University of Groningen

Safety is no accidentKesseler, Ernst

IMPORTANT NOTE: You are advised to consult the publisher's version (publisher's PDF) if you wish to cite fromit. Please check the document version below.

Document VersionPublisher's PDF, also known as Version of record

Publication date:2008

Link to publication in University of Groningen/UMCG research database

Citation for published version (APA):Kesseler, E. (2008). Safety is no accident: contributions to achieving certifiable safe software. [s.n.].

CopyrightOther than for strictly personal use, it is not permitted to download or to forward/distribute the text or part of it without the consent of theauthor(s) and/or copyright holder(s), unless the work is under an open content license (like Creative Commons).

Take-down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediatelyand investigate your claim.

Downloaded from the University of Groningen/UMCG research database (Pure): http://www.rug.nl/research/portal. For technical reasons thenumber of authors shown on this cover page is limited to 10 maximum.

Download date: 23-07-2021

References 187

References

C. Adams, A380 Innovations: A Balancing Act, Aviation today, March 2003.

Airbus, Extending Airbus commonality to very large aircraft, http://www.airbus.com/en/aircraftfamilies/a380/commonality.html, (Accessed September 2006).

Airport Council International, http://www.airports.org/, May 2005, (Accessed April 2006).

Cecilia Albert, Lisa Brownsword, Evolutionary process for integrating COTS based system (EPIC): an overview, Software Engineering Institute, CME/SEI-2002-TR-009, July 2002.

Maryam Alavi, John C. Henderson, An evolutionary strategy for implementing a decision support system, Management science, 27 (11), Page 1309 – 1323, November 1981.

Carina Alves, Anthony Finkelstein, Challenges in COTS decisions making: a goal-driven requirements engineering perspective, SEDECS´02, July 2002.

P. Argüeles, et.al, Report of the group of personalities, European aeronautics: a vision for 2020, http://europa.eu.int/comm/research/growth/aeronautics2020/pdf/aeronautics2020_en.pdf, January 2001, (Accessed April 2006).

Luis Argüello, Juan Miró, Distributed Interactive Simulation for space projects, ESA bulletin 102, May 2000.

Yvonne Barnard, Matthias Reiss, User-centred innovation of electronic documentation for maintenance, Developments in Human Factors in Transportation, Design and Evaluation, page 129-142, Shaker Publishing, Maastricht, 2006.

Victor R. Basili, The role of experimentation in software engineering: past, current and future, International Conference on Software Engineering ICSE-18, Berlin, 27 – 29 March 1996.

Victor R Basili, B. Boehm COTS-Based systems Top 10 List, IEEE Computer, vol. 24, no. 5, page 91-93, May 2001.

188 References

Victor R. Basili, G. Caldiera, H.D. Rombach, Goal Question Metric Paradigm, Encyclopaedia of Software Engineering 1, New York: John Wiley & Sons, page 528-532, 1994.

Victor R. Basili, Frank E. McGarry, Rose Pajerski, Marvin V. Zelkowitz, Lessons learned from 25 years of process improvement: the rise and fall of the NASA software engineering laboratory, International Conference on Software Engineering ICSE02, Orlando, 19-25 May 2002.

Victor R Basili, D.M. Weis, A methodology for collecting valid software engineering data, IEEE transactions on software engineering, Vol 10, No 6, 1984.

I. Benbasset, Robert W. Zmud, Empirical Research in Information Systems: The Practice of Relevance, MIS Quarterly, 23(1), page 3-16, 1999.

B. Gold-Bernstein, EAI market segmentation, EAI Journal, May 2001.

Gerard Berry, M. Kishinevsky, S. Singh, System Level Design and Verification Using a Synchronous Language, IEEE/ACM International Conference on Computer Aided Design (ICCAD'03), San Jose, November 2003.

F.E. Bird, Damage control, Insurance Company of North America, Philadelphia, 1969.

Niels Bohr, Zeitschrift für Physik 13, page 117, 1923 (in German).

Guy Boy, Jerome Barbé, Sébastian Giuliano, Automation and assistance in aeronautics and automotive: Diversity versus homogenisation? AAET, Braunschweig, 26-28 February 2007.

Guy Boy, Jeffrey Bradshaw, Perceived complexity versus internal complexity, did we take into account expertise, reliability and cognitive stability? Proceedings of the second symposium on resilience engineering, 8-10 November 2006, Juan-les-Pins, 2006.

BS 7925-2, British Standard software testing part 2: software components testing, August 1998.

B. Brogliato, A.A. ten Dam, L. Paoli, F. Génot, M. Abadie, Numerical Simulation of Finite Dimensional Multibody Nonsmooth Mechanical Systems, Survey paper: ASME Applied Mechanics Reviews vol.55, no 2, page 107-150, March 2002.

References 189

W. Brouwer, A.A. ten Dam, P. Schrap, The National Simulation Facility NSF: The application of the Real-time Operations Simulation Support Tool PROSIM, Proceedings CEAS Symposium on Simulation Technology, Delft, 30 October - 1 November, 1995.

A. Brown, D.A. Patterson, To err is human, http://www.crhc.uiuc.edu/EASY/Papers/brown-easy01.pdf, July 2001, (accessed April 2006).

Tom Brugman, Testing high technology developments at ASML, 9th Dutch test day, Nijmegen, 25 November 2003.

Ricky W. Butler, George B. Finelli, The infeasibility of experimental quantification of life-critical software reliability, IEEE Transactions on Software Engineering, 19(1), page 3-12, January 1993.

J.L. Camus, Efficient development of airborne software with Scade suite, http://www.esterel-technologies.com/v3/?id=41490#DO-178B, 2003, (accessed April 2006).

Kim Cardosi, Amanda DiFiore, Metrics of Communication Performance, Air Traffic Control Quarterly, volume 12 (4), page 297-313, 4th quarter 2004.

David J. Carney, Edwin J Morris, Patrick R.H. Place, Identifying Commercial off the Shelf (COTS) product risks: the COTS usage risk evaluation, Software Engineering Institute, CME/SEI-2003-TR-023, September 2003.

D.I. Chaney, et al., Commercial aeroplane certification process study, FAA, http://www.aia-aerospace.org/issues/subject/faa/faa_cert_study.pdf, March 2002, (accessed April 2006).

S. Cherry, R. Robillard, Empirical study of ad-hoc collaborative activities in software engineering, proceedings Computer Supported Activity Co-ordinationCSAC-2004, Porto, page 115-125, April 2004.

E. Christiansen, C. Quinn, Java pays -- positively, IDC Bulletin #W16212http://www.idcresearch.com/, May 1998 (accessed April 2006).

190 References

Michael Clamann, David B. Kaber, Applicability of usability evaluation techniques to aviation systems, International Journal of Aviation Psychology, 14 (4), page 395-420, 4th quarter 2004.

P. Claes, The challenges of developing Safe Software, Second Galileo Software Engineering Workshop GSOFT 2003, October 2003, http://www.estec.esa.nl/conferences/past_events.html, (accessed April 2006).

E. Cloete, A. Gerber OO systems development barriers for structural developers, Proceedings ICEIS, Volume 3, page 42-47, April 2004.

J. Coplien, Common Organisational Pattern, http://www.easycomp.org/cgi-bin/OrgPatterns, August 2001, (accessed October 2006).

Terry Costlow, Simulating real-time safety, Aerospace engineering, page 14-16, June 2006.

D. Craigen (editor), E. Kesseler, R. Bloomfield, J. Cazin, N. Juristo, J. Voss, chapter 5 of the book Validation, verification and certification of embedded system, RTO/NATO, ISBN 92-837-1146-7, October 2005.

K. Crowston, B. Scozzi, Co-ordination practices within FLOSS development teams: the bug fixing process, proceedings Computer Supported Activity Co-ordination,CSAC-2004, Porto, page 21-30, April 2004.

Edward Cutrell, Mary Czerwinski, Eric Horvitz, Notification, disruption and memory: effects of messaging interruptions on memory and performance, Proceedings of Interact 2001: IFIP conference on Human computer Interaction, Tokyo, July 2001.

S. Dekker, When human error becomes a crime, Human factors and aerospace safety, page 83-97, 2003.

G.J. Dekker, E. Kesseler, Product assurance for the development of the SAX application software, ESA 1996 Product assurance symposium and software product assurance workshop, Noordwijk, 19-21 March 1996.

G.J. Dekker, E. Kesseler, Product assurance for the development of the SAX application software, van pacemaker tot satelliet, XOOTIC symposium TUE, Eindhoven, October 1996.

References 191

G.J. Dekker, E. Kesseler, Development procedures of the on-board Attitude control software for the SAX satellite, Automazione e strumentazione, no 6, Anno XLV, Giugno 1997.

Department of Labor, Census of fatal occupational injuries, summary 2004, www.bls.gov/lif/oshcfoil.html, 25 August 2005, (accessed March 2006).

Department of Defense DOD Directive 5000.1, The defense acquisition system, http://dod5000.dau.mil/, May 2003.

P. Dieleman, E. Kesseler, Developing the EATMS architecture: think big - start small, Eurocontrol Architecture workshop, Brussels, 11 – 13 June 1996.

DOD-STD-2167A Military Standard Defense System Software Development, 1988.

Alan Dix, Janet Finlay, Gregory D. Abowd, Russell Beale, Human-Computer Interaction, 3rd edition, Prentice Hall, Harlow, 2004.

DMSO, High Level Architecture Federation Development and Execution Process (FEDEP) Model, Version 1.5, December 8 1999, http://www.dmso.mil/public, (accessed April 2006).

DMSO, RTI Web Site: http://www.dmso.mil/public, 2002, (accessed April 2006).

DO-178B/ED12B, Software Considerations in Airborne Systems and Equipment Certification, RTCA & EUROCAE, December 1992.

DO-278/ED109, Guidelines for the communication, navigation, surveillance and air traffic management (CNS/ATM) systems software integrity assurance, RTCA & EUROCAE, March 2002.

DOD-STD-2167a, Department of Defense (DoD) Defense System Software Development, 1988.

