Actually, the trope is the second of four topics I wish to address I recently exchanged opinions with Michael Jackson on the use of mathematics and logic in software development (his main interest) and system safety engineering (mine). If I understand him right, Michael believes that a story must be told about how mathematics and…

This essay concerns the theory of safety requirements, how they may be defined. I am not concerned here with practical methods of determining them. The concepts here may act as a touchstone for evaluating practical methods of determining safety requirements. A hazard is defined in Leveson’s text Safeware (Section 9.3, page 177) as a system…

I thought up the following parable in order to show the value of particular sorts of formal completeness during hazard analysis (Hazan). Contemporary Hazan strikes me as a procedure or procedures in which clever, knowledgeable people sit down together, think about all the things which can go wrong and list them, and stop when they…

Hazard analysis (Hazan) is one of the necessary skills of a safety-critical systems engineer. In a post to the University of York Safety-Critical mailing list entitled software hazard analysis not useful?, Daniel Jackson proposed that, in my interpretation of what he says, as far as software development goes any hazard analysis may be performed “up…

Prof. John McDermid of the University of York asked me if I had documentation for the suggestion in my post on the Buizingen collision that the number of fatalities to trackside workers expected in installing ATP universally on rail tracks might be larger than the number of passenger lives expected to be saved by ATP.…

At 08.30 am MET (07.30 am UTC) on Monday, 15 February 2010, a commuter train and an intercity train collided in Buizingen, in the greater Brussels region. Initial reports mentioned a “head on” collision, but De Standaard reported (in Dutch) that one train ran into the side of another, presumably at a set of points.…

There are areas of technological safety which are almost all about people and behavior, for example road safety. Roads form a very open system; there are pedestrians, young children, old people, slow people, cyclists, animals, parked cars, broken-down cars, large users and so on. There are some technical things one can do to improve safety,…

–

The report on the RAF Nimrod accident in 2006 has recently come out and at least British safety engineers regard it as a major event. This is a milestone, and could be a watershed event, in system safety engineering in Britain. Put briefly, the report found that there have been various technical questions about the…

On 18 August I wrote an essay on eight themes in System Safety Engineering which addressed the use (or not) of so-called formal methods. On 28 August, Rod Chapman of Praxis HIS wrote a note to the University of York Safety-Critical Systems Mailing List which gave some figures for Praxis’s experience on a medium-large project…