Software safety: relating software assurance and software integrity

The overall safety integrity of a safety critical system, comprising both software and hardware, is typically specified quantitatively, e.g., in terms of failure rates. However, for software, it is widely accepted that there is a limit on what can be quantitatively demonstrated, e.g., by means of statistical testing and operational experience. To address this limitation, many software standards appeal instead to the quality of the process to assure the sufficient implementation of the software. In this paper, we contend that there is a large inductive gap between the quantitative software integrity required for a safety function and the assurance of the software development process for that function. We propose that this large inductive gap between software integrity and software process assurance could be narrowed down by an explicit definition of a product-based software argument. The role of this argument is to justify the transition from arguing about software integrity to arguing about software assurance by showing how the evidence, in the context of the software product-based argument, provides assurance which is commensurate with the required integrity.