SlideShare a Scribd company logo
Risk management and business
protection with Coding
Standardization & Static Analyzer
SI Revenue & Specialties
The key of SI success is software development and IT management
Mars Polar Lander Crash
• Cost
– $125,000,000
• Disaster
– After a 286-day journey from
Earth, the Mars Climate Orbiter
fell too far into Mars’
atmosphere, causing it to crash
• Cause
– The software that controlled the
Orbiter thrusters used imperial
units (pounds of force), rather
than metric units (Newtons) as
specified by NASA
Ariane 5 Explosion
• Cost
– $500,000,000
• Disaster
– ESA’s Ariane 5 unmanned rocket
was intentionally destroyed
seconds after launch on its maiden
flight
– Also destroyed was its cargo of four
scientific satellites
• Cause
– When the guidance system tried to
convert the sideways rocket
velocity from 64-bits to 16-bits
format, an overflow error resulted
– When the system shut down,
control passed to an identical
redundant unit…
AT&T Lines Go Dead
• Cost
– 75,000,000 phone calls missed
– 200,000 airline reservations lost
• Disaster
– A single switch at one of AT&T’s 114
switching centers suffered a minor
mechanical problem and shut down the
center
– When the center came back up, it sent a
message to other switching centers, which
in turn caused them to shut down
– This brought down the entire AT&T network
for 9 hours
• Cause
– A single line of buggy code in a complex
software upgrade implemented to speed up
calling caused a ripple effect that shut down
the network
Medical Machine Kills (1985)
• Cost
– 3 people dead
– 3 people critically injured
• Disaster
– Therac-25 radiation
therapy machine delivered
lethal radiation doses to
patients
• Cause
– A subtle bug called a race
condition
World War III… Almost
• Cost
– Almost all of humanity
• Disaster
– Soviet early warning system
indicated the U.S. had
launched 5 ICBMs
– The human operator
thankfully interpreted this as
an error
• Cause
– A bug in the software failed to
filter out false missile
detections caused by sunlight
reflecting off cloud-tops
Your software?
How do you assess the quality of your software?
How do you protect yourself?
Why should system integrator care?
System Integrator Client
Service delivered
Law suit
Product Liability Legal Theories
• NEGLIGENCE
– Did you fail to act as a reasonably prudent person/plant
operator/manufacturer/installer/repairer would have acted under the
same or similar circumstances
• STRICT LIABILITY
– Whether a person has been injured by a product that was defective in
design or manufacture
– Unreasonably dangerous when it left the manufacturer’s control. You
may have been eminently reasonable, yet liable for a defect.
• BREACH OF WARRANTY
– This is a lesser applied theory but still available to an injured party. The
focus is on whether the product conformed to representations made by
the seller in writing, verbally, or implied by law.
Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
Defective Condition
• Consumer Expectation Test:
– Whether the product failed to perform as safely as an
ordinary consumer would expect.
• Risk Utility Test:
– Whether the harm could have been avoided by
adopting a reasonable alternative design and on
balance the benefit of that design outweighs the risk.
– This test usually applies in cases involving more
complex products.
Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
What is safer alternative design?
• A way that plaintiffs can demonstrate a defective product
is to show that a safer alternative design was available
• A design which satisfies ALL of the below
– Prevents or significantly reduces the risk of injury
– Does not substantially impair the product’s utility
– Is not too expensive (economically feasible)
– Is technologically feasible at the time the product left the
manufacturer’s control
Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
Software quality
usability
performance
operation reliability
functionality
bug detection rate
maintenance cost
code complexity
reusability
testability
reliability
changeabilityefficiency
maintainability
coupling
exception handling
fault tolerance
understandability
readability
architecture
Source: PSaQC (~“Psychic”) PLC Software automated Quality Contro, DNVl
Quality and safe design
• Applicable standards and guidelines governing your
product are a key part of every product liability
• ISO, 14121.199E:
– Documentation on risk assessment shall demonstrate the
procedure which has been followed and the results which have
been achieved
• FDA, General Principles of Software Validation
– Software validation is a critical tool used to assure the quality of
device software and software automated operations. Software
validation can …reduced liability to device manufacturers
• ISO, IEC, IAEA, EWICS, etc.
Common developer issues
• Secure and defensive programming
• Many malware exploiting vulnerability because of the lack of defensive
programming
• Defensive programming is not educated widely
• Input inconsistency check, surveillance mechanism, etc.
• Developers ignore the standards because it is cumbersome, they have not had
experiences, or sometime just they don’t like it
• Mistakes leftover in the code unknowingly
• Reuse of code is very common
• Reuse of code causes confusion and mistakes
• Complete manual verification on all test variables and instructions (AFI, etc.) is
virtually impossible
• Lack of verification
• There is no standard to objectively evaluate the quality of programmers
• There are many standards but very little systemic verification (especially for PLC)
• Outsourced development makes it harder to verify the quality
What to do to protect yourself?
• Implement code standardization
– Multiple standards and refer to your industry standard
– Recommend code standardization to your customers
• Encourage and educate to use
– Old habits are hard to kick
– Educate the importance and encourage the developers
• Verify and reinforce with static analyzer
– Manual verification is not enough and can be faulty
– Static anlyzers are priced reasonably
– Don’t forget your PLC/PAC programs
November 17, 2015 17
Your contact person
Valerie Fontaine
Director of International Business Development
valerie.fontaine@itris-automation.com
Mobile: +33 6 52 69 97 52
• Corporate website: www.itris-automation.com
• Presentations: www.slideshare.net/ItrisAutomationSquare/
For more information

