From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: ** X-Spam-Status: No, score=2.9 required=5.0 tests=BAYES_50,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public From: peb@transcontech.co.uk ("Paul E. Bennett") Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/23 Message-ID: <859123410snz@transcontech.co.uk>#1/1 X-Deja-AN: 227712601 Distribution: world References: <332B5495.167EB0E7@eiffel.com> X-Mail2News-User: peb@transcontech.co.uk X-Mail2News-Path: tcontec.demon.co.uk Organization: Transport Control Technology Ltd. Reply-To: peb@transcontech.co.uk Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada,comp.lang.java.tech Date: 1997-03-23T00:00:00+00:00 List-Id: In article sandy@almide.demon.co.uk "Alexander Anderson" writes: > In article , Ulrich Windl > writes > > > >When I read that story I could not help, but had to shake my head > >several times. I definitely agree with Dr. Meyer that this case should > >be handled in every class about software engineering. > > > Has anyone written a book of collected Software disaster stories? Yes. "Out of Control: Why control systems go wrong and how to prevent failure" published by the UK Health and Safety Executive UKP10.25 ISBN 0-7176-0847-6. It is however not entierly software oriented but takes a total systems viewpoint. Available by Mail Order from: HSE Books PO Box 1999 Tel: +44 (0)1787-881165 Sudbury Fax: +44 (0)1787-313995 Suffolk CO10 6FS Quoting from the first part of the conclusions section: "The majority of accidents described in this publication were not caused by some subtle failure of the control system, but by defects that were preventable if a systematic approach had been adopted throughout its design lifecycle. Failure to pay attention to detail, particularly during the specification phase of a project, and to properly manage technical issues were the root causes of these accidents. Two important general conclusions can be drawn: (a) The engineering and management principles employed to ensure safety throughout the life of a control system are the same whatever the underlying technology used; (b) Although it is not possible to anticipate all causes of control system failure, most can be anticipated if a systematic approach is employed throughout the life of the system." A second book "Software Failure: management failure; amazing stories and cautionary tales" by Stephen Flowers published by John Wiley & Sons ISBN 0-471-96113-7 is also a worthwhile read. (See http://www.wiley.com/compbooks/) > I think this would be a great seller. .. We'd have to ask UK-HSE and Stephen Flowers about that. > ..........................................Does the Pentium division > disaster count as software, methinks? Only if you think of logic design as software. In my book all design is software until it is implemented. After implementation it is just part of the (homogeneous) system. -- Paul E. Bennett Transport Control Technology Ltd. +44 (0)117-9499861 Going Forth Safely