SlideShare uma empresa Scribd logo

An Alternative Approach to DO-178B

AdaCore
AdaCore

Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software

Tecnologia
1 de 21
Baixar para ler offline
Trusted to deliver excellence © 2016 Rolls-Royce plc and/or its subsidiaries The information in this document is the property of Rolls-Royce plc and/or its subsidiaries and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc and/or its subsidiaries. This information is given in good faith based upon the latest information available to Rolls-Royce plc and/or its subsidiaries, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc and/or its subsidiaries. An Alternative Approach to DO-178B Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software
What is DO-178? 2 • Guidance (or guidelines) for software in airborne systems • A standard?? • A set of objectives and activities to achieve them • A collection of best practices from the late 1970’s for safety critical software • A somewhat arbitrary relaxation of these practices by Design Assurance Level • A tried and trusted acceptable means of compliance for airborne software which has saved thousands of lives!
Why DO-178C? • Best practice has moved on from 1980 and often now includes:- - Model Based Development - Formal Methods - Object Oriented Design - Extensive support tooling (Static analysis, auto-code generation, simulation etc.) • Because of the success of DO-178B the terms of reference included minimal change to the core • So the concept of “Supplements” was developed with an idea that future supplements could be created without change to the core document 3
DO-178C – Rationale, Change and TearsTiers • A sub-group was created on DO-178C to try to recall the rationale behind the objectives but this never materialised • A proposal for a goal based or safety case approach to the DO-178 objectives • A proposal by the Formal Methods group to remove the testing “means” from the core document and to have a supplement for the traditional approach • A proposal (IP217) to abstract DO-178 into a process that iterated around multiple tiers of requirements/design until code emerged Note that this concept re-appeared in 2014 in a paper by Mike Dewalt called “Technology Independent Assurance Method or TIAM” 4
Perceived Problems (As presented by the FAA to GAMA in 2015) • Product based certification leads to multiple products being separately scrutinised • Prescriptive domain specific detailed objectives in standards such as DO-178C, DO-254 and ARP4754 preclude or make difficult alternative approaches • Separation of System, Software and Complex Hardware disciplines within the authorities and the applicants causes wasted effort • No need for four DAL levels, A is very close to B and C to D 5
What is GAMA? • The General Aviation Manufacturers Association • Founded in 1970 to “foster and advance the general welfare, safety, interests and activities of general aviation” • Worldwide committee based organisation with head quarters in Washington and Brussels • Scope includes general aviation aircraft (Part 23) and more recently rotorcraft (Part 29) 6
Why GAMA? 7
An example review of DO-178C from a “GA” perspective • Activities should not be there, standard should be objectives only • Process standards rather than product standards would be better • Have one set of objectives for all levels of requirements and design • Remove Parameter Data Item objectives • Remove structural coverage objectives • Remove data and control coupling objectives • Eliminate the requirement for traceability data • Remove configuration index documents • Have QA audit against company standards 8
What is Streamlining? • Harmonization – The FAA and EASA should employ harmonized approaches to certification • Move to process based audits where a company can be shown to have a good, mature process and that it is being re-used on a number of projects • Create some domain independent goals that all certifications must satisfy to allow alternative approaches with appropriate justification • Audit for systems, software and complex hardware in parallel • Look at revising the number of DALs to two 9
The FAA Initiative – Streamlining Workshop(s) • October 2015 FAA (Software CSTA Mike Dewalt) sent out work shop invites to a number of people with a structured distribution (Countries, industry sectors etc.) • First workshop (and the only one planned originally) was in December 2015 • The plan given by Mike Dewalt at the first meeting was to conclude on the number of DAL levels and a set of less than 10 “meta-objectives” by the close of the meeting and to take these to an open FAA conference in April 2016 • The idea was to issue an Advisory Circular in the autumn of 2016! 10
Mike Dewalt’s Vision 11
More FAA workshops…. • At the end of the December meeting it was decided that:- - No real advantage in reducing the number of DALs - We needed more time on meta-objectives • Another meeting was arranged for April 2016 • At the end of the April meeting:- - A plan for an FAA conference in September 2016 had been firmed up - It was decided that we needed another meeting on meta- objectives (and they probably weren’t really meta-objectives) • Another meeting was arranged for July 2016 12
Final FAA workshop • In July 2016 we held the last workshop which:- - Concluded with a set of three “Overarching Properties” - Prepared material to disseminate the information at the September conference • The “open” FAA conference was held in September 2016 with ~225 attendees (Workshop members, cert authorities and technical representatives from industry such as DERs) • The meeting conclusions were not clear, however general consensus that - The three OPs are logically correct - They are probably too abstract to be useful without additional information/training etc. - They do not help much in solving “variation” across FAA and EASA (in fact they may make it worse) 13
