Framing analysis of software failure with safety cases

Failures of digital systems arise from design faults that are introduced during system development or maintenance, and the complexity and tight coupling of these systems can lead to accidents involving interactions of multiple failed components. These factors complicate the analysis of digital system failures, particularly with respect to framing an analysis and issuing recommendations that are relevant and practicable. We present a systematic approach to the analysis of digital system failures based upon the concept of safety cases. Failures of safety-related digital systems typically indicate the presence of fallacies in their underlying safety arguments. Using our approach, investigators elicit evidence from a failure to discover fallacies in the safety argument that might have contributed to the failure and then develop recommendations for addressing the fallacies they discover, producing a revised safety argument. Our approach assists investigators in framing an analysis by determining what evidence should be elicited, and it ensures that investigators’ recommendations address the problems that they identify. We report our results from applying the approach to a sequence of accidents involving a low-altitude warning system and compare them to the results of the official investigations. We then contrast the features of our approach with those of other methods.