More Related Content

What's hot

Non-Functional Requirements
Non-Functional RequirementsNon-Functional Requirements
Non-Functional Requirements
Yuriy Guts
 
Why do we test software?
Why do we test software?Why do we test software?
Why do we test software?
Md. Shafiuzzaman Hira
 
Eric Barry
Eric BarryEric Barry
Eric Barry
Eric Barry
 
Ch15 software reliability
Ch15 software reliabilityCh15 software reliability
Ch15 software reliability
Abraham Paul
 
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Mahindra Satyam
 
Presentation (software engineering)
Presentation (software engineering)Presentation (software engineering)
Presentation (software engineering)
Abdullah Al Shiam
 
Functional and non functional
Functional and non functionalFunctional and non functional
Functional and non functional
Dikshyanta Dhungana
 
Non Functional Testing
Non Functional TestingNon Functional Testing
Non Functional Testing
Nishant Worah
 
FMECA CocaCola Industry
FMECA CocaCola IndustryFMECA CocaCola Industry
FMECA CocaCola Industry
Muhammad Umar Farooq
 
The Top Ten things that have been proven to effect software reliability
The Top Ten things that have been proven to effect software reliabilityThe Top Ten things that have been proven to effect software reliability
The Top Ten things that have been proven to effect software reliability
Ann Marie Neufelder
 
Website's functional and non functional requirements
Website's functional and non functional requirementsWebsite's functional and non functional requirements
Website's functional and non functional requirements
OZ Assignment Help Australia
 
Software reliability
Software reliabilitySoftware reliability
Software reliability
Anand Kumar
 
Software engineering critical systems
Software engineering   critical systemsSoftware engineering   critical systems
Software engineering critical systems
Dr. Loganathan R
 
Non functional requirement
Non functional requirementNon functional requirement
Non functional requirement
Getacher Zewudie
 
Introduction to FMEA/FMECA
Introduction to FMEA/FMECAIntroduction to FMEA/FMECA
Introduction to FMEA/FMECA
Michael Herman
 
Software Testing Concepts
Software Testing  ConceptsSoftware Testing  Concepts
Software Testing Concepts
Shahram Foroozan
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
Ann Marie Neufelder
 
A comprehensive guide to testing installers & what to look for while test...
A comprehensive guide to testing installers & what to look for while test...A comprehensive guide to testing installers & what to look for while test...
A comprehensive guide to testing installers & what to look for while test...
BugRaptors
 
formal verification
formal verificationformal verification
formal verification
Toseef Aslam
 
Software testing tools and its taxonomy
Software testing tools and its taxonomySoftware testing tools and its taxonomy
Software testing tools and its taxonomy
Himanshu
 

What's hot (20)

Non-Functional Requirements
Non-Functional RequirementsNon-Functional Requirements
Non-Functional Requirements
 
Why do we test software?
Why do we test software?Why do we test software?
Why do we test software?
 
