Using computers to control hazardous machinery raises difficult questions. Some are specific to computing: Why use computers at all, if satisfactory techniques already exist? Do computers introduce new kinds of problems unlike those encountered in traditional control systems? What techniques exist now for creating safe and reliable computer-controlled systems, and could they be improved? Other questions are perennial for society at large but are only now beginning to be considered in the computing field: How are we to decide whether a product is safe enough to place on the market? How can we ensure that product developers and service providers are competent and that poor practices are discouraged? Who is held responsible when systems fail and people get killed?
This report describes and analyses a series of fatal accidents involving a computer-controlled medical device. It briefly describes some experiences with other safety-critical systems in medicine, aviation, ground transport, nuclear power and military technology. It describes current practices in system development and software engineering, and discusses prospects for improvement through various approaches ranging from formal methods to regulations and legal remedies. This report provides over 100 references to pertinent literature.
Read the full report here.