DRD920, GNSS-1 Programme implementation phase, EGNOS software engineering standard, to be obtained from the EGNOS programme office, August 1999.

Thomas A. Duke, Using available investigation data to prevent airline accidents, Air line pilot, page 17-21, April 1999.

ESA (European Space Agency), Java coding standards, BSSC 2005(2), March 2005.

192 References

ESA(European Space Agency), ESA Software Engineering Standards, ESA-PSS-05, 1991.

ESARR4, Risk Assessment and Mitigation in ATM, Eurocontrol, http://www.eurocontrol.be/src/html/deliverables.html, October 2002, (accessed April 2006).

EURISCO European Institute of Cognitive Sciences and Engineering, http:/www.eurisco.org/publications/ol2006.html, (accessed December 2007).

Eurocontrol, Towards Co-operative ATS, The COOPATS Concept, Eurocontrol DIS/ATD/AGC/MOD/DEL 01, November 2000.

Eurocontrol, Recommendations for ANS software, SAF.ET.ST03.1000.GUI-01-00, to be obtained from the Eurocontrol Safety Management group, issue March 2003.

Eurocontrol, Eurocontrol specifications for the use of military unmanned aerial vehicles as operational air traffic outside segregated airspace, www.eurocontrol.int, 24 April 2006, (Accessed August 2006).

European Transport Safety Council, Transport safety performance in the EU a statistical overview, www.etsc.be, 2003, (Accessed April 2006).

FAA, FAA AC120-76A, Guidelines for the certification, airworthiness and operational approval of electronic flight bag computing devices, FAA, July 2003.

FDA, FDA-1252, Guidance for FDA reviewers and industry guidance for the content of pre-market submissions for software contained in medical devices,http://www.fda.gov/cdrh, May 1998, (Accessed April 2006).

FAA, Federal Aviation Requirements/Joint Aviation Requirements FAR/JAR-25.

FAA, Federal Aviation Requirements, FAR/CS & 25.1302, Installed systems and equipment for use by flight crew, submitted by HFHW, 2004.

Lindsay Fenwick, Michael Huhn, Criminal liability & aircraft accident investigation, Air line pilot, May 2003, page 17-22.

W. Fokkink, N. Ioustinova, E. Kesseler, J. v.d. Pol, Y. S. Usenko, Y. A. Yushtein, Refinement and verification applied to an in-flight data acquisition unit, Concur 2002, Lecture Notes in Computer Science, Brno, 20 – 23 August 2002.

References 193

K. Ford, Euclid RTP 11.13, Realising the potential of networked simulation in Europe, European Simulation Interoperability Workshop (EURO-SIW) 2001, June 2001.

T. Gantner, T. Barth, Experiences on defining and evaluating an adapted review process. Proceedings of the 25th International Conference on Software Engineering, http://www.icse-conferences.org/2003/, page 506-511, May 2003, (Accessed April 2006).

Bill Gates, Key note presentation, Windows Hardware Engineering Conference WinHEC 2002, Seattle, April 2003.

W. Wayt Gibbs, Taking computers to task, Scientific American, 277(1), page 82-89, 1997.

Tom Gilb, Competitive engineering, Chapter 10, page 1-26, http://www.gilb.com/, June 2003.

Jody Gittel, Supervisory span, relational co-ordination and flight departure performance: a reassessment of post-bureaucracy theory, Organization science, 12(4), page 467-482, August 2001.

B.G. Glaser, A.L. Strauss, The discovery of grounded theory: strategies for qualitative research, Aldine publishing company, New York, 1967.

M. van Gool, PHARE final report, Eurocontrol DOC 99-70-09, Brussels, 1999.

Goulielmos Markos, Systems development approach: transcending methodology, Information Systems Journal 2004, 14, page 363-386, 2004.

R.J.F. Grosmann, E. Kesseler, Sharing information at airports, progress available soon, 5th PROGRESS symposium on embedded systems, Nieuwegein, 20 October 2004.

Tim Hagemann, P.Weber, Situational awareness in air traffic management, Human factors and aerospace safety 3(3), page 237-243, 2003.

K. J. Hayhurst, Framework for small-scale experiments in software engineering, NASA, 1998.

194 References

D.J. Hatley, A. Pirbhai, Strategies for real-time system specification, Dorset House Publishing, 1988.

Les Hatton, Safer C: developing software for high-integrity and safety-critical systems, McGraw Hill, Berkshire, England, 1994.

Les Hatton, Software faults: the avoidable and the unavoidable: Lessons from real systems, Proceedings of the ESA 1996 product assurance symposium and software product assurance workshop (ESA S-377) Noordwijk, 19-21 March 1996.

H. W. Heinrich, Industrial accident prevention, New York, McGraw Hill, 1931.

HLA (High Level Architecture) web-site: https://www.dmso.mil/public/transition/hla/, (Accessed April 2006).

Henk Hesselink, Niels Basjes, MANTEA departure sequencer: Increasing airport capacity by planning optimal sequences, H.H. FAA/Eurocontrol ATM'98 Conference, Orlando (FL), 1-4 December 1998.