Eric Barry
Eric BarryEric Barry
Eric Barry
 
Ch15 software reliability
Ch15 software reliabilityCh15 software reliability
Ch15 software reliability
 
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
 
Presentation (software engineering)
Presentation (software engineering)Presentation (software engineering)
Presentation (software engineering)
 
Functional and non functional
Functional and non functionalFunctional and non functional
Functional and non functional
 
Non Functional Testing
Non Functional TestingNon Functional Testing
Non Functional Testing
 
FMECA CocaCola Industry
FMECA CocaCola IndustryFMECA CocaCola Industry
FMECA CocaCola Industry
 
The Top Ten things that have been proven to effect software reliability
The Top Ten things that have been proven to effect software reliabilityThe Top Ten things that have been proven to effect software reliability
The Top Ten things that have been proven to effect software reliability
 
Website's functional and non functional requirements
Website's functional and non functional requirementsWebsite's functional and non functional requirements
Website's functional and non functional requirements
 
Software reliability
Software reliabilitySoftware reliability
Software reliability
 
Software engineering critical systems
Software engineering   critical systemsSoftware engineering   critical systems
Software engineering critical systems
 
Non functional requirement
Non functional requirementNon functional requirement
Non functional requirement
 
Introduction to FMEA/FMECA
Introduction to FMEA/FMECAIntroduction to FMEA/FMECA
Introduction to FMEA/FMECA
 
Software Testing Concepts
Software Testing  ConceptsSoftware Testing  Concepts
Software Testing Concepts
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
 
A comprehensive guide to testing installers & what to look for while test...
A comprehensive guide to testing installers & what to look for while test...A comprehensive guide to testing installers & what to look for while test...
A comprehensive guide to testing installers & what to look for while test...
 
formal verification
formal verificationformal verification
formal verification
 
Software testing tools and its taxonomy
Software testing tools and its taxonomySoftware testing tools and its taxonomy
Software testing tools and its taxonomy
 

Viewers also liked

Jim Zemlin LCU14 Keynote
Jim Zemlin  LCU14 KeynoteJim Zemlin  LCU14 Keynote
Jim Zemlin LCU14 Keynote
Linaro
 
Standards and Standardization - A Research Project
Standards and Standardization - A Research ProjectStandards and Standardization - A Research Project
Standards and Standardization - A Research Project
Sandeep Purao
 
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red DeerJune 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
Symphony Software Foundation
 
Symphony Software Foundation Financial Objectives Standardization
Symphony Software Foundation Financial Objectives Standardization Symphony Software Foundation Financial Objectives Standardization
Symphony Software Foundation Financial Objectives Standardization
Symphony Software Foundation
 
Infosys Connected Vehicle Service Offerings
Infosys Connected Vehicle Service OfferingsInfosys Connected Vehicle Service Offerings
Infosys Connected Vehicle Service Offerings
Infosys
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
Jamie Clark
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
Jamie Clark
 
Towards Standardisation in User Interface Development: the UsiXML Contribution
Towards Standardisation in User Interface Development: the UsiXML ContributionTowards Standardisation in User Interface Development: the UsiXML Contribution
Towards Standardisation in User Interface Development: the UsiXML Contribution
Jean Vanderdonckt
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
Ian Sommerville
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation Challenges
Ahmed Banafa
 
Current Trends and Challenges in Big Data Benchmarking
Current Trends and Challenges in Big Data BenchmarkingCurrent Trends and Challenges in Big Data Benchmarking
Current Trends and Challenges in Big Data Benchmarking
eXascale Infolab
 
Standardization(work study & measurement)
Standardization(work study & measurement)Standardization(work study & measurement)
Standardization(work study & measurement)
Nisarg Shah
 
Standardization
StandardizationStandardization
Standardization
Sampreet Goraya
 
Standardization and customization
Standardization and customizationStandardization and customization
Standardization and customization
YASHADA, Pune
 
Open Source and Standardization
Open Source and StandardizationOpen Source and Standardization
Open Source and Standardization
OW2
 
IBM InfoSphere MDM v11 Overview - Aomar BARIZ
IBM InfoSphere MDM v11 Overview - Aomar BARIZIBM InfoSphere MDM v11 Overview - Aomar BARIZ
IBM InfoSphere MDM v11 Overview - Aomar BARIZ
IBMInfoSphereUGFR
 

Viewers also liked (16)

Jim Zemlin LCU14 Keynote
Jim Zemlin  LCU14 KeynoteJim Zemlin  LCU14 Keynote
Jim Zemlin LCU14 Keynote
 
Standards and Standardization - A Research Project
Standards and Standardization - A Research ProjectStandards and Standardization - A Research Project
Standards and Standardization - A Research Project
 
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red DeerJune 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
 
Symphony Software Foundation Financial Objectives Standardization
Symphony Software Foundation Financial Objectives Standardization Symphony Software Foundation Financial Objectives Standardization
Symphony Software Foundation Financial Objectives Standardization
 
Infosys Connected Vehicle Service Offerings
Infosys Connected Vehicle Service OfferingsInfosys Connected Vehicle Service Offerings
Infosys Connected Vehicle Service Offerings
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
 
