Newsgroups: sci.aeronautics.airliners Path: news From: Pete Mellor Subject: Re: Airline Software-safety database (RISKS-14.08) Message-ID: Approved: kls@ohare.Chicago.COM X-Original-Message-Id: <4664.9211221721@csrsun8.cs.city.ac.uk> Sender: kls@ohare.Chicago.COM Date: Sun, 22 Nov 92 17:21:22 GMT Dave "Van Damme" Ratner writes in RISKS-14.08: > I am posting this for Robert Ratner, Ratner Associates Inc, which does > international consulting in air-traffic control and aviation safety issues. > He is looking for a public-accessible data base on software-related incidents > in this area. Email correspondence can be sent to me at ratner@cs.ucla.edu. > Thanks. Dave "Van Damme" Ratner ratner@cs.ucla.edu In my experience, all major manufacturers of software keep databases of incidents reported by users of their software and the faults ("bugs") which give rise to those incidents. I know for a fact that IBM, ICL, DEC, Unisys (or whatever it is now), and Sun all do this. Such a database is essential to their efforts to improve the quality of their software by identifying and fixing bugs, and to reduce their maintenance workload by informing customers about known problems so that repeated reports are suppressed. The interesting phrase is "public-accessible". If you are a customer of a large manufacturer of system or application software, you will almost certainly have access to the *relevant* parts of the database (those which concern the products you have bought). This will be provided either on-line, or as printed or micro-fiche extracts, updated on a regular basis. The other interesting phrase is "in this area" (i.e., of air-traffic control and aviation safety). The users of safety critical on-board avionics software are the companies that buy the aircraft. They are provided with regular information about all sorts of design glitches in the aircraft they have bought, including those in the software. Such information is provided in the form of "OEBs" (Operating Engineering Bulletins), which are distributed to the flight crews. Information about software faults in safety-critical avionics systems *must*, therefore, be kept on a database somewhere. These databases are public in the sense that any pilot on that type of aircraft would have access, but Joe Public (as far as I know) does not. Incidents in flight must (or should) be reported via offical channels by the crews. These reports drive the manufacturers' quality improvement programmes. After the fault which caused an incident has been diagnosed, it may result in an OEB or similar, and in a modification. Databases of such incident reports are not generally widely accessible. Published reports sometimes appear, however. In addition, there are channels for anonymous reporting of incidents. In the UK, "CHIRP" is such a forum. In the US, I believe the FAA used to run such a scheme, but it was compromised when the guarantee of anonymity was removed. For further information I suggest you contact ALPA. Given the increasing use of safety-critical software, a central database for each major application area would be highly desirable, to say the least. Obviously, sensitive issues of commercial confidentiality are involved. In particular, it may be difficult to obtain corresponding figures for the operating time so as to be able to estimate reliability, and it may be difficult to correlate incidents with faults, and so determine which incidents are due to software. I stand to be corrected if anyone *does* know of an official channel for public access to flight incident and system fault reports. Regarding ATC incidents, again I am certain that these are recorded, but access is not likely to be easy. Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk -----------------------------------------------------------------------------