Skip to content

How (if at all) do our usual open source practices need to be modified to accommodate the development of Safety Case artifacts?

With a little help from Gemini, I've created a definition of a Safety Case.

With this issue, I am specifically interested in understanding what -- if anything -- is special about the artifacts that go into a Safety Case with regard to the Eclipse Foundation Development Process. Are there any specific considerations that, for example, prevent us from treating Safety Case artifacts as we would any other project artifact?

My understanding is that a Safety Case is typically not something that is publicly available. Is there any reason why these artifacts should be kept private in an open source context? (I assume no).

Can we accept contributions via merge/pull requests in the usual way? That is, are there limitations on who can contribute to a Safety Case?

Are there special roles with special privileges?

Feel free to critique/suggest modifications to the definition that I've captured below. But... the focus of this issue is with identifying if and how our usual open source practices need to be modified to accommodate the development of Safety Case artifacts.

What is a "Safety Case" in Functional Safety Critical Development?

In the realm of functional safety critical development, a safety case is a structured argument, supported by evidence, intended to justify that a system is acceptably safe for a specific application in a specific operating environment.

Think of it as the ultimate persuasive document that answers the fundamental question: "Why should we believe this system is safe enough to use?"

Here's a breakdown:

  • Structured Argument: It presents a logical flow of reasoning, connecting claims about the system's safety to the evidence supporting them. This often follows a goal-based approach, where high-level safety goals are broken down and argued for using evidence.
  • Supported by Evidence: The argument is backed by concrete evidence, such as:
    • Design documents (specifications, architecture).
    • Analysis results (hazard analyses, risk assessments).
    • Verification and validation reports (test results, simulations).
    • Process documentation (evidence of adherence to safety standards).
    • Safety management plans.
  • Acceptably Safe: "Safe enough" is determined by the specific application, hazards, risks, and relevant safety standards. The safety case demonstrates that the residual risk is within acceptable limits.
  • Specific Application and Operating Environment: It's tailored to the context of use, considering factors like intended use, potential misuse, environmental conditions, and user interactions.

A well-constructed safety case provides stakeholders with confidence that the system is designed, developed, and will be operated safely. It's crucial for demonstrating compliance, facilitating communication, supporting decision-making, aiding audits, and ensuring traceability.

Is a Safety Case Typically a Public Document?

Generally speaking, a complete and detailed safety case is typically NOT a fully public document.

Here's why:

  • Proprietary Information: Safety cases often contain confidential details about design, architecture, implementation, and analysis methodologies, the public release of which could harm intellectual property and competitive advantage.
  • Security Concerns: For systems with security implications, revealing safety mechanisms could expose vulnerabilities.
  • Complexity and Context: The highly technical and context-specific nature of safety cases can lead to misinterpretation if viewed without the necessary background.
  • Regulatory and Legal Considerations: While regulatory bodies review safety cases, they don't usually mandate full public disclosure, and legal or contractual restrictions may exist.

However, certain aspects or summaries might be made public in some circumstances:

  • Publicly Available Safety Reports: Regulatory agencies might publish summaries or high-level findings for significant public projects to ensure transparency.
  • Marketing Materials: Companies might make general safety claims but avoid detailed specifics.
  • Engagement with Stakeholders: Some non-confidential information might be shared with specific user groups or community representatives.

In summary, the full safety case is usually an internal document for demonstrating and justifying safety to relevant authorities, while public disclosure is limited to summaries or high-level information due to various considerations.

/cc @dana @devcurmudgeon

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent