[Linux-safety] ISO 26262 and Rational
Nicholas Mc Guire
der.herr at hofr.at
Tue Feb 6 09:38:48 CET 2018
Hi !
based on a current discussion on 26262 we found that the DIS stated
"A rationale shall be given that the selected combination of
methods complies with the corresponding requirement. If all highly
recommended methods listed for a particular ASIL are selected a rationale
needs not to be given."
while the final ISO then states as "rationale based on the methods listed in the table"
is nothing but table-driven safety in a maybe somewhat less obvious form.
"NOTE
A rationale based on the methods listed in the table is sufficient. However, this does
not imply a bias for or against methods not listed in the table."
which is a bit watered down variant of table-driven safety but
the problem is that safety is about encoding and tracing WHY X was done and
even if it is the most obvious of things to do a rational captures this WHY
and ONLY with this WHY documented can we say in retrospect that someone actually
knew what they were doing. Dropping the rational cuts this ability to detect
high-level organisational faults or competence mismatch in the process and
is a fundamental no-go for ANY reasonable safety process.
thx!
hofrat
More information about the Linux-safety
mailing list