Towards Standardisation in User Interface Development: the UsiXML Contribution
Towards Standardisation in User Interface Development: the UsiXML ContributionTowards Standardisation in User Interface Development: the UsiXML Contribution
Towards Standardisation in User Interface Development: the UsiXML Contribution
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation Challenges
 
Current Trends and Challenges in Big Data Benchmarking
Current Trends and Challenges in Big Data BenchmarkingCurrent Trends and Challenges in Big Data Benchmarking
Current Trends and Challenges in Big Data Benchmarking
 
Standardization(work study & measurement)
Standardization(work study & measurement)Standardization(work study & measurement)
Standardization(work study & measurement)
 
Standardization
StandardizationStandardization
Standardization
 
Standardization and customization
Standardization and customizationStandardization and customization
Standardization and customization
 
Open Source and Standardization
Open Source and StandardizationOpen Source and Standardization
Open Source and Standardization
 
IBM InfoSphere MDM v11 Overview - Aomar BARIZ
IBM InfoSphere MDM v11 Overview - Aomar BARIZIBM InfoSphere MDM v11 Overview - Aomar BARIZ
IBM InfoSphere MDM v11 Overview - Aomar BARIZ
 

Similar to Risk management and business protection with Coding Standardization & Static Analyzer

Innovation day 2013 2.5 joris vanderschrick (verhaert) - embedded system de...
Innovation day 2013   2.5 joris vanderschrick (verhaert) - embedded system de...Innovation day 2013   2.5 joris vanderschrick (verhaert) - embedded system de...
Innovation day 2013 2.5 joris vanderschrick (verhaert) - embedded system de...
Verhaert Masters in Innovation
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systems
Einar Landre
 
Safety and security in distributed systems
Safety and security in distributed systems Safety and security in distributed systems
Safety and security in distributed systems
Einar Landre
 
Software engineering quality assurance and testing
Software engineering quality assurance and testingSoftware engineering quality assurance and testing
Software engineering quality assurance and testing
Bipul Roy Bpl
 
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptxUNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
SKILL2021
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
Adrian Munteanu
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...
Sterling Medical Devices
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Jaap van Ekris
 
Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequence
Mahbub Rashid
 
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Jaap van Ekris
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems
Jaap van Ekris
 
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard ZionTranscat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
Transcat
 
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptxcupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
BigbearBigbear
 
Safety and security in mission critical IoT systems
Safety and security in mission critical IoT systemsSafety and security in mission critical IoT systems
Safety and security in mission critical IoT systems
Einar Landre
 
Software development
Software developmentSoftware development
Software development
Rosie Jane Enomar
 
Reliability Levels of Subsea Production Systems During Operations
Reliability Levels of Subsea Production Systems During OperationsReliability Levels of Subsea Production Systems During Operations
Reliability Levels of Subsea Production Systems During Operations
Lloyd's Register Energy
 
Arizona State University Test Lecture
Arizona State University Test LectureArizona State University Test Lecture
Arizona State University Test Lecture
Pete Sarson, PH.D
 
Unit v11 proactive maintenance analysis
Unit v11 proactive maintenance analysisUnit v11 proactive maintenance analysis
Unit v11 proactive maintenance analysis
Charlton Inao
 

Similar to Risk management and business protection with Coding Standardization & Static Analyzer (20)

Innovation day 2013 2.5 joris vanderschrick (verhaert) - embedded system de...
Innovation day 2013   2.5 joris vanderschrick (verhaert) - embedded system de...Innovation day 2013   2.5 joris vanderschrick (verhaert) - embedded system de...
Innovation day 2013 2.5 joris vanderschrick (verhaert) - embedded system de...
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systems
 
Safety and security in distributed systems
Safety and security in distributed systems Safety and security in distributed systems
Safety and security in distributed systems
 
Software engineering quality assurance and testing
Software engineering quality assurance and testingSoftware engineering quality assurance and testing
Software engineering quality assurance and testing
 
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptxUNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
UNIT 1C CHARACTERISTICS _ QUALITY ATT OF ES.pptx
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
 
Threat modelling & apps testing
Threat modelling & apps testingThreat modelling & apps testing
Threat modelling & apps testing
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
 
Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequence
 
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems
 
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard ZionTranscat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
Transcat Webinar: :Suitability Of Instruments: Presented By: Howard Zion
 
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptxcupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
cupdf.com_cheme-process-control-lab-equipment-heat-exchanger.pptx
 
Safety and security in mission critical IoT systems
Safety and security in mission critical IoT systemsSafety and security in mission critical IoT systems
Safety and security in mission critical IoT systems
 
Software development
Software developmentSoftware development
Software development
 