H. Holderbach, Type certification of commercial aircraft, call for enhanced international rules, ICAO Journal 2, 2001.

Becky L. Hooey, David C. Foyle, Anthony D. Andre, A human-centred methodology for the design, evaluation and integration of cockpit displays, NATO RTO Symposium on enhanced and synthetic vision systems, 10-12 September 2002, Ottawa, 2002.

Becky L. Hooey, David C. Foyle, Anthony D. Andre, Integration of cockpit displays for surface operations: the final stage of a human-centred design approach, SAE transactions: journal of aerospace, 109, page 1053 – 1065, 2000.

James J. Hunt, The HIDOORS methodology using Java in real-time and embedded systems, 2005.

IEC-60880, Software for computers important to safety for nuclear power plants, Part 2, software aspects of defence against common cause failures, use of software tools and of pre-developed software, http://ww.iec.ch, December 2000.

IEC-61266, Nuclear power plats - instrumentation and control systems important for safety - Classification, http://ww.iec.ch, May 1993.

References 195

IEC-61508 Functional safety: safety related systems, 7 parts, http://ww.iec.ch, December 1998.

IEEE-1278, IEEE Standard for Information Technology - Protocols for Distributed Interactive Simulation Applications, IEEE, New York, 1993.

IEEE-1278.1, IEEE Standard for Distributed Interactive Simulation - Application Protocols, IEEE, New York, 1995.

IEEE-1278.1a, IEEE Standard for Distributed Interactive Simulation - Application Protocols, IEEE, New York, 1998.

IEEE-1278.2, Standard for Distributed Interactive Simulation - Communication Services and Profiles, IEEE, New York, 1995.

IEEE-1278.3, IEEE Recommended Practice for Distributed Interactive Simulation--Exercise Management and Feedback, IEEE, New York, 1996.

IEEE-1278.4, IEEE Trial-Use Recommended Practice for Distributed Interactive Simulation--Verification, Validation, and Accreditation, IEEE, New York, 1997.

IEEE-1516, IEEE Standard for Modelling and Simulation (M&S) High Level Architecture (HLA) - Framework and Rules, IEEE, New York, 2000.

IEEE-1516.1, IEEE Standard for Modelling and Simulation (M&S) High Level Architecture (HLA) Federate Interface Specification, IEEE, New York, 2000.

IEEE-1516.2, IEEE Standard for Modelling and Simulation (M&S) High Level Architecture (HLA) - Object Model Template (OMT) Specification, IEEE, New York, 2000.

INPO, Maintenance working group, Atlanta, GA, A maintenance analysis of safety significant events, Institute of Nuclear Power Operations, 1985.

International Air Transport Association, http://www.iata.org/about/index/, May 2005, (Accessed April 2006).

International Civil Aviation Organisation, Global air traffic management operational concept, doc 9854, 2005, www.icao.int, (Accessed August 2006).

196 References

International Civil Aviation Organisation, ICAO Statistical Yearbook, Civil aviation statistics of the world, http://www.icao.int/, 2003, (Accessed April 2006).

ISO-13407 International Organization for Standardization, ISO 13407, Human-centred design processes for interactive systems, 1999.

ISO/DIS-15026 International Organization for Standardization, Information technology - System and software integrity levels, 1996.

ISO-15408 International Organization for Standardization, Common criteria for security evaluation, Version 2.1, also known as the Common Criteria, http://www.commoncriteria.org/cc/cc.html, August 1999.

ISO-18529, International Organization for Standardization, International Organization for Standardization, ISO TR 18529, Ergonomics of human-system interaction – Human-centred lifecycle process descriptions, 2000.

E. Jeannot, C. Kelly, D. Thompson, The development of situational awareness in ATM systems, http://www.eurocontrol.int/humanfactors/docs/HF35-HRS-HSP-005-REP-01withsig.pdf, June 2003, (Accessed April 2006).

JSF, Joint Strike Fighter web-site, www.jsf.mil, (accessed August2006).

Claire-Marie Karat, R.Campbell, T. Fiegel, Comparison of empirical testing and walkthrough methods in user interface evaluation, CHI92 Conference proceedings, (p 397-404) Association for Computing Machinery (ACM), New York, 1992.

Richard Kebabjian, Plane crash info, http://www.planecrashinfo.com/cause.htm, 2004, (Accessed April 2006).

E. Kesseler, Aeronautical telecommunication network, Some European contemplations, The 21st century ATM, proceedings 3rd annual CNS/ATM seminar, Taipei, 25-26 March, 1998.

E. Kesseler, Safety, an organised approach, proceedings 4th annual CNS/ATM seminar Taipei, 9-10 March, 1999.

E. Kesseler, Aviation human factors, the next step, proceedings 1st aviation human factors workshop, Taipei, 11 March, 1999.

References 197

E. Kesseler, Quality first, Measuring a safety-critical embedded software development process, Profes ’99 (International conference on product focussed process improvement), Oulu, 22-24 June 1999.

E. Kesseler, Safety critical software development, an aerospace example, invited presentation on EU European Systems and Software Initiative (ESSI) EUNET workshop at KEMA, Arnhem, 10 September 1999.