The European Initiative - RESSAC • The FAA initiative was international however it was decided that a separate European approach would be sensible • IRT St. Exupery in Toulouse launched a research project in early 2016 involving representatives from industries in Europe • The original proposal was a two year project to come up with - A set of “meta-objectives” (or Overarching Properties) - Criteria for how the evidence against these could be judged - A worked case study against these OPs 14
RESSAC and AeroSpace and Defence Industries Association of Europe (ASD) 15
Overarching Properties (aka Meta Objectives) 16 Desired System Behaviour Defined Intended Function Implementation Requirements Capture Development IntentNecessity Correctness
Progress • The FAA workshops have:- - Made a decision to continue with four DALs - Refined three Overarching Properties in a standardised form 17 Overarching Property Statement: Correctness: The implementation is correct with respect to its defined intended functions, under foreseeable operating conditions. Definitions: words / phrases in the Overarching Property description a. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Foreseeable operating conditions: External and internal conditions in which the system is used, encompassing all known normal and abnormal conditions. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation of the functions exists. c. The record of the foreseeable operating conditions exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. When tiers of decomposition are used, the means of showing correctness among the tiers and to the defined intended functions must be defined and conducted as defined. c. The implementation must be correct when functioning as part of the integrated system or in environment(s) representative of the integrated system. d. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. e. All artifacts required to establish the Overarching Property are under configuration management and change control. f. All design and manufacturing data to support consistent replication of the type design and instructions for continued airworthiness must be established. Assumptions: which need only be stated, not justified (if any) None. Overarching Property Statement: Intent: The defined intended functions are correct and complete with respect to the desired system behavior. Definitions: words / phrases in the Overarching Property description a. Desired system behavior: System needs and constraints expressed by the stakeholders. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Failure Condition(s): A condition having an effect on the aircraft and/or its occupants, either direct or consequential, which is caused or contributed to by one or more failures or errors, considering flight phase and relevant adverse operational or environmental conditions or external events. (From ARP 4754A) Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. Failure conditions are defined for the aircraft systems. c. Design Assurance Levels (DALs) are assigned using the failure condition classifications. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The defined intended functions must address the failure conditions. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. Stakeholders have the system knowledge to express the desired system behavior. b. Performing system safety assessments is not covered by these Overarching Properties. Overarching Property Statement: Necessity: All of the implementation is either required by the defined intended functions or is without unacceptable safety impact. Definitions: words / phrases in the Overarching Property description a. Unacceptable Safety Impact: An impact which compromises the system safety assessment. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation or a representation of the implementation exists. c. The system safety assessment exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The system safety assessment must address all of the implementation. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. For a TSOA appliance there may not be a complete system safety assessment for the final installation at the appliance level.
Next Steps • RESSAC will continue as a research project until mid 2018 and publish the deliverables at that point • FAA has decided to continue the workshops both virtually (as a telecom with collaboration on a web site) and as face to face workshops possibly US and Europe • The FAA has also re-defined the team working this to allow all members of RESSAC to be involved as well as a wider invite to GAMA / AIA / ASD and others • The aim for the FAA still seems to ultimately be an Advisory Circular • It is not yet clear what ASD and EASA might do with the RESSAC outputs 18
Summary • It is generally accepted that there is still work to do in harmonizing the certification authorities both internally and globally • It is felt that existing guidance for compliance to regulations in some circumstances can incur disproportionate effort AND could inhibit or even preclude innovative approaches in systems, software and complex electronics which could improve safety • There is broad agreement about three “Overarching Properties” to be met to comply with regulation BUT It is still a challenge to understand how these can be applied harmoniously! Key to this are clear criteria to judge the approaches and the evidence. 19
Timeline 20 1992 2000 2005 2010 2015 2020
Questions 21