Reliability Levels of Subsea Production Systems During Operations
Reliability Levels of Subsea Production Systems During OperationsReliability Levels of Subsea Production Systems During Operations
Reliability Levels of Subsea Production Systems During Operations
 
Arizona State University Test Lecture
Arizona State University Test LectureArizona State University Test Lecture
Arizona State University Test Lecture
 
Unit v11 proactive maintenance analysis
Unit v11 proactive maintenance analysisUnit v11 proactive maintenance analysis
Unit v11 proactive maintenance analysis
 

More from Itris Automation Square

[FR] Récit Utilisateur Eiffage Energie
[FR] Récit Utilisateur Eiffage Energie[FR] Récit Utilisateur Eiffage Energie
[FR] Récit Utilisateur Eiffage Energie
Itris Automation Square
 
[FR] Récit Utilisateur Industrie Pharmaceutique
[FR] Récit Utilisateur Industrie Pharmaceutique[FR] Récit Utilisateur Industrie Pharmaceutique
[FR] Récit Utilisateur Industrie Pharmaceutique
Itris Automation Square
 
[EN] Success Story ArianeGroup
[EN] Success Story ArianeGroup[EN] Success Story ArianeGroup
[EN] Success Story ArianeGroup
Itris Automation Square
 
[FR] Récit Utilisateur ArianeGroup
[FR] Récit Utilisateur ArianeGroup[FR] Récit Utilisateur ArianeGroup
[FR] Récit Utilisateur ArianeGroup
Itris Automation Square
 
PLCopen Webinar Presentation
PLCopen Webinar PresentationPLCopen Webinar Presentation
PLCopen Webinar Presentation
Itris Automation Square
 
[FR] Récit utilisateur inudstrie pharmaceutique
[FR] Récit utilisateur inudstrie pharmaceutique[FR] Récit utilisateur inudstrie pharmaceutique
[FR] Récit utilisateur inudstrie pharmaceutique
Itris Automation Square
 
[EN] Success story pharma
[EN] Success story pharma[EN] Success story pharma
[EN] Success story pharma
Itris Automation Square
 
[EN] Success story Herakles
[EN] Success story Herakles[EN] Success story Herakles
[EN] Success story Herakles
Itris Automation Square
 
SPS IPC Drives 2015 - Itris Automation paper
SPS IPC Drives 2015 - Itris Automation paperSPS IPC Drives 2015 - Itris Automation paper
SPS IPC Drives 2015 - Itris Automation paper
Itris Automation Square
 
[IT] PLC Converter Presentation
[IT] PLC Converter Presentation[IT] PLC Converter Presentation
[IT] PLC Converter Presentation
Itris Automation Square
 
[EN] PLC Checker Datasheet
[EN] PLC Checker Datasheet[EN] PLC Checker Datasheet
[EN] PLC Checker Datasheet
Itris Automation Square
 
[EN] PLC DocGen Datasheet
[EN] PLC DocGen Datasheet[EN] PLC DocGen Datasheet
[EN] PLC DocGen Datasheet
Itris Automation Square
 
[FR] Fiche produit PLC Converter
[FR] Fiche produit PLC Converter[FR] Fiche produit PLC Converter
[FR] Fiche produit PLC Converter
Itris Automation Square
 
[FR] Fiche produit PLC DocGen
[FR] Fiche produit PLC DocGen[FR] Fiche produit PLC DocGen
[FR] Fiche produit PLC DocGen
Itris Automation Square
 
[FR] Papier Cetsis 2014 - PLC Checker
[FR] Papier Cetsis 2014 - PLC Checker[FR] Papier Cetsis 2014 - PLC Checker
[FR] Papier Cetsis 2014 - PLC Checker
Itris Automation Square
 
[FR] Poster Cetsis 2014 - PLC Checker
[FR] Poster Cetsis 2014 - PLC Checker[FR] Poster Cetsis 2014 - PLC Checker
[FR] Poster Cetsis 2014 - PLC Checker
Itris Automation Square
 
[EN] Itris Automation - Company presentation
[EN] Itris Automation - Company presentation [EN] Itris Automation - Company presentation
[EN] Itris Automation - Company presentation
Itris Automation Square
 
[EN] Mesures article: "PLC programs quality checked by their designers"
[EN] Mesures article: "PLC programs quality checked by their designers"[EN] Mesures article: "PLC programs quality checked by their designers"
[EN] Mesures article: "PLC programs quality checked by their designers"
Itris Automation Square
 
