Nothing is Certain but Doubt and Tests
This addresses the challenge of ensuring confidence in software safety for systems where direct correlation with accidents is infeasible, though it appears incremental in its approach.
The paper tackles the problem of evaluating software safety standards by proposing an argument-based method for reasoning about uncertainty, which can be used to conduct tests to assess standards, aiming to reduce uncertainty more effectively than poor standards.
Effective software safety standards will contribute to confidence, or assurance, in the safety of the systems in which the software is used. It is infeasible to demonstrate a correlation between standards and accidents, but there is an alternative view that makes standards "testable". Software projects are subject to uncertainty; good standards reduce uncertainty more than poor ones. Similarly assurance or integrity levels in standards should define an uncertainty gradient. The paper proposes an argument -based method of reasoning about uncertainty that can be used as a basis for conducting experiments (tests) to evaluate standards.