Agile in a Safety Critical world

Agile in a Safety Critical world Julian Goddard 24/11/2014 26/11/14 (c) 2014 Plaxion Limited. All rights reserved. 1

Contents Introductions The pervasiveness of software Agile review Safety Critical software review Safety Critical => Agile Agile => Safety Critical software Conclusions 2

Julian Goddard Real-time software contractor 15 years Medical Safety Critical software 10 years planes and trains, Safety Critical software contractor 10 years Lead various Agile and Software Development Forums Contributed to several companies conversion to Agile Interested in quickly developing robust, safe software plaxion@live.co.uk 3

The audience Agile Safety Critical Agile Safety Critical 4

The pervasiveness of s/w 5

The pervasiveness of s/w Example 6

Why is s/w pervasiveness? Computers are continually reducing in cost Computers are continually reducing in size Portable Software is very cheap per unit Software is flexible Etc 7

More Safety Critical s/w It is becoming increasing desirable and practical to put software systems into: Vehicles Medical devices Portable devices Wearable devices Etc 8

Agile review 9

Agile review Agile Software Development Philosophy Manifesto Values Principles Methods XP Scrum... Practices TDD Done Done... 10

Agile Manifesto Values Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan 11

Agile Manifesto Principles (summary) Cooperative development team and sponsor Continuous stream of prioritised requirements Iterative, incremental deliveries of working software Continuous adaption of development process 12

Agile compared with Traditional Project benefits Visible Progress Early Value Adaptability Risk Mitigation Personnel benefits Communication Motivation Work-rate 13

The business case for Agile Agile Traditional Productivity Higher Lower Adaptability Higher Lower Robustness High? Costs Lower Higher 14

Agile works in the real world https://agileinsights.wordpress.com/2013/08/11/what-evidenceis-there-that-agile-works/ 15

Safety Critical s/w review 16

Safety Critical s/w review Safety Critical software means that it is capable of: causing harm e.g. automatic train operation preventing harm e.g. emergency brake assistance Safety Critical software must be certified that it meets a particular standard by a regulatory agency The regulatory agency requires evidence that the objectives of the standards have been met 17

EN50128:2011 review Introduction 5.3 lifecycles define lifecycle model in Software Quality Assurance Plan and shall consider iterations in phases 6 software assurance 7 generic software development 7.2 requirements 7.3 architecture & design 7.4 component design 7.5 implementation &testing 7.6 integration 7.7 validation 18

DO178C review Planning Process definition Development Software requirements Software design Tiered approach Bi-directional Traceability Recognition of modeling, modern languages Etc verification 19

Safety Critical s/w phases Standards apparently encourage sequential phases such as these: Planning Process definition Requirements capture Design Coding Verification Validation 20

Safety Critical s/w concepts Concepts present throughout: Safety Quality Traceability Configuration management Etc 21

Safety Critical s/w review In Safety Critical software standards the lifecycle development methods are suggested or Recommended but not Mandated The latest standards facilitate alternative development methods to the ideal waterfall partly in recognition of changes in software development methodology The Safety Critical software standards are not about standard software development lifecycles, they are about safety and software assurance The Safety Critical software standards are WIP 22

Safety Critical => Agile 23

Agile Manifesto Values Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan 24

Safety Critical Agile Values Individuals and interactions incorporated into processes and tools Working software supported by documentation Customer collaboration over contract negotiation Responding to change as facilitated by the plan 25

Agile Manifesto Principles Cooperative development team and sponsor Continuous stream of prioritised requirements Iterative, incremental deliveries of working software Continuous adaption of development process 26

Agile Manifesto Principles Cooperative development team and sponsor - as per plan & process definition Continuous stream of prioritised requirements - as per plan & process def n Iterative, incremental deliveries of working software - as per plan & process definition Continuous adaption of development process - as per plan & process definition 27

Agile => Safety Critical s/w 28

Safety Critical s/w phases Standards apparently encourage these sequential phases: Planning Process definition Requirements capture Design Coding Verification Validation 29

Agile Safety Critical s/w phases These phases: Initial planning, process definition, architectural considerations Iterate and increment - SCRUM: Planning planning poker Process definition SCRUM, Kanban Requirements capture backlog, ATDD Design TDD Coding TDD Verification done done Validation 30

Conclusions 31

Conclusions Agile software development can be supplemented by additional Safety Critical assurance processes which will increase safety 32

Conclusions Agile software development can be supplemented by additional Safety Critical assurance processes which will increase safety Safety Critical software development can be specified to use Agile software development methods which will increase adaptability, may reduce costs and will not compromise safety 33