E. Kesseler, Cheaper/faster/better and safer? Searching the perfect balance, proceedings 5th CNS/ATM seminar, Taipei, 27-29 March 2000.

E. Kesseler, Applying theory to practise, Airworthy software measured and analysed, 16th IFIP World computer congress, Proceedings of conference on software theory and practice, Beijing, ISBN 7-5053-6110-4, 21-26 August 2000.

E. Kesseler, Deploying Networked Real-Time Simulation, Putting the Virtual Enterprise to Work, Some Aerospace Experience, Hawaii International Conference on System Sciences HICSS-35, Kona, ISBN 0-7695-1435-9, 7-10 January 2002.

E. Kesseler, Transforming air transport to a concurrent enterprise, Technical, safety and security perspectives, ICE 2003, Helsinki, ISBN 0-85358-119-3, 16–18 June 2003.

E. Kesseler, Air transport, From Privilege to Commodity, the World Congress Aviation in the XXIst century, Kyiv, 14–16 September 2003.

E. Kesseler, Software safety and certification: air transport practices compared with other domains for consideration by Galileo, Second Galileo Software Engineering Workshop GSOFT 2003, Noordwijk, 14–16 October 2003.

E. Kesseler, Consistent safety objectives and COTS versus fragmented certification practises and good safety records, Air transport dilemma in need of innovation, 3rd IEEE Conference on Standardisation and Innovation in Information Technology, Delft, ISBN 0-7803-8172-6, 22–24 October 2003.

E. Kesseler, Improving air transport collaboration, seminar at Korea Transport Institute (KOTI), Seoul, 6 February 2004.

E. Kesseler, Improving air transport collaboration, the TALIS experience, proceedings 9th annual CNS/ATM seminar, Taipei, 1–2 March 2004.

198 References

E. Kesseler, Supporting the sky, Computer mediated co-operation to fly aircraft, Computer Supported Activity Co-ordination CSAC-2004, 6th International Conference on Enterprise Information Systems, Porto, ISBN 972-8865-08-2, 14–17 April 2004.

E. Kesseler, Integrating air transport elicits the need to harmonise software certification while maintaining safety and achieving security, Aerospace Science and Technology, (8) 2004 page 347-358, Elsevier.

E. Kesseler, Optimisation and multidisciplinary design: advancing the state-of-the-art in the European project VIVACE, ECCOMAS CFD, European Community on COmputational Methods in Applied Sciences Computational Fluid Dynamics, Egmond aan Zee, 5–8 September 2006.

E. Kesseler, Assessing COTS benefits versus custom-made for certifiable safe software, Information Systems Journal (18) 2008, page 299 – 324 Blackwell Publishing.

E. Kesseler, P. Arendsen, M.H. van Houten, R. Parchem, B. Meissner M. Nagel, J. Barner, H. Wenzel, Empowering engine engineers, advancing the state-of-the-art in collaborative multi-national multidisciplinary engine design, First CEAS European Air and Space Conference, Berlin, CD-ROM published by Council of the European Aerospace Societies (CEAS) comprising members from 8 nations, 10–13 September 2007.

E. Kesseler, E.H. Baalbergen, Component based software development at NLR, Assembling Aerospace Applications, Euroforum component based development congress, Utrecht, 15 December 1998.

E. Kesseler, A. A. ten Dam, R. van Sterkenburg, Divide and control, Making distributed real-time simulations work, 6th International workshop SESP 2000, Noordwijk, 10-12 October 2000.

E. Kesseler, R.J.F. Grosmann, R. Ehrmanntraut, Integrating navigation and communication systems for innovative services, 9th St. Petersburg International Conference on Integrated Navigation Systems, Saint Petersburg, ISBN 5-900780-37-6, 27-29 May 2002.

References 199

E. Kesseler, R.J.F. Grosmann, Improving collaboration through information sharing, a real world example, Research, Innovation & Vision for the Future, RIVF 2005, Can Tho, 21-24 February 2005.

E. Kesseler, R. Hogendoorn, ARTAS, A standard CNS/ATM component, The 21st

century ATM, proceedings 3rd annual CNS/ATM seminar, Taipei, 25-26 March, 1998.

E. Kesseler, P. Homsi, Achieving multiple objectives: VIVACE Multidisciplinary Design Optimization accomplishments, Evolutionary Methods For Design, Optimization and Control, EUROGEN 2007, 11 – 13 June 2007, Jyväskylä, published by CIMNE, Barcelona, 2007.

E. Kesseler, M.H. van Houten, Multidisciplinary optimisation of a turbine disc in a virtual engine environment, 2nd European Conference for Aerospace Sciences EUCASS 2007, Brussel, CD-Rom published by Universite Libre de Brussels, Symposium 1, Session 5, 1_05_06, 1 – 6 July 2007.

E. Kesseler, E. Knapen, Interactions, Advanced controller displays, an ATM essential, 3rd FAA / Eurocontrol ATM R&D seminar, Naples, 13 – 16 June 2000.

E. Kesseler, E, Knapen, Designing future advanced controller displays, Information Design Journal 2002/2003, John Benjamins Publishing Company, page 32-43, 2003.