[DE] Itris Automation - Unternehmenspräsentation
[DE] Itris Automation - Unternehmenspräsentation[DE] Itris Automation - Unternehmenspräsentation
[DE] Itris Automation - Unternehmenspräsentation
Itris Automation Square
 
[EN] Press kit IAS
[EN] Press kit IAS[EN] Press kit IAS
[EN] Press kit IAS
Itris Automation Square
 

More from Itris Automation Square (20)

[FR] Récit Utilisateur Eiffage Energie
[FR] Récit Utilisateur Eiffage Energie[FR] Récit Utilisateur Eiffage Energie
[FR] Récit Utilisateur Eiffage Energie
 
[FR] Récit Utilisateur Industrie Pharmaceutique
[FR] Récit Utilisateur Industrie Pharmaceutique[FR] Récit Utilisateur Industrie Pharmaceutique
[FR] Récit Utilisateur Industrie Pharmaceutique
 
[EN] Success Story ArianeGroup
[EN] Success Story ArianeGroup[EN] Success Story ArianeGroup
[EN] Success Story ArianeGroup
 
[FR] Récit Utilisateur ArianeGroup
[FR] Récit Utilisateur ArianeGroup[FR] Récit Utilisateur ArianeGroup
[FR] Récit Utilisateur ArianeGroup
 
PLCopen Webinar Presentation
PLCopen Webinar PresentationPLCopen Webinar Presentation
PLCopen Webinar Presentation
 
[FR] Récit utilisateur inudstrie pharmaceutique
[FR] Récit utilisateur inudstrie pharmaceutique[FR] Récit utilisateur inudstrie pharmaceutique
[FR] Récit utilisateur inudstrie pharmaceutique
 
[EN] Success story pharma
[EN] Success story pharma[EN] Success story pharma
[EN] Success story pharma
 
[EN] Success story Herakles
[EN] Success story Herakles[EN] Success story Herakles
[EN] Success story Herakles
 
SPS IPC Drives 2015 - Itris Automation paper
SPS IPC Drives 2015 - Itris Automation paperSPS IPC Drives 2015 - Itris Automation paper
SPS IPC Drives 2015 - Itris Automation paper
 
[IT] PLC Converter Presentation
[IT] PLC Converter Presentation[IT] PLC Converter Presentation
[IT] PLC Converter Presentation
 
[EN] PLC Checker Datasheet
[EN] PLC Checker Datasheet[EN] PLC Checker Datasheet
[EN] PLC Checker Datasheet
 
[EN] PLC DocGen Datasheet
[EN] PLC DocGen Datasheet[EN] PLC DocGen Datasheet
[EN] PLC DocGen Datasheet
 
[FR] Fiche produit PLC Converter
[FR] Fiche produit PLC Converter[FR] Fiche produit PLC Converter
[FR] Fiche produit PLC Converter
 
[FR] Fiche produit PLC DocGen
[FR] Fiche produit PLC DocGen[FR] Fiche produit PLC DocGen
[FR] Fiche produit PLC DocGen
 
[FR] Papier Cetsis 2014 - PLC Checker
[FR] Papier Cetsis 2014 - PLC Checker[FR] Papier Cetsis 2014 - PLC Checker
[FR] Papier Cetsis 2014 - PLC Checker
 
[FR] Poster Cetsis 2014 - PLC Checker
[FR] Poster Cetsis 2014 - PLC Checker[FR] Poster Cetsis 2014 - PLC Checker
[FR] Poster Cetsis 2014 - PLC Checker
 
[EN] Itris Automation - Company presentation
[EN] Itris Automation - Company presentation [EN] Itris Automation - Company presentation
[EN] Itris Automation - Company presentation
 
[EN] Mesures article: "PLC programs quality checked by their designers"
[EN] Mesures article: "PLC programs quality checked by their designers"[EN] Mesures article: "PLC programs quality checked by their designers"
[EN] Mesures article: "PLC programs quality checked by their designers"
 
[DE] Itris Automation - Unternehmenspräsentation
[DE] Itris Automation - Unternehmenspräsentation[DE] Itris Automation - Unternehmenspräsentation
[DE] Itris Automation - Unternehmenspräsentation
 
[EN] Press kit IAS
[EN] Press kit IAS[EN] Press kit IAS
[EN] Press kit IAS
 

Recently uploaded

UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-IDUNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
GOWSIKRAJA PALANISAMY
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
Rafael Santos
 
Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
Kamal Acharya
 
Quadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and ControlQuadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and Control
Blesson Easo Varghese
 
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdfGUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
ProexportColombia1
 
Fundamentals of Computer Networking.pptx
Fundamentals of Computer Networking.pptxFundamentals of Computer Networking.pptx
Fundamentals of Computer Networking.pptx
pritimalkhede
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
sanabts249
 
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
YanKing2
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
itssurajthakur06
 
Thermodynamics Digital Material basics subject
Thermodynamics Digital Material basics subjectThermodynamics Digital Material basics subject
Thermodynamics Digital Material basics subject
JigneshChhatbar1
 
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
Jim Mimlitz, P.E.
 
