- 
Fukushima, the Tsunami Hazard, and Engineering PracticeThe conclusion first, as well as at the end. For safety-critical infrastructure, there should be required a continuously-maintained, public safety case. Members of the public may at any time look it up. A wise government will make provision for commentary and rework where necessary. I am well aware that this sets the importance of a… 
- 
On A Misleading Trope in System Safety EngineeringActually, the trope is the second of four topics I wish to address I recently exchanged opinions with Michael Jackson on the use of mathematics and logic in software development (his main interest) and system safety engineering (mine). If I understand him right, Michael believes that a story must be told about how mathematics and… 
- 
Formal Definition of the Notion of Safety RequirementThis essay concerns the theory of safety requirements, how they may be defined. I am not concerned here with practical methods of determining them. The concepts here may act as a touchstone for evaluating practical methods of determining safety requirements. A hazard is defined in Leveson’s text Safeware (Section 9.3, page 177) as a system… 
- 
The Parable of the Exploding ApplesI thought up the following parable in order to show the value of particular sorts of formal completeness during hazard analysis (Hazan). Contemporary Hazan strikes me as a procedure or procedures in which clever, knowledgeable people sit down together, think about all the things which can go wrong and list them, and stop when they… 
- 
Progress in Hazard AnalysisHazard analysis (Hazan) is one of the necessary skills of a safety-critical systems engineer. In a post to the University of York Safety-Critical mailing list entitled software hazard analysis not useful?, Daniel Jackson proposed that, in my interpretation of what he says, as far as software development goes any hazard analysis may be performed “up… 
- 
Passenger Lives Saved by Rail ATP versus Installation Risk to EmployeesProf. John McDermid of the University of York asked me if I had documentation for the suggestion in my post on the Buizingen collision that the number of fatalities to trackside workers expected in installing ATP universally on rail tracks might be larger than the number of passenger lives expected to be saved by ATP.… 
- 
Monday’s Train Collision between Buizingen and Halle, near Brussels, BelgiumAt 08.30 am MET (07.30 am UTC) on Monday, 15 February 2010, a commuter train and an intercity train collided in Buizingen, in the greater Brussels region. Initial reports mentioned a “head on” collision, but De Standaard reported (in Dutch) that one train ran into the side of another, presumably at a set of points.… 
- 
Thoughts on the Luge Crash in VancouverThere are areas of technological safety which are almost all about people and behavior, for example road safety. Roads form a very open system; there are pedestrians, young children, old people, slow people, cyclists, animals, parked cars, broken-down cars, large users and so on. There are some technical things one can do to improve safety,… 
- 
The SIL of the Valve on the Shelf– 
- 
A Watershed in System Safety Engineering?The report on the RAF Nimrod accident in 2006 has recently come out and at least British safety engineers regard it as a major event. This is a milestone, and could be a watershed event, in system safety engineering in Britain. Put briefly, the report found that there have been various technical questions about the…