1

Basing Aviation Software Certification

On Assurance Cases

John Knight

Patrick Graydon

Elisabeth Strunk

2

The Argument

• Prescribed software development processes do not ensure software quality

• Assurance cases (e.g., safety cases) provide a mechanism for documenting an assurance argument

• Read position paper

• Listen to Robin Bloomfield

3

Certification and Education

John Knight

4

Civil EngineeringLarge

structures very rarely

fail

Why?

5

Them vs Us

Civil Engineering:• Extensive science

supporting analysis• Rigorous education• Mentored, prescribed

experience path• Community of trust• PE signature• Learning from failure

Computer Engineering:• Some science

supporting analysis

Education

6

So?

• Certification is not just a technical issue• Why?• Sometimes engineers are not aware of:

– Their own limitations– The limitations of their technologies– New technology—things are moving very fast

• F 22 anyone?• We have to fix this

Good technology applied incorrectly is useless

7

What To Do?

Demand better from high education

8

What To Do?

Demand better from high education

9

What To Do?

Demand better from high education

10

What To Do?

• Demand better from high education

• Develop a comprehensive approach to the social side of this

• Integrate the industry hiring and preparation process with higher education

• Set standards for people and processes at all levels