E. Kesseler, E.G. Knapen, Towards human-centred design, two case studies, Journal of Systems and Software, (79), page 301-313, March 2006.

E. Kesseler, J. Kos, The next step in collaborative aerospace engineering, invited paper, Research, Innovation & Vision for the Future, RIVF 2005, Can Tho, 21-24 February 2005.

E. Kesseler, M. Laban, W.J. Vankan, Multidisciplinary wing optimisation, Design together, Design together gain together forum-1, Warwick, 20–21 September 2005.

E. Kesseler, M. Laban, W.J. Vankan, Consistent models for integrated multidisciplinary aircraft wing design, ICNPAA, International conference on Nonlinear Problems in Aviation and Aerospace, Budapest, 21-23 June 2006.

E. Kesseler, W. Lammen, J. Weser, P. Guellec, A case study of aeronautic product life cycle management in the (conceptual) design phase, Product Data Technology

200 References

Europe, page 42–51, 24–26 September 2007, Geneve, ISBN 978-91-631-88558 published by Eurostep, 2007.

E. Kesseler, E. van de Sluis, Safety and commercial realities in an avionics application, Second world congress on safety of transportation, Delft, ISBN 90-407-1852-0, 18–20 Feb 1998.

E. Kesseler and E. van de Sluis, Embedding safety critical software in an airframe, Embedded system symposium TUE, Eindhoven, 19 May 1998.

E. Kesseler, E. van de Sluis, Avionics application development, coalesce certifiability with business opportunity, ESA Data Systems in Aerospace DASIA ’98, Athens, 25–28 May 1998.

E. Kesseler, E. v.d. Sluis, A.A. ten Dam, Divide and control: making distributed real-time simulations work, Proceedings 6th International workshop on simulation for European space programmes, SESP-2000, ESA, Noordwijk, October 2000.

E. Kesseler, E. van de Sluis, Reliability, maintainability and safety applied to a real world avionics application, Proceedings of the European Conference on Safety and Reliability ESREL’98, published in Safety and Reliability, volume 2, Trondheim, ISBN 90-5410-968-8, 20-24 June 1998.

E. Kesseler W. J. Vankan, Taking Collaborative Engineering to the Sky, European Conference for Aerospace Sciences EUCASS 2005, Moscow, CD-ROM published by Russian Academy of Sciences, Symposium 1, section 1.3, 1.03.06, 4-7 July 2005.

E. Kesseler, W.J. Vankan, Multi-cubed engineering: Multidisciplinary aircraft wing design analysis for multi objective optimisation in multi site collaboration, The 6th WSEAS International Conference on Applied Computer Science (ACS '06), Tenerife, 16-18 December 2006.

E. Kesseler, W.J. Vankan, Multidisciplinary design analysis and multi-objective optimisation applied to aircraft wing, WSEAS transactions on systems and control, issue 2, volume 1, page 221-227, December 2006.

M. E. F. Keuning, E. v. d. Sluis, A. A. ten Dam, Distributed exercise management: the SmartFED approach, European Simulation Interoperability Workshop, EURO-SIW 2001, June 2001.

References 201

Max Kingsley-Jones, Fleet passed 25,000 mark, Flight International, 30 August 2005.

Dorothy McKinney, Impact of commercial-off-the-shelf software on the interface between systems and software, ICSE99, 1999.

J. Kjaer-Hansen, Human factors in the development of air traffic management systems, HUM.ET1, ST13.4000-REP-01, EATCHIP, Eurocontrol, Brussels, 1998.

H. Kopetz, Real time systems, design principles for distributed embedded systems, Kluwer scientific publishing, page 250, 1997.

J. Kos, A.A. ten Dam, Reducing Computation Times and Promoting the Use of Distributed Resources in Space System Design, IAF paper IAF-99-U.1.02 Proceedings 50th International Astronautical Congress, Amsterdam, 4-8 October 1999.

Tiiu Koskela, Kaisa Väänänen Vainio Mattila, Lauri Lehti, Home Is Where Your Phone Is: Usability Evaluation of Mobile Phone UI for a Smart Home, Lecture Notes in Computer Science Volume 3160/2004, Mobile Human-Computer Interaction – Mobile HCI 2004, Springer Berlin / Heidelberg, page 74-85, 2004.

Vincent Kowalski, Bruno J Karcher, Industry consortia in open systems, Standard view 2 (1,) March 1994.

Thomas K. Landauer, The trouble with computers: usefulness, usability and productivity, Cambridge MA, MIT press, 1995.

David Learmont, Reverse gear, Flight international, page 30, 10 January 2006.

Nancy Leveson, Safeware, system safety and computers, Reading, MA, USA, Addison Wesley, 1995.

Michael D. Madson, Air traffic controllers and real-time simulation: a powerful combination, Journal of ATC, pages 24-27, Jan 2004.

John McDermid, The cost of COTS, IEEE Computer, page 46-52, IEEE, 1998.

John McDermid, Tim Kelly, Software in safety critical systems, achievements and prediction, Nuclear future, volume 2, number 3, page 140-145, 2006.