Recomendados

Check interval escalation
Check interval escalationCheck interval escalation
Check interval escalationMohammed Hadi
 
Flight safety doc system
Flight safety doc systemFlight safety doc system
Flight safety doc systemS P Singh
 
Aircraft structure pp
Aircraft structure ppAircraft structure pp
Aircraft structure ppdarshakb
 
Engineering Ramp Operation - PX Marshalling Procedure 2015
Engineering Ramp Operation - PX Marshalling Procedure 2015Engineering Ramp Operation - PX Marshalling Procedure 2015
Engineering Ramp Operation - PX Marshalling Procedure 2015Andrew Louis
 
Aviation Audits
Aviation AuditsAviation Audits
Aviation AuditsSeda Eskiler
 
ATDA Commercial Transport Airframe Part 2.pdf
ATDA Commercial Transport Airframe Part 2.pdfATDA Commercial Transport Airframe Part 2.pdf
ATDA Commercial Transport Airframe Part 2.pdfGeoffrey Wardle. MSc. MSc. Snr.MAIAA
 
Bcas
BcasBcas
BcasFreelancer
 
Basicaircraftstructure 110325070203-phpapp02
Basicaircraftstructure 110325070203-phpapp02Basicaircraftstructure 110325070203-phpapp02
Basicaircraftstructure 110325070203-phpapp02Mohammad Abu Hayyeh
 

Recomendados

Check interval escalation
Check interval escalationCheck interval escalation
Check interval escalationMohammed Hadi
 
Flight safety doc system
Flight safety doc systemFlight safety doc system
Flight safety doc systemS P Singh
 
Aircraft structure pp
Aircraft structure ppAircraft structure pp
Aircraft structure ppdarshakb
 
Engineering Ramp Operation - PX Marshalling Procedure 2015
Engineering Ramp Operation - PX Marshalling Procedure 2015Engineering Ramp Operation - PX Marshalling Procedure 2015
Engineering Ramp Operation - PX Marshalling Procedure 2015Andrew Louis
 
Aviation Audits
Aviation AuditsAviation Audits
Aviation AuditsSeda Eskiler
 
ATDA Commercial Transport Airframe Part 2.pdf
ATDA Commercial Transport Airframe Part 2.pdfATDA Commercial Transport Airframe Part 2.pdf
ATDA Commercial Transport Airframe Part 2.pdfGeoffrey Wardle. MSc. MSc. Snr.MAIAA
 
Bcas
BcasBcas
BcasFreelancer
 
Basicaircraftstructure 110325070203-phpapp02
Basicaircraftstructure 110325070203-phpapp02Basicaircraftstructure 110325070203-phpapp02
Basicaircraftstructure 110325070203-phpapp02Mohammad Abu Hayyeh
 
AEP
AEPAEP
AEPSANJIV SONI
 
Annex 14 ppt cheng
Annex 14 ppt chengAnnex 14 ppt cheng
Annex 14 ppt chengAiDY
 
Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028Neil McDonnell
 
Atc unit 2
Atc unit 2Atc unit 2
Atc unit 2Dinesh Babu
 
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MROFAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MROAmnat Sk
 
Capítulo i derecho aeronáutico
Capítulo i derecho aeronáuticoCapítulo i derecho aeronáutico
Capítulo i derecho aeronáuticotoralesz
 
Aircraft Design Proposal 2016
Aircraft Design Proposal 2016Aircraft Design Proposal 2016
Aircraft Design Proposal 2016Francisco Davila
 
Aviation Audit
Aviation Audit Aviation Audit
Aviation AuditAbhishek Yelne
 
Risk managment in aviation environment
Risk managment in aviation environmentRisk managment in aviation environment
Risk managment in aviation environmentCristiane Freitas
 
Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)fitrah ilman
 
Aeródromos
AeródromosAeródromos
AeródromosLuciano Aceto
 
Airworthiness Review Certificate
Airworthiness Review CertificateAirworthiness Review Certificate
Airworthiness Review CertificateS P Singh
 
