Re: [sc] Differences between IEC 61508 1st and 2nd editions

Re: [sc] Differences between IEC 61508 1st and 2nd editions

From: Nicholas Mc Guire <der.herr_at_xxxxxx>
Date: Thu, 17 Mar 2011 14:21:35 +0100
Message-ID: <20110317132135.GA1988@xxxxxx>
On Thu, 17 Mar 2011, David Crocker wrote:

> Can anyone point me to a summary of the main differences between  
> IEC-61508 editions 1 and 2, as they apply to software? I'd buy a copy of  
> the new edition, but as the cost is almost ?1000 I can't justify that  
> expenditure at present.

I'm referring here to 61508-1 through 4 Ed 2 CD 2009 - don't have a later 
copy - but as far as I know that copy is what was voted on - so no major 
changes should be in the final.

Much of the changes are really cleanup and more clarifying statements - much of
it in notes and partially split of some of the overloaded clauses. The,from my
understanding, most significant change is that the scope of the standard was 
changed and though only a small change in a subclause the potential impact is

IEC 61508-1 1998

Clause 1.2 j) 

 does not cover the precautions that may be necessary to prevent unauthorized
 persons damaging, and/or otherwise adversely affecting, the functional 
 safety of E/E/PE safety-related systems.

IEC 61508-1 2009 CD

Clause 1.2 l)
 requires malevolent and unauthorized actions to be considered during hazard 
 and risk analysis and provides informative guidance on the security required
 for the achievement of functional safety. 

this alone potentially ripples through the entire standard ! There are a few more places where the de-scoping of human factors and specifically malicious users/unauthorized users has been reverted.

and taking the (informative) Annex B in 61508-1 2009 CD which references IEC 15408 and IEC 17799 and a very far reaching interpretation of what would need to be done for security (notably without mapping measures in any way to SIL, more precisely there is no EAL/SIL mapping or the like (arguably not that sensible any way)) so it leaves a lot of question open with respect to what that really means in practice. Imagine an FMEA where you would try to consider the "malevolent and unauthorized" user at every step ?

 On the other hand there are interesting ways of looking at this in a very constructive way - i.e. the mapping of EAL 5 to DO 178 B (level not specified) that was done by Jim Alves-Foss, Bob Rinker and Carol Taylor, "Towards Common Criteria Certification for DO-178B, Compliant Airborne Software Systems1 Comparing Evaluation Assurance Level 5 (EAL5) to DO178", Center for Secure and Dependable Systems, University of Idaho.

Received on Thu 17 Mar 2011 - 13:21:39 GMT