OSHA LOTO training, LOTO, lock out tag out
OSHA LOTO training, LOTO, lock out tag outOSHA LOTO training, LOTO, lock out tag out
OSHA LOTO training, LOTO, lock out tag out
Ateeb19
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
RujanTimsina1
 
IS Code SP 23: Handbook on concrete mixes
IS Code SP 23: Handbook  on concrete mixesIS Code SP 23: Handbook  on concrete mixes
IS Code SP 23: Handbook on concrete mixes
Mani Krishna Sarkar
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
Mani Krishna Sarkar
 
Jet Propulsion and its working principle.pdf
Jet Propulsion and its working principle.pdfJet Propulsion and its working principle.pdf
Jet Propulsion and its working principle.pdf
KIET Group of Institutions
 
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.docCCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
Dss
 
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY pptCONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
ASHOK KUMAR SINGH
 
Rotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptxRotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptx
surekha1287
 
Chlorine and Nitric Acid application, properties, impacts.pptx
Chlorine and Nitric Acid application, properties, impacts.pptxChlorine and Nitric Acid application, properties, impacts.pptx
Chlorine and Nitric Acid application, properties, impacts.pptx
yadavsuyash008
 

Recently uploaded (20)

UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-IDUNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
 
Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
 
Quadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and ControlQuadcopter Dynamics, Stability and Control
Quadcopter Dynamics, Stability and Control
 
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdfGUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
GUIA_LEGAL_CHAPTER-9_COLOMBIAN ELECTRICITY (1).pdf
 
Fundamentals of Computer Networking.pptx
Fundamentals of Computer Networking.pptxFundamentals of Computer Networking.pptx
Fundamentals of Computer Networking.pptx
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
 
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
 
Thermodynamics Digital Material basics subject
Thermodynamics Digital Material basics subjectThermodynamics Digital Material basics subject
Thermodynamics Digital Material basics subject
 
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
SCADAmetrics Instrumentation for Sensus Water Meters - Core and Main Training...
 
OSHA LOTO training, LOTO, lock out tag out
OSHA LOTO training, LOTO, lock out tag outOSHA LOTO training, LOTO, lock out tag out
OSHA LOTO training, LOTO, lock out tag out
 
Lecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............pptLecture 3 Biomass energy...............ppt
Lecture 3 Biomass energy...............ppt
 
IS Code SP 23: Handbook on concrete mixes
IS Code SP 23: Handbook  on concrete mixesIS Code SP 23: Handbook  on concrete mixes
IS Code SP 23: Handbook on concrete mixes
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
 
Jet Propulsion and its working principle.pdf
Jet Propulsion and its working principle.pdfJet Propulsion and its working principle.pdf
Jet Propulsion and its working principle.pdf
 
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.docCCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
 
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY pptCONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
CONFINED SPACE ENTRY TRAINING FOR OIL INDUSTRY ppt
 
Rotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptxRotary Intersection in traffic engineering.pptx
Rotary Intersection in traffic engineering.pptx
 
Chlorine and Nitric Acid application, properties, impacts.pptx
Chlorine and Nitric Acid application, properties, impacts.pptxChlorine and Nitric Acid application, properties, impacts.pptx
Chlorine and Nitric Acid application, properties, impacts.pptx
 

Risk management and business protection with Coding Standardization & Static Analyzer