202 References

A. Messiah, Quantum mechanics, volume I, North Holland publishing company, 1974.

A. Mili, S.F.O. Chimel, R. Gottumkkala, L. Zhang, An integrated cost model for software and reuse, ICSE2000, 2000.

MISRA, MISRA Report 2, Integrity, http://www.misra.org.uk/, February 1995, (Accessed April 2006).

Gordon E. Moore, Cramming more components onto integrated circuits, Electronics, 19 April 1965.

Gordon E. Moore, No exponential is forever ... but we can delay forever, International Solid State Circuits Conference, 10 February 2003.

NASA Human Systems Integration division/Human-centred Systems Lab, http://humansystems.arc.nasa.gov/awards_pubs/publications.php, (accessed December 2007).

MSHA, Number and rate of mining facilities by year, 1995-2004, www.cdc.gov/niosh/mining/statistics, (Accessed April 2006).

NASA, NASA Software measurement guidebook, NASA-GB-001-094, August 1995.

NASA, NASA Software process improvement guidebook, SEL-95-102 / NASA-GB-001-95, January 1996.

NASA, Formal Methods Specification and Verification Guidebook for Software and Computer Systems, Volume I: Planning ant Technology Insertion, NASA Office of Safety and Mission Assurance, NASA/TP-98-208193, Release 2.0, December 1998.

NASA, Formal Methods Specification and Analysis Guidebook for the Verification of Software and Computer Systems, Volume II: A Practitioners Companion, NASA Office of Safety and Mission Assurance, NASA-GB-001-97, Release 1.0, May 1997.

NASA, System-Wide Accident Prevention Program, http://avsp.larc.nasa.gov/program_swap.html, 2004, (accessed December 2006).

(USA) National Safety Council, Accident prevention manual, Itasca, IL, 2001.

References 203

(USA) National Safety Council, What are the odds of dying, www.nsc.org, (Accessed April 2006).

Jakob Nielsen, Usability Engineering, Academic Press, San Diego, CA, USA, March 1993.

M.S. Nolan, Fundamentals of air traffic control, Wadsworth inc, 2003.

Donald Norman, The Invisible Computer, MIT Press, 1998.

Performance Review Commission, ATFM summary 2003, Feb 2004, http://www.eurocontrol.int/prc/index.html, (Accessed April 2006).

P. Oberndorf, SEI Monographs on the Use of Commercial Software in Government Systems, http://www.sei.cmu.edu/cbs/papers/monographs/cots-open-systems/cots.open.systems.htm, February 1998, (accessed April 2006).

A. Odaci, Overview of A-Select, http://a-select.surfnet.nl/aselect_overview.html, August 2003, (Accessed April 2006).

Omega, Correct Development of Real-Time Embedded Systems, http://www-omega.imag.fr/index.php (Accessed September 2006).

Rob van Ommering, Building Product Populations with Software Components, 1CSE'02, Orlando. 19-25 May, 2002.

Rob van Ommering, Building Product Populations with Software Components, Thesis, Groningen, 3 December 2004.

Open Group, Real-time and Embedded Systems Forum, Java Specification Request http://www.opengroup.org/rtforum/ ADD, August 2003.

David Oppenheimer, A. Ganapathi, D. A. Patterson, Why do Internet services fail, and what can be done about it? 4th USENIX Symposium on Internet Technologies and Systems, http://roc.cs.berkeley.edu/papers/usits03.pdf, March 2003, (accessed April 2006).

Wanda J. Orlikowski, CASE tools as organisational change: investigating incremental and radical changes in software development, MIS quarterly (17) 3,Page 309-340, September 1993.

204 References

G. Pan, S.L. Pan, M. Newman, D. Flynn, Escalation and de escalation of commitment: a commitment transformation analysis of an e government project, Information Systems Journal 16, page 3-21, 2006.

Y. Papadopoulis, J. McDermid, The potential for a generic approach to certification of safety critical systems in the transportation sector, Reliability engineering and systems safety 63, page 47-66, March 1998.

R. Park et al., Goal driven software measurement guidebook, CME/SEI-96-HB-002, August 1996.

Ron J. Pehrson, Software Development for the Boeing 777, January 1996, http://www.stsc.hill.af.mil/crosstalk/1996/01/Boein777.asp, (accessed August 2006).

D. Prochnow, E.H. Page, B. Youmans, Development of a Federation Management Tool: Implications for HLA, Simulator Interoperability Workshop, SIW Spring 98, 1998.

Z. Pronk, M. Schoonmade, Mission preparation and training facility for the European Robotic Arm (ERA), 5th International Symposium on Artificial Intelligence, Robotics and Automation in Space (i-SAIRAS), ESA, Noordwijk, 1-3 June 1999.

V. Ramesh, A.R. Dennis, The object oriented team: lessons for virtual teams from global software development, HICSS 35, January 2002.

James Reason, Human error, Cambridge university press, Cambridge, 1990.

Donald J. Reifer, Industry software cost, quality and productivity benchmarks, http://www.compaid.com/caiinternet/ezine/Reifer-Benchmarks.pdf, April 2004, (accessed December 2007).

