Path: utzoo!utgpu!watmath!att!pacbell!ames!excelan!ames!henry.jpl.nasa.gov!elroy.jpl.nasa.gov!ucla-cs!uci-ics!nancy From: nancy@ics.uci.edu (Nancy Leveson) Newsgroups: comp.software-eng Subject: Re: Information on current state of software safety desired Message-ID: <1989Oct4.055359.15145@paris.ics.uci.edu> Date: 4 Oct 89 05:53:59 GMT References: <1321@cs.rit.edu> <195@cherry5.UUCP> Sender: news@paris.ics.uci.edu (Network News) Reply-To: Nancy Leveson Organization: University of California, Irvine - Dept of ICS Lines: 30 >One thing that motivated my interest in software safety was the failure of a >radiation therapy (cancer treatment) LINAC built by some North American >company. While I think that the failure resulted from a system design flaw, I was an expert witness on one of the law suits involved with this machine. Unfortunately, a lot of misinformation has been floating around, but I am unable (at this time) to provide details. However, the failure resulted from software bugs, not from system design flaws. >The software developers should have >been aware of the lethal radiation levels that could be generated and should >have insisted on a fail-safe shutoff, either as part of the system or parallel >to it. This is not the responsibility of the software developers, but of the system, nuclear, and safety engineers. > >Ah, well, as long as everyone involved learned from their mistakes. We're only >human. Four people are dead and one is maimed. Two of these died of cancer, the others died or were maimed as a result of the incorrect treatment. I often hear software engineers say "there is nothing we can do about software errors, they will always occur." This is just not true. There were many things that could have been done in this case and in general. nancy -- Nancy Leveson