Abstract: An effective standard for safety critical software systems is one that should help both developers and assessors of such systems. For developers it should be clear what is required in order to conform to the standard, while for assessors it should be possible to determine objectively compliance to the standard. The existing set of standards do not pass this basic quality test. We prov...

Two complementary standards are compared, both of which are concerned with the production of quality software. One, IEC 61508, is concerned with the safety of software intensive systems and the other, ISO/IEC TR 15504, takes a process view of software capability assessment. The standards are independent, though both standards build on ISO/IEC 12207. The paper proposes a correspondence between t...

In this article we would like to present some recent applications of the B formal method to the development of safety critical systems, namely platform screen door controllers. These SIL3/SIL4 compliant systems have their functional specification based on a formal model. This model has been proved, guaranteeing a correct by construction behaviour of the system in absence of failure of its compo...

Risk is a broadranging and multidimensional topic, including both management risks and technical risks. Management risks for COTS are well known, such as loss of market control, rapid obsolescence, and the shift from a buyer’s market to a seller’s market. Technical risk factors are less well understood. These factors include interoperability and performance issues as well as safety. This paper ...

The international standard for functional safety of systems involving programmable-electronic components, IEC 61508, has been valid since the late 1990's, and Version 2 has just become valid [IEC10]. The scope of the standard is, generally, everything except avionics and medical equipment. It is based on the approach, novel at that time, of quantifying and reducing risk until it is acceptable, ...

The development of safety cases has become common practice in many safety critical system domains. Safety cases are costly since they need a significant amount of time and efforts to be produced. Moreover, safety critical systems are expected to operate for a long period of time and constantly subject to changes during both development and operational phases. Hence, safety cases are built as li...