Mathias Reiss, Marie Moal, Yvonne Barnard, et al., Using ontologies to conceptualise the aeronautic domain, Proceedings of the international conference on human-computer interaction in aeronautics, Toulouse, page 56-63, Cepadues Editions, 2006.

Alfred Roelen, Steve Kinnersly, Fabrice Drogoul, Review of root causes of accidents due to design,

References 205

http://www.eurocontrol.int/eec/public/standard_page/2004_note_14.html, October 2004, (Accessed April 2006).

P. N. Robillard, M. P. Robillard, Types of Collaborative Work in Software Engineering, Journal of Systems and Software, volume 53 issue 3, September 2000, page 219-224.

John Rushby, Formal Methods and Digital Systems Validation for Airborne Systems, report CSL-93-7, NASA, December 1993.

Simo Salminen, Joma Saari, Kaija Leena Saarela, Tuula Räsänen, Fatal and non-fatal occupational accidents: identical versus differential causation, Safety science, 15, 1992, page 109-118.

Frans J. van Schaik, Introduction to air traffic management, lecture notes university of Delft, September 2005.

Douglas C. Schmidt, Middleware for real-time and embedded systems, Communications of the ACM 45(6), Pages 43-48, June 2002.

William B. Scott, David H. Gollings, Caution COTS ahead, Aviation week & Space technology, page 52-54, 2005.

Mostafa H. Sherif, When standardisation is slow?, International journal of IT standards & standardisation research 1, page 19-32, Jan-Mar 2003.

R. v. Solingen, E. Berghout, The goal / question / metric method, March 1999.

Standish, Extreme chaos, http://www.standishgroup.com/sample_research/index.php, 2001, (Accessed April 2004).

R. P. Sterkenburg, A. A. ten Dam, The scenario management tool SMARTFED for real-time interactive high performance networked simulations, HPCN Europe 99, Amsterdam, 20-24 April 1999.

Oliver Sträter, Cognition and safety, an integral approach to system design and assessment, Ashgate publishing limited, ISBN 0 7546 4325 5, 2005.

Teksci, Seminar DO-178B projects, management, testing & certification, March 2002.

206 References

Koji Torii, In-situ: Computer Aided Empirical Software Engineering (CAESE), Proceedings of PROFESS’99 Conference, Oulu, 24 June, 1999.

P. Tyma, Why are we using Java again? Communications of the ACM, (41, 6), page 38-42, http://www.acm.org/dl/, June 1998, (Accessed April 2006).

Frits Vaandrager, Does it pay off? Model-based verification and validation of embedded systems, Progress white paper 2006, 2006, www.fhi.nl/progress, (Accessed September 2006).

W.J. Vankan, E. Kesseler, E.H. Baalbergen, Distributed collaborative and multi-disciplinary design of civil aircraft wings, Product Data Technology Europe, Toulouse, 16-18 October 2006.

W.J. Vankan, E. Kesseler, M. Laban, Multi-objective optimisation of aircraft range and fuel consumption, First CEAS European Air and Space Conference, 10-13 September 2007, Berlin, CD-ROM published by Council of the European Aerospace Societies (CEAS) comprising members from 8 nations, 2007.

W.J. Vankan, E. Kesseler, R. Maas, Flying through design spaces: efficient evolutionary optimisation of aircraft wings, 6th EUROSIM Congress, Ljubljana, IEEE co-sponsored, CD-ROM published by the federation of European simulation societies (EUROSIM) comprising 14 members representing 22 countries, ISBN 978-3-901608-32-2, 9–13 September 2007.

T. Vardanega, Development of on-board embedded real-time systems, ESA STR-260, October 1999.

Kim Vicente, Cognitive work analysis, towards safe, productive and healthy computer-based work, Lawrence Erlbaum Associates, London, 1999.

Hans Voordijk, Bert Meijboom, Dominant supply chain co-ordination strategies in the Dutch aerospace industry, Aircraft engineering and aerospace technology 77(2), Page 109-113, 2005.

R.S. Walker, et al, Commission on the future of the US aerospace industry, Anyone, anything, anywhere, anytime, http://www.aerospacecommission.gov/AeroCommissionFinalReport.pdf, November 2002, (accessed April 2006).

References 207

Frank Wokke, Z. Pronk, Mission preparation and training equipment for the European Robotic Arm, simulations for mission validation and operations training, Proceedings 6th International workshop on simulation for European space programmes, SESP-2000, ESA, Noordwijk, October 2000.

D. D. Woods, R.I. Cook, Nine steps to move from error, Cognition, technology and work 4, page 137-144, 2003.

D.A. Wright, J.E. Lyons, Flight data monitoring: its place within the safety management system, 13th EASS, March 2001.

Linda Wright, Tjerk W. van der Schaaf, 2000, Accident versus near-miss causation: a critical review of the literature, an empirical test in the UK railway domain, and their implications for other sectors, Journal of hazardous materials, 111, page 105–110, 2004.

Ralph Yost, Airborne internet/collaborative information environment, Journal of ATC, page 48-49, June 2004.

Robert W. Zmud, An examination of ´push pull` theory applied to process innovation in knowledge work Management science 30 (6), Page 727–738, June 1984.