8973.6
8973.68973.6
8973.6antoikes
 
Learn how to Manage Aircraft Records
Learn how to Manage Aircraft RecordsLearn how to Manage Aircraft Records
Learn how to Manage Aircraft RecordsJeanette Erazo
 
Normativa Parte 1 con EDU
Normativa Parte 1 con EDUNormativa Parte 1 con EDU
Normativa Parte 1 con EDUDavid González Moreno
 
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...FAA Safety Team Central Florida
 
Factores humanos
Factores humanosFactores humanos
Factores humanosKleber Hurtado Castellanos
 
ATDA Commercial Transport Airframe Part 4.pdf
ATDA Commercial Transport Airframe Part 4.pdfATDA Commercial Transport Airframe Part 4.pdf
ATDA Commercial Transport Airframe Part 4.pdfGeoffrey Wardle. MSc. MSc. Snr.MAIAA
 
ATDA Commecial Transport Airframe Part 1.pdf
ATDA Commecial Transport Airframe Part 1.pdfATDA Commecial Transport Airframe Part 1.pdf
ATDA Commecial Transport Airframe Part 1.pdfGeoffrey Wardle. MSc. MSc. Snr.MAIAA
 
Human Factors Training in Aviation
Human Factors Training in AviationHuman Factors Training in Aviation
Human Factors Training in Aviationaviation-training
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 

Mais conteúdo relacionado

Mais procurados

Annex 14 ppt cheng
Annex 14 ppt chengAnnex 14 ppt cheng
Annex 14 ppt chengAiDY
 
Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028Neil McDonnell
 
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MROFAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MROAmnat Sk
 
Capítulo i derecho aeronáutico
Capítulo i derecho aeronáuticoCapítulo i derecho aeronáutico
Capítulo i derecho aeronáuticotoralesz
 
Aircraft Design Proposal 2016
Aircraft Design Proposal 2016Aircraft Design Proposal 2016
Aircraft Design Proposal 2016Francisco Davila
 
Risk managment in aviation environment
Risk managment in aviation environmentRisk managment in aviation environment
Risk managment in aviation environmentCristiane Freitas
 
Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)fitrah ilman
 
Airworthiness Review Certificate
Airworthiness Review CertificateAirworthiness Review Certificate
Airworthiness Review CertificateS P Singh
 
Learn how to Manage Aircraft Records
Learn how to Manage Aircraft RecordsLearn how to Manage Aircraft Records
Learn how to Manage Aircraft RecordsJeanette Erazo
 
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...FAA Safety Team Central Florida
 
Human Factors Training in Aviation
Human Factors Training in AviationHuman Factors Training in Aviation
Human Factors Training in Aviationaviation-training
 

Mais procurados (20)

AEP
AEPAEP
AEP
 
Annex 14 ppt cheng
Annex 14 ppt chengAnnex 14 ppt cheng
Annex 14 ppt cheng
 
Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028Army Futures Command Concept for Special Operations 2028
Army Futures Command Concept for Special Operations 2028
 
Atc unit 2
Atc unit 2Atc unit 2
Atc unit 2
 
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MROFAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
FAA HUMAN FACTOR IN AVIATION MAINTENANCE HF MRO
 
Capítulo i derecho aeronáutico
Capítulo i derecho aeronáuticoCapítulo i derecho aeronáutico
Capítulo i derecho aeronáutico
 
Aircraft Design Proposal 2016
Aircraft Design Proposal 2016Aircraft Design Proposal 2016
Aircraft Design Proposal 2016
 
Aviation Audit
Aviation Audit Aviation Audit
Aviation Audit
 
Risk managment in aviation environment
Risk managment in aviation environmentRisk managment in aviation environment
Risk managment in aviation environment
 
Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)Annex 3 (Meterologi Service)
Annex 3 (Meterologi Service)
 
Aeródromos
AeródromosAeródromos
Aeródromos
 
Airworthiness Review Certificate
Airworthiness Review CertificateAirworthiness Review Certificate
Airworthiness Review Certificate
 
8973.6
8973.68973.6
8973.6
 
Learn how to Manage Aircraft Records
Learn how to Manage Aircraft RecordsLearn how to Manage Aircraft Records
Learn how to Manage Aircraft Records
 
Normativa Parte 1 con EDU
Normativa Parte 1 con EDUNormativa Parte 1 con EDU
Normativa Parte 1 con EDU
 
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
Avoid the Dirty Dozen: 12 Common Causes of Human Factors Errors in Aviation M...
 
