Safety critical software

September 2019

Mark McIlroy


My suggestions for the testing of safety critical software



1. Testing should be done by a separate organisation to the organisation that develops the software. The two organisations should be completely separate.

2. The testing organisation should have access to the program source code of the system including all sub-sections.


- Testing cannot fix a system that was written poorly however it is an additional essential step


3. All the code should be printed out and read by a team of reviewers.


4. The system developers should be as qualified and experienced as possible.


5. The system should follow simple steps and not try to be too clever, i.e don't overdo automatic compensating approaches




B)

Users of the system should be properly trained

Near-misses that occur in actual use should be reported and the relevent system corrected urgently

Feedback from users of the system should be respected and acted on