PPRuNe Forums - View Single Post - TCAS philosophies
Thread: TCAS philosophies
View Single Post
Old 27th Sep 2007, 09:08
  #101 (permalink)  
PBL
 
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes on 0 Posts
alf,

Originally Posted by alf5071h
The safety certification should show that the probability of the collision scenario is sufficiently extreme to discount it; thence it meets an acceptable level of safety.
"Should" but rarely "does".

The quality of safety certification is a big issue. I have my problems with some of it (see my paper on the EUR-RVSM safety case). The big three issues concerning the U.S. and U.K. principals on certification of dependable-system SW are
* Explicit and accurate statements of dependability claims
* The provision of evidence sufficient to demonstrate those claims
* Transparency: public disclosure of the claims and evidence so that they can (one hopes) be checked through peer review

I just ran a panel session on this at SAFECOMP. It is a problem not just in aviation.

Let me add a bit of personal history for those who like gossip. Back in the days when I was a more assertive debater than the softie I have become , I got into a discussion on the Bluecoat list with an ex-MD avionics engineer name of Ray Hudson, who claimed he had seen enough in-flight evidence of the reliability of his systems to justify the usual 10^-9 claim. I said no, Ray, that is not possible and here are the scientific papers that show it definitively. He called me the usual non-pilot, non-avionics names as well as commented frequently on my ancestry; I said that whether or not he had evidence for his claims really didn't depend on how many legs my mother had. Result was that I was made a "participation offer" by Bill Bulfer that I couldn't accept, and departed.

Many years later, this theme has been the subject of a PhD dissertation at Cornell (John Downer) after I suggested it to Trevor Pinch; a main theme in the U.S. National Academy of Sciences Committee on Certifiably Dependable Software Systems recent report on just that; a major public concern of the U.K. principals in BSI oversight of IEC 61508 (the non-aviation international standard on functional safety of programmable electronic systems), and subject of concern in major non-aviation sectors (such as the automobile industry, which, in contrast to aviation, really does have kit that goes 10^9 operational hours - and sometimes more). As well as my panel at SAFECOMP. And Bluecoat appears moribund. Bad call by BB

PBL
Last edited by PBL; 27th Sep 2007 at 09:34. Reason: Adding some history
PBL is offline  
Reply