Factores humanos
Factores humanosFactores humanos
Factores humanos
 
ATDA Commercial Transport Airframe Part 4.pdf
ATDA Commercial Transport Airframe Part 4.pdfATDA Commercial Transport Airframe Part 4.pdf
ATDA Commercial Transport Airframe Part 4.pdf
 
ATDA Commecial Transport Airframe Part 1.pdf
ATDA Commecial Transport Airframe Part 1.pdfATDA Commecial Transport Airframe Part 1.pdf
ATDA Commecial Transport Airframe Part 1.pdf
 
Human Factors Training in Aviation
Human Factors Training in AviationHuman Factors Training in Aviation
Human Factors Training in Aviation
 

Destaque

HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkAdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 

Destaque (20)

HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the future
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 

Semelhante a An Alternative Approach to DO-178B

Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)AdaCore
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
Armstrong
ArmstrongArmstrong
ArmstrongNASAPMC
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxNikhileshSathyavarap
 
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga... Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...Carol Dekkers
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system designRahul Hedau
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceParasoft
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptxjack952975
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationskylan2
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyAversan Inc.
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsOracle
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
 
Lange michelle mapld08_add_1
Lange michelle mapld08_add_1Lange michelle mapld08_add_1
Lange michelle mapld08_add_1salimgharnate
 
Richard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTRichard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTAnatoly Levenchuk
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaAdaCore
 

Semelhante a An Alternative Approach to DO-178B (20)

Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
Open-DO: Towards a Lean Approach for Certification (Cyrille Comar)
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
Armstrong
ArmstrongArmstrong
Armstrong
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptx
 
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga... Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
Top 10 uses of Functional Size Measurement (Function Points) by Mature Orga...
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system design
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C Compliance
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
 
2009 10 03 Learning Unit Sdi
2009 10 03 Learning Unit Sdi2009 10 03 Learning Unit Sdi
2009 10 03 Learning Unit Sdi
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
 
Parameters for c# developers.pdf
Parameters for c# developers.pdfParameters for c# developers.pdf
Parameters for c# developers.pdf
 
Understanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your CompanyUnderstanding DO-178: Importance and How It Affects Your Company
Understanding DO-178: Importance and How It Affects Your Company
 
Con8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controlsCon8154 controlling for multiple erp systems with oracle advanced controls
Con8154 controlling for multiple erp systems with oracle advanced controls
 
Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...Customers talk about controlling access for multiple erp systems with oracle ...
Customers talk about controlling access for multiple erp systems with oracle ...
 
Lange michelle mapld08_add_1
Lange michelle mapld08_add_1Lange michelle mapld08_add_1
Lange michelle mapld08_add_1
 
Richard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoTRichard Crisp -- predictable development for the IoT
Richard Crisp -- predictable development for the IoT
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa s
 
Open-Do - Initial concepts and idea
Open-Do - Initial concepts and ideaOpen-Do - Initial concepts and idea
Open-Do - Initial concepts and idea
 

