Réf. : RE: [sc] ISO DIS 26262
Réf. : RE: [sc] ISO DIS 26262
From my conversations with the french car makers on exactly the same
issue, I derived that there were 2 independant issues :
It is out of question (or as a minima must be reduced as much as possible)
to have officially declared safety systems in a care. The driver must have
assistances only. So that in case of an accident, it will be the drivers
fault, not a safety system design issue. This is a responsibility vs legal
issue. I wonder, from this point of view if the busses and the cars are
the same. You drive your car, your safety is your problem. You pay to be
in a bus (or in a plane), your safety is the bus (plane)
The IEC 61508 concepts (specially the architectural constraints) apply
poorly to cars. (IEC61508 talebans would say that it is the fault of the
cars (should have 8 tires, 2 steering wheels, etc...)).
In my opinion, the automotive industry has derived the standard according
to its (cynical) needs as any industrial company and it is a good thing
that they have a common reference. Then it is a technico-social issue to
improve it if it is unsufficent.
Chef de Programme
SAGEM Défense Sécurité
178, rue de Paris
Tel +33 1 69 19 87 42
Mob : +33 6 87 47 84 64
Fax +33 1 69 19 66 48
Envoyé par : safety-critical-request@xxxxxx
Veuillez répondre à safety-critical
Remis le : 30/09/2009 10:32
Pour : <safety-critical@xxxxxx>
cc : (ccc : Bertrand RICQUE/DRD/SAGEM)
Objet : RE: [sc] ISO DIS 26262
Dear Prof. Ladkin,
I followed your "[*]" and read it.
I sure agree partly with the difficulties you mention.
But you say "there is no way I
known of figuring the socially acceptable rate of hurting someone if
your steering fails."
I fail to see the difference to e.g. the aerospace or nuclear industry.
(Replace "steering fails" with " some function fails")
Are not all the "accepted rates" derived from something like
a) "how often did it (or something comparable) happen before --> let's use
this number as a starting point and refine it"
b) "how big is the risk to die / be hurt from anything --> using new
technologies shall not increase this risk significantly"?
Of course, hazard analysis using assumptions on what is "hazardous"
(similar to aerospace or nuclear industry, I believe) are required by ISO
Furthermore, I believe ISO 26262 does have limits for random HW failures.
Maybe I misunderstood you. Maybe you can explain in more detail?
Viele Gruesse, Simon Schilling
> -----Original Message-----
> From: safety-critical-request@xxxxxx [mailto:safety-critical-
> request@xxxxxx] On Behalf Of Prof. Dr. Peter Bernard Ladkin
> Sent: Wednesday, September 30, 2009 9:41 AM
> To: Safecrit
> Subject: [sc] ISO DIS 26262
Bayerische Motoren Werke Aktiengesellschaft
Vorstand: Norbert Reithofer, Vorsitzender,
Frank-Peter Arndt, Herbert Diess, Klaus Draeger, Friedrich Eichiner,
Michael Ganal, Harald Krüger, Ian Robertson
Vorsitzender des Aufsichtsrats: Joachim Milberg
Sitz und Registergericht: München HRB 42243
" Ce courriel et les documents qui y sont attaches peuvent contenir des informations confidentielles. Si vous n'etes pas le destinataire escompte, merci d'en informer l'expediteur immediatement et de detruire ce courriel ainsi que tous les documents attaches de votre systeme informatique. Toute divulgation, distribution ou copie du present courriel et des documents attaches sans autorisation prealable de son emetteur est interdite."
" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. Any unauthorised disclosure, distribution or copying hereof is prohibited."
[The content of this part has been removed by the mailing list software]
Received on Wed 30 Sep 2009 - 09:47:22 BST