Safety Assurance in Continuous Deployment
Safety critical systems are costly to build and long lived. Traditionally being developed using a waterfall model with stringent demands on verification due to their certification requirements in many critical application domains. Typically, due to requirements on re-verification and re-certification developers and management are resistant to changes.
On the other hand, Agile practices have been highly successful in many domains of enterprise computing. Agile software development provides great flexibility in design and embrace change as the norm rather than as an exception. Continuous delivery and continuous deployment are becoming a key to the success of software companies.
It is obvious that the main reason behind aversion to changes among safety critical system developers is the huge costs involved in re-verification and re-certification. So if we want to bridge these two distant worlds, we need to have an efficient change management framework, which can a) highlight the impact of changes on the safety arguments b) provide possibilities to restrict the re-work costs c) help with a quick decision making process to select from the change proposals d) provide help in the re-certification and e) help in assuring through life safety. The proposed SAFECODE project plans to explore these possibilities in well-defined subprojects during subsequent sprints based on partner interests and preferences. The central theme will be the usage of safety contracts to drive and manage the change management and tailoring the agile processes to support the safety requirements.
We expect such an approach to result in substantial cost reductions in re-certifications as well as help industrial partners to update the critical systems on a more frequent basis. This will enable better performance and fast adaptations to changes in operational/ environmental settings.