RE: [sc] Could anybody advise .....

RE: [sc] Could anybody advise .....

From: Fry, Timothy <Timothy.Fry_at_xxxxxx>
Date: Sat, 7 Nov 2009 00:18:27 +1030
Message-ID: <E2B7811353668144907945E6748FD23A099114@xxxxxx>
Too much about tools, certification, standards and the hope of a quick fix for safety.....
Safety argument 101
Question?: What are the system functions?
Question?: What do we need to ensure does not happen?
Question?: What evidence do we have to show that what we don't want to happen won't happen?
Question?: How confident are we with the evidence above?


From: bill black [mailto:blackw@xxxxxx]
Sent: Fri 06/11/2009 22:37
To: safety-critical@xxxxxx
Subject: RE: [sc] Could anybody advise .....


I would agree with your general point however you need to consider what has
been certified.  I have recently seen certificates of compliance with IEC
61508 for final actuation devices that are based on mechanical and pneumatic
components.  The problem is that IEC 61508 does not include requirements for
mechanical and pneumatic components.  I would rather make my judgements on
such devices from experience of application in similar operational profiles
and physical environments.  

In my view you need to consider all the evidence available before you make a


Bill Black

-----Original Message-----
From: safety-critical-request@xxxxxx
[mailto:safety-critical-request@xxxxxx] On Behalf Of paul cleary
Sent: 06 November 2009 10:20
To: safety-critical@xxxxxx
Subject: RE: [sc] Could anybody advise .....

All, thankyou for your informative and robust debate.

Returning to the original question - Does anybody know where i can find a
comprehensive listing of ''preferred'' Tools accredited to 61508 to develop
RTOS/middleware in COTS, for use in the automotive industry.

I understand and concur that the certification these tools carry is no
assurance, however i think you will agree a Tool/Suite certified to
61508/CASS has to provide greater assurance of its correctness above similar
Tools which are uncertified.



> From: ladkin@xxxxxx
> To: safety-critical@xxxxxx
> Subject: Re: [sc] Could anybody advise .....
> Date: Fri, 6 Nov 2009 08:12:58 +0100
> On Nov 6, 2009, at 6:17 AM, <Thierry.Coq@xxxxxx> wrote:
> > From this discussion, we now may state that there is currently no
> > requirement within the published IEC 61508 standard for a quantitative
> > probabilistic assessment of software failure.
> I have no idea what that has to do with the current discussion.
> My view is, as you know, that quantitative requirements on kit imply
> quantitative
> requirements on the software used to control the behavior of that kit.
> Most of the colleagues with whom I correspond on technical matters
> think that that is
> obvious. I think it is obvious. I am aware that there are some people,
> like yourself,
> who wish to deny it.
> I provided an example intended to show people how software inherits
> quantitative
> reliability requirements from the quantitative requirements on the
> kit. The replies which
> did not like that example focused on peripheral features of the
> example, such
> as whether 61508 had jurisdiction, since it was an aviation example,
> and how one
> might negotiate with the regulators about approving the system, and
> not on the core
> point of how software inherits quantitative requirements. The URL is

> I have other things to do today than reopen this discussion. I leave
> it as an exercise to
> devise an example which doesn't have the peripheral features which
> distracted some
> respondents.
> Peter Bernard Ladkin, Professor for Computer Networks and Distributed
> Systems,
> University of Bielefeld, 33594 Bielefeld, Germany
> +49 521 880 73 19
Chat to your friends for free on selected mobiles

This email and any attachments contain information which is confidential and may be legally privileged.  
Unauthorised use and disclosure is prohibited.  
Receipt of this email and any attachments does not waive confidentiality or privilege.  
If you have received this email in error, please notify the sender promptly and delete it together with any attachments.  
The statements in this email and any attachments do not bind the sender unless expressly stated to do so.  
You should scan this email and attachments for viruses before opening them.

[The content of this part has been removed by the mailing list software]
Received on Fri 06 Nov 2009 - 13:48:40 GMT