Mais de AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 

Mais de AdaCore (18)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

An Alternative Approach to DO-178B

  • 1. Trusted to deliver excellence © 2016 Rolls-Royce plc and/or its subsidiaries The information in this document is the property of Rolls-Royce plc and/or its subsidiaries and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc and/or its subsidiaries. This information is given in good faith based upon the latest information available to Rolls-Royce plc and/or its subsidiaries, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc and/or its subsidiaries. An Alternative Approach to DO-178B Duncan Brown Rolls-Royce Engineering Fellow – Safety Critical Software
  • 2. What is DO-178? 2 • Guidance (or guidelines) for software in airborne systems • A standard?? • A set of objectives and activities to achieve them • A collection of best practices from the late 1970’s for safety critical software • A somewhat arbitrary relaxation of these practices by Design Assurance Level • A tried and trusted acceptable means of compliance for airborne software which has saved thousands of lives!
  • 3. Why DO-178C? • Best practice has moved on from 1980 and often now includes:- - Model Based Development - Formal Methods - Object Oriented Design - Extensive support tooling (Static analysis, auto-code generation, simulation etc.) • Because of the success of DO-178B the terms of reference included minimal change to the core • So the concept of “Supplements” was developed with an idea that future supplements could be created without change to the core document 3
  • 4. DO-178C – Rationale, Change and TearsTiers • A sub-group was created on DO-178C to try to recall the rationale behind the objectives but this never materialised • A proposal for a goal based or safety case approach to the DO-178 objectives • A proposal by the Formal Methods group to remove the testing “means” from the core document and to have a supplement for the traditional approach • A proposal (IP217) to abstract DO-178 into a process that iterated around multiple tiers of requirements/design until code emerged Note that this concept re-appeared in 2014 in a paper by Mike Dewalt called “Technology Independent Assurance Method or TIAM” 4
  • 5. Perceived Problems (As presented by the FAA to GAMA in 2015) • Product based certification leads to multiple products being separately scrutinised • Prescriptive domain specific detailed objectives in standards such as DO-178C, DO-254 and ARP4754 preclude or make difficult alternative approaches • Separation of System, Software and Complex Hardware disciplines within the authorities and the applicants causes wasted effort • No need for four DAL levels, A is very close to B and C to D 5
  • 6. What is GAMA? • The General Aviation Manufacturers Association • Founded in 1970 to “foster and advance the general welfare, safety, interests and activities of general aviation” • Worldwide committee based organisation with head quarters in Washington and Brussels • Scope includes general aviation aircraft (Part 23) and more recently rotorcraft (Part 29) 6
  • 8. An example review of DO-178C from a “GA” perspective • Activities should not be there, standard should be objectives only • Process standards rather than product standards would be better • Have one set of objectives for all levels of requirements and design • Remove Parameter Data Item objectives • Remove structural coverage objectives • Remove data and control coupling objectives • Eliminate the requirement for traceability data • Remove configuration index documents • Have QA audit against company standards 8
  • 9. What is Streamlining? • Harmonization – The FAA and EASA should employ harmonized approaches to certification • Move to process based audits where a company can be shown to have a good, mature process and that it is being re-used on a number of projects • Create some domain independent goals that all certifications must satisfy to allow alternative approaches with appropriate justification • Audit for systems, software and complex hardware in parallel • Look at revising the number of DALs to two 9
  • 10. The FAA Initiative – Streamlining Workshop(s) • October 2015 FAA (Software CSTA Mike Dewalt) sent out work shop invites to a number of people with a structured distribution (Countries, industry sectors etc.) • First workshop (and the only one planned originally) was in December 2015 • The plan given by Mike Dewalt at the first meeting was to conclude on the number of DAL levels and a set of less than 10 “meta-objectives” by the close of the meeting and to take these to an open FAA conference in April 2016 • The idea was to issue an Advisory Circular in the autumn of 2016! 10
  • 12. More FAA workshops…. • At the end of the December meeting it was decided that:- - No real advantage in reducing the number of DALs - We needed more time on meta-objectives • Another meeting was arranged for April 2016 • At the end of the April meeting:- - A plan for an FAA conference in September 2016 had been firmed up - It was decided that we needed another meeting on meta- objectives (and they probably weren’t really meta-objectives) • Another meeting was arranged for July 2016 12
  • 13. Final FAA workshop • In July 2016 we held the last workshop which:- - Concluded with a set of three “Overarching Properties” - Prepared material to disseminate the information at the September conference • The “open” FAA conference was held in September 2016 with ~225 attendees (Workshop members, cert authorities and technical representatives from industry such as DERs) • The meeting conclusions were not clear, however general consensus that - The three OPs are logically correct - They are probably too abstract to be useful without additional information/training etc. - They do not help much in solving “variation” across FAA and EASA (in fact they may make it worse) 13