  • 1. Risk management and business protection with Coding Standardization & Static Analyzer
  • 2. SI Revenue & Specialties The key of SI success is software development and IT management
  • 3. Mars Polar Lander Crash • Cost – $125,000,000 • Disaster – After a 286-day journey from Earth, the Mars Climate Orbiter fell too far into Mars’ atmosphere, causing it to crash • Cause – The software that controlled the Orbiter thrusters used imperial units (pounds of force), rather than metric units (Newtons) as specified by NASA
  • 4. Ariane 5 Explosion • Cost – $500,000,000 • Disaster – ESA’s Ariane 5 unmanned rocket was intentionally destroyed seconds after launch on its maiden flight – Also destroyed was its cargo of four scientific satellites • Cause – When the guidance system tried to convert the sideways rocket velocity from 64-bits to 16-bits format, an overflow error resulted – When the system shut down, control passed to an identical redundant unit…
  • 5. AT&T Lines Go Dead • Cost – 75,000,000 phone calls missed – 200,000 airline reservations lost • Disaster – A single switch at one of AT&T’s 114 switching centers suffered a minor mechanical problem and shut down the center – When the center came back up, it sent a message to other switching centers, which in turn caused them to shut down – This brought down the entire AT&T network for 9 hours • Cause – A single line of buggy code in a complex software upgrade implemented to speed up calling caused a ripple effect that shut down the network
  • 6. Medical Machine Kills (1985) • Cost – 3 people dead – 3 people critically injured • Disaster – Therac-25 radiation therapy machine delivered lethal radiation doses to patients • Cause – A subtle bug called a race condition
  • 7. World War III… Almost • Cost – Almost all of humanity • Disaster – Soviet early warning system indicated the U.S. had launched 5 ICBMs – The human operator thankfully interpreted this as an error • Cause – A bug in the software failed to filter out false missile detections caused by sunlight reflecting off cloud-tops
  • 8. Your software? How do you assess the quality of your software?
  • 9. How do you protect yourself? Why should system integrator care? System Integrator Client Service delivered Law suit
  • 10. Product Liability Legal Theories • NEGLIGENCE – Did you fail to act as a reasonably prudent person/plant operator/manufacturer/installer/repairer would have acted under the same or similar circumstances • STRICT LIABILITY – Whether a person has been injured by a product that was defective in design or manufacture – Unreasonably dangerous when it left the manufacturer’s control. You may have been eminently reasonable, yet liable for a defect. • BREACH OF WARRANTY – This is a lesser applied theory but still available to an injured party. The focus is on whether the product conformed to representations made by the seller in writing, verbally, or implied by law. Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
  • 11. Defective Condition • Consumer Expectation Test: – Whether the product failed to perform as safely as an ordinary consumer would expect. • Risk Utility Test: – Whether the harm could have been avoided by adopting a reasonable alternative design and on balance the benefit of that design outweighs the risk. – This test usually applies in cases involving more complex products. Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
  • 12. What is safer alternative design? • A way that plaintiffs can demonstrate a defective product is to show that a safer alternative design was available • A design which satisfies ALL of the below – Prevents or significantly reduces the risk of injury – Does not substantially impair the product’s utility – Is not too expensive (economically feasible) – Is technologically feasible at the time the product left the manufacturer’s control Source: Legal Considerations for Safety - Rockwell Automation Safety Automation Forum - November 2011
  • 13. Software quality usability performance operation reliability functionality bug detection rate maintenance cost code complexity reusability testability reliability changeabilityefficiency maintainability coupling exception handling fault tolerance understandability readability architecture Source: PSaQC (~“Psychic”) PLC Software automated Quality Contro, DNVl
  • 14. Quality and safe design • Applicable standards and guidelines governing your product are a key part of every product liability • ISO, 14121.199E: – Documentation on risk assessment shall demonstrate the procedure which has been followed and the results which have been achieved • FDA, General Principles of Software Validation – Software validation is a critical tool used to assure the quality of device software and software automated operations. Software validation can …reduced liability to device manufacturers • ISO, IEC, IAEA, EWICS, etc.
  • 15. Common developer issues • Secure and defensive programming • Many malware exploiting vulnerability because of the lack of defensive programming • Defensive programming is not educated widely • Input inconsistency check, surveillance mechanism, etc. • Developers ignore the standards because it is cumbersome, they have not had experiences, or sometime just they don’t like it • Mistakes leftover in the code unknowingly • Reuse of code is very common • Reuse of code causes confusion and mistakes • Complete manual verification on all test variables and instructions (AFI, etc.) is virtually impossible • Lack of verification • There is no standard to objectively evaluate the quality of programmers • There are many standards but very little systemic verification (especially for PLC) • Outsourced development makes it harder to verify the quality
  • 16. What to do to protect yourself? • Implement code standardization – Multiple standards and refer to your industry standard – Recommend code standardization to your customers • Encourage and educate to use – Old habits are hard to kick – Educate the importance and encourage the developers • Verify and reinforce with static analyzer – Manual verification is not enough and can be faulty – Static anlyzers are priced reasonably – Don’t forget your PLC/PAC programs
  • 17. November 17, 2015 17 Your contact person Valerie Fontaine Director of International Business Development valerie.fontaine@itris-automation.com Mobile: +33 6 52 69 97 52 • Corporate website: www.itris-automation.com • Presentations: www.slideshare.net/ItrisAutomationSquare/ For more information