Réf. : RE: [sc] ISO DIS 26262



Réf. : RE: [sc] ISO DIS 26262

From: Bertrand RICQUE <bertrand.ricque_at_xxxxxx>
Date: Wed, 30 Sep 2009 10:47:22 +0200
Message-ID: <OFDFB19DFC.82EB8FBC-ONC1257641.002EF5E7-C1257641.002FB3B6@xxxxxx>
From my conversations with the french car makers on exactly the same 
issue, I derived that there were 2 independant issues :

It is out of question (or as a minima must be reduced as much as possible) 
to have officially declared safety systems in a care. The driver must have 
assistances only. So that in case of an accident, it will be the drivers 
fault, not a safety system design issue. This is a responsibility vs legal 
issue. I wonder, from this point of view if the busses and the cars are 
the same. You drive your car, your safety is your problem. You pay to be 
in a bus (or in a plane), your safety is the bus (plane) 
operator's/manufacturer problem.
The IEC 61508 concepts (specially the architectural constraints) apply 
poorly to cars. (IEC61508 talebans would say that it is the fault of the 
cars (should have 8 tires, 2 steering wheels, etc...)).
 In my opinion, the automotive industry has derived the standard according 
to its (cynical) needs as any industrial company and it is a good thing 
that they have a common reference. Then it is a technico-social issue to 
improve it if it is unsufficent.

Bertrand Ricque
Chef de Programme
SAGEM Défense Sécurité
178, rue de Paris
91344 MASSY
Tel +33 1 69 19 87 42
Mob : +33 6 87 47 84 64
Fax +33 1 69 19 66 48
Email bertrand.ricque@xxxxxx




<Simon.Schilling@xxxxxx>

Envoyé par : safety-critical-request@xxxxxx
30/09/2009 10:26
Veuillez répondre à safety-critical
Remis le : 30/09/2009 10:32

 
        Pour :  <safety-critical@xxxxxx>
        cc :    (ccc : Bertrand RICQUE/DRD/SAGEM)
        Objet : RE: [sc] ISO DIS 26262


Dear Prof. Ladkin,

I followed your "[*]" and read it.
I sure agree partly with the difficulties you mention.

But you say "there is no way I
known of figuring the socially acceptable rate of hurting someone if 
your steering fails."

I fail to see the difference to e.g. the aerospace or nuclear industry.
(Replace "steering fails" with " some function fails")

Are not all the "accepted rates" derived from something like 
a) "how often did it (or something comparable) happen before --> let's use 
this number as a starting point and refine it" 
or
b) "how big is the risk to die / be hurt from anything --> using new 
technologies shall not increase this risk significantly"?

Of course, hazard analysis using assumptions on what is "hazardous" 
(similar to aerospace or nuclear industry, I believe) are required by ISO 
26262.

Furthermore, I believe ISO 26262 does have limits for random HW failures.

Maybe I misunderstood you. Maybe you can explain in more detail?

Viele Gruesse, Simon Schilling


> -----Original Message-----
> From: safety-critical-request@xxxxxx [mailto:safety-critical-
> request@xxxxxx] On Behalf Of Prof. Dr. Peter Bernard Ladkin
> Sent: Wednesday, September 30, 2009 9:41 AM
> To: Safecrit
> Subject: [sc] ISO DIS 26262
> 
> [...]
> 
> PBL
> 


-- 
BMW Group
Simon Schilling
80788 München
--------------------------------------------------------
Bayerische Motoren Werke Aktiengesellschaft
Vorstand: Norbert Reithofer, Vorsitzender,
Frank-Peter Arndt, Herbert Diess, Klaus Draeger, Friedrich Eichiner, 
Michael Ganal, Harald Krüger, Ian Robertson
Vorsitzender des Aufsichtsrats: Joachim Milberg
Sitz und Registergericht: München HRB 42243
--------------------------------------------------------








" Ce courriel et les documents qui y sont attaches peuvent contenir des informations confidentielles. Si vous n'etes  pas le destinataire escompte, merci d'en informer l'expediteur immediatement et de detruire ce courriel  ainsi que tous les documents attaches de votre systeme informatique. Toute divulgation, distribution ou copie du present courriel et des documents attaches sans autorisation prealable de son emetteur est interdite." 

" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. Any unauthorised disclosure, distribution or copying hereof is prohibited."
[The content of this part has been removed by the mailing list software]
Received on Wed 30 Sep 2009 - 09:47:22 BST