Safeware - System Safety and Computers

Submit a book suggestion
Submit a review

This book presents the state of the art of designing safety-significant electromechanical systems with an emphasis on computer software. Although the book was targeted to safety-critical system designers, it is highly relevant for any development organization trying to improve product quality. Part one discusses the general problem of risk. Parts two and three introduce basic system safety concepts and lay a foundation for defining and modeling risks, hazards, accidents, and errors. Included in Chapter 9 is a rigorous definition of terminology to help avoid ambiguities in risk management discussions -- for example, the differences between failures, faults, defects, and errors. Part four presents the elements of a safety-conscious software development process. Though tucked away in the Appendixes, detailed examinations of real accident cases are the real heart of the book -- they are referred to constantly throughout the book and give the discussion a real-world pragmatism.

Table of Contents:

Part One: The Nature of Risk

1. Risk in Modern Society
2. Computers and Risk
3. A Hierarchical View of Accidents
4. Root Causes of Accidents
5. Human Error and Risk
6. The Role of Humans in Automated Systems

Part Two: Introduction To System Safety

7. Foundations of System Safety
8. Fundamentals of System Safety

Part Three: Definitions and Models

9. Terminology
10. Accident and Human Error Models

Part Four: Elements of a Safeware Program

11. Managing Safety
12. The System and Software Safety Process
13. Hazard Analysis
14. Hazard Analysis Models and Techniques
15. Software Hazard and Requirements Analysis
16. Designing for Safety
17. Design of the Human-Machine Interface
18. Verification of Safety

Epilogue: The Way Forward

Appendix A. Medical Devices: The Therac-25 Story

Appendix B. Aerospace: Apollo 13, The DC-10, and Challenger

Appendix C. The Chemical Industry: Seveso, Flixborough, Bhopal

Appendix D. Nuclear Power: Windscale, Three Mile Island, and Chernobyl

The four appendixes present detailed examination of accidents that were caused by technology failure. Included are the "classics" such as the Challenger accident, Bhopal, and the Therac-25 story. Therac-25 is required reading for anyone involved in medical device software development. If anyone involved in safety-critical software applications has not thought too much about development process improvement, these accident stories will likely supply the necessary motivation.

One of the best-kept secrets of software development is that there exists a wealth of development process tools and techniques that dramatically increase the quality of a software product. They have been in use for years in regulated software development such as medical systems. And one of the enduring myths of software quality is that only "safety-significant" application developers can afford to apply this level of development process to their products. To help explode this myth, those not involved in safety-critical software development can just substitute such accident descriptions as "fire", "explosion", "burns", or "cardiac arrest" with terms relevant to their own software application, such as "lose the customer's money", "lose the bank's money", "lose the customer's file", or "lose the sale". With this mindset, a study of the hazard analysis techniques will show them to be systematic extensions to good requirements management that can be applied equally well to hazards that hurt people and hazards that hurt product quality, fitness for use, and margins. Strip away the drama of accidents involving death and injury and you'll find that this book is a treasure chest of process techniques that can be economically applied to any software product development to reduce defects and improve quality.

Contributed by Warren Craycroft, ProjectConnections staff