Abstract :
Safety is a property of Sociotechnical Systems not of software - We should set the system boundary where the dependence on assumptions is minimised and most certain ?? We should reduce functionality and use our best designers to make the system as simple as possible ?? We should ?? build safety cases from claims about system properties, not about rates of failures ?? rely on evidence from analysis where possible ?? use rigorous notations and automated analysis ?? We must develop standards that demand strong evidence for feasible claims ?? If an application needs a degree of dependability for which adequate confidence cannot be achieved before deployment, we must say "no"