  • 14. The European Initiative - RESSAC • The FAA initiative was international however it was decided that a separate European approach would be sensible • IRT St. Exupery in Toulouse launched a research project in early 2016 involving representatives from industries in Europe • The original proposal was a two year project to come up with - A set of “meta-objectives” (or Overarching Properties) - Criteria for how the evidence against these could be judged - A worked case study against these OPs 14
  • 15. RESSAC and AeroSpace and Defence Industries Association of Europe (ASD) 15
  • 16. Overarching Properties (aka Meta Objectives) 16 Desired System Behaviour Defined Intended Function Implementation Requirements Capture Development IntentNecessity Correctness
  • 17. Progress • The FAA workshops have:- - Made a decision to continue with four DALs - Refined three Overarching Properties in a standardised form 17 Overarching Property Statement: Correctness: The implementation is correct with respect to its defined intended functions, under foreseeable operating conditions. Definitions: words / phrases in the Overarching Property description a. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Foreseeable operating conditions: External and internal conditions in which the system is used, encompassing all known normal and abnormal conditions. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation of the functions exists. c. The record of the foreseeable operating conditions exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. When tiers of decomposition are used, the means of showing correctness among the tiers and to the defined intended functions must be defined and conducted as defined. c. The implementation must be correct when functioning as part of the integrated system or in environment(s) representative of the integrated system. d. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. e. All artifacts required to establish the Overarching Property are under configuration management and change control. f. All design and manufacturing data to support consistent replication of the type design and instructions for continued airworthiness must be established. Assumptions: which need only be stated, not justified (if any) None. Overarching Property Statement: Intent: The defined intended functions are correct and complete with respect to the desired system behavior. Definitions: words / phrases in the Overarching Property description a. Desired system behavior: System needs and constraints expressed by the stakeholders. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Failure Condition(s): A condition having an effect on the aircraft and/or its occupants, either direct or consequential, which is caused or contributed to by one or more failures or errors, considering flight phase and relevant adverse operational or environmental conditions or external events. (From ARP 4754A) Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. Failure conditions are defined for the aircraft systems. c. Design Assurance Levels (DALs) are assigned using the failure condition classifications. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The defined intended functions must address the failure conditions. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. Stakeholders have the system knowledge to express the desired system behavior. b. Performing system safety assessments is not covered by these Overarching Properties. Overarching Property Statement: Necessity: All of the implementation is either required by the defined intended functions or is without unacceptable safety impact. Definitions: words / phrases in the Overarching Property description a. Unacceptable Safety Impact: An impact which compromises the system safety assessment. b. Defined intended functions: The record of the system needs and constraints as expressed by stakeholders. c. Implementation: Item or collection of items contributing to system realization, for which acceptance or approval is being sought; item (from ARP 4754A) is a hardware or software element having bounded and well-defined interfaces. Pre-requisites: which must exist to allow Overarching Property satisfaction to be shown a. Defined intended functions exists. b. The implementation or a representation of the implementation exists. c. The system safety assessment exists. Constraints: on how Overarching Property satisfaction must be demonstrated a. The process to satisfy this Overarching Property must be defined and conducted as defined. b. The system safety assessment must address all of the implementation. c. Criteria for evaluating the artifacts are defined and shown to be satisfied individually and collectively. d. All artifacts required to establish the Overarching Property are under configuration management and change control. Assumptions: which need only be stated, not justified (if any) a. For a TSOA appliance there may not be a complete system safety assessment for the final installation at the appliance level.
  • 18. Next Steps • RESSAC will continue as a research project until mid 2018 and publish the deliverables at that point • FAA has decided to continue the workshops both virtually (as a telecom with collaboration on a web site) and as face to face workshops possibly US and Europe • The FAA has also re-defined the team working this to allow all members of RESSAC to be involved as well as a wider invite to GAMA / AIA / ASD and others • The aim for the FAA still seems to ultimately be an Advisory Circular • It is not yet clear what ASD and EASA might do with the RESSAC outputs 18
  • 19. Summary • It is generally accepted that there is still work to do in harmonizing the certification authorities both internally and globally • It is felt that existing guidance for compliance to regulations in some circumstances can incur disproportionate effort AND could inhibit or even preclude innovative approaches in systems, software and complex electronics which could improve safety • There is broad agreement about three “Overarching Properties” to be met to comply with regulation BUT It is still a challenge to understand how these can be applied harmoniously! Key to this are clear criteria to judge the approaches and the evidence. 19
  • 20. Timeline 20 1992 2000 2005 2010 2015 2020