, but the
same old nonsense - for another ten years, and then the head-in-the- 
sand bit all over again? What, really, will be
the outcome of all this?

PBL

Peter Bernard Ladkin, Professor for Computer Networks and Distributed  
Systems,
University of Bielefeld, 33594 Bielefeld, Germany
www.rvs.uni-bielefeld.de +49 521 880 73 19






[The content of this part has been removed by the mailing list software]