Smart Quality Management Practice 3-2
Concept of SW Safety
Definition: Software safety is the state where there are adequate measures against risks to human life or body due to software malfunctions or inadequacies in safety functions (functions preventing risk occurrence through pre-hazard analysis, etc.), even when there is no intrusion from the outside (Source: Software Promotion Act, Chapter 1, Article 2).
Software safety consists of Safety Functions through Software and Safety Integrity of Software. Safety Functions identify and incorporate SW safety features based on hazard analysis, while Safety Integrity ensures that the SW safety features maintain the defined safety integrity level through additional safety activities.
Ways to Ensure SW Safety
[Safety through Software]
-Implement software safety features by applying a software development lifecycle centered on safety-related activities.
-Hazard Identification and Risk Assessment: Determine acceptable risk levels.
-Establish Risk Reduction Measures: Activities to identify safety requirements and plan safety activities based on integrity levels.
-Implement Risk Reduction Measures: Reduce risk to acceptable levels through safety design, safety implementation, and safety testing.
-Software Safety Evaluation: Assess if the risk has been adequately reduced.
[Safety of Software]
-Safety Plan: Safety activities, safety techniques tailoring.
-Hazard Identification and Safety Integrity Level Determination.
-Safety Requirements Analysis: Informal/semi-formal specifications, safety and requirements specification.
-Safety Design: Architecture patterns, safety mechanisms.
-Safety Implementation: Coding rules/metrics, code analysis techniques.
-Safety Testing.
-Safety Evaluation.
[Development Activities to Enhance Software Safety]
1. Requirements Definition and Analysis: Fully understand the use and environment, and accurately collect all relevant requirements while specially considering potential risks and safety.
2. Design Phase Safety Considerations: Minimize risk and establish contingency plans by selecting reliable architectures and design patterns.
3. Coding: Adhere to safe coding practices like rule-based coding, avoiding hard coding, and modularization.
4. Testing and Validation: Develop and execute special test cases for safety, including functional tests and boundary condition tests.
5. Security Review and Vulnerability Analysis: Identify and rectify potential security vulnerabilities, and use vulnerability scanning tools to find and resolve them.
6. Documentation and Traceability: Document and trace from requirements to design, implementation, testing, and review.
7. Monitoring and Maintenance: Monitor operations and detect and respond to new risks, and apply security updates and patches to minimize vulnerabilities.
8. Training and Awareness: Emphasize the importance of safety and provide education on security and safety to acquire safe development practices.
Lastly, it’s crucial to diligently conduct ongoing quality activities. Studies suggest that improving the quality of these activities can increase safety coverage up to 70%.