Re: Airline Software-safety database (RISKS-14.08)

From:         Pete Mellor <pm@cs.city.ac.uk>
Date:         Sun, 22 Nov 92 17:21:22 GMT
Followups:    1
Next article
View raw article
  or MIME structure

Dave "Van Damme" Ratner <ratner@ficus.CS.UCLA.EDU> writes in RISKS-14.08: 

> I am posting this for Robert Ratner, Ratner Associates Inc, which does
> international consulting in air-traffic control and aviation safety issues.  
> He is looking for a public-accessible data base on software-related incidents 
> in this area.  Email correspondence can be sent to me at ratner@cs.ucla.edu.
> Thanks.            Dave "Van Damme" Ratner    ratner@cs.ucla.edu

In my experience, all major manufacturers of software keep databases of 
incidents reported by users of their software and the faults ("bugs") which 
give rise to those incidents. I know for a fact that IBM, ICL, DEC, Unisys 
(or whatever it is now), and Sun all do this. 

Such a database is essential to their efforts to improve the quality of their 
software by identifying and fixing bugs, and to reduce their maintenance 
workload by informing customers about known problems so that repeated reports 
are suppressed. 

The interesting phrase is "public-accessible". If you are a customer of a large 
manufacturer of system or application software, you will almost certainly have 
access to the *relevant* parts of the database (those which concern the 
products you have bought). This will be provided either on-line, or as printed 
or micro-fiche extracts, updated on a regular basis. 

The other interesting phrase is "in this area" (i.e., of air-traffic control 
and aviation safety). 

The users of safety critical on-board avionics software are the companies that 
buy the aircraft. They are provided with regular information about all sorts 
of design glitches in the aircraft they have bought, including those in the 
software. Such information is provided in the form of "OEBs" (Operating 
Engineering Bulletins), which are distributed to the flight crews. 

Information about software faults in safety-critical avionics systems *must*, 
therefore, be kept on a database somewhere. These databases are public in the 
sense that any pilot on that type of aircraft would have access, but Joe 
Public (as far as I know) does not. 

Incidents in flight must (or should) be reported via offical channels by the 
crews. These reports drive the manufacturers' quality improvement programmes. 
After the fault which caused an incident has been diagnosed, it may result in 
an OEB or similar, and in a modification. 

Databases of such incident reports are not generally widely accessible. 
Published reports sometimes appear, however. In addition, there are channels 
for anonymous reporting of incidents. In the UK, "CHIRP" is such a forum. In 
the US, I believe the FAA used to run such a scheme, but it was compromised 
when the guarantee of anonymity was removed. 

For further information I suggest you contact ALPA. 

Given the increasing use of safety-critical software, a central database for 
each major application area would be highly desirable, to say the least. 
Obviously, sensitive issues of commercial confidentiality are involved. In 
particular, it may be difficult to obtain corresponding figures for the 
operating time so as to be able to estimate reliability, and it may be 
difficult to correlate incidents with faults, and so determine which incidents 
are due to software. 

I stand to be corrected if anyone *does* know of an official channel for 
public access to flight incident and system fault reports. 

Regarding ATC incidents, again I am certain that these are recorded, but access 
is not likely to be easy. 

Peter Mellor, Centre for Software Reliability, City University, Northampton 
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk 
-----------------------------------------------------------------------------