Information Technology Reference
In-Depth Information
for software in a range of 100 TLOC or more. The only promising strategy
for minimizing errors is:
1. The development of functional and design specifications (architecture)
has to be given top priority and needs adequate resources,
2. The safety part of the software has to be kept as small as possible, and
3. The software life-cycle has to undergo a broad as possible, manifold, and
continuous review process.
Successful software projects require for the first point, the specification, at
least between 20% and 40% [12] of the total development cost, depending on
the size of the final software package. Trying to save at this point will almost
certainly result in inflated costs during later project phases (see figure 5).
Fig. 5. Fraction of the over all project budgets spent on specification (architecture)
versus fraction of budget spend on rework + architecture, which defines a so called
“sweet spot” where it reaches its minimum [12]. However this cost function does not
take any potential damages into account, which might result from fatalities caused
by software bugs.
Formal modeling methods and close communication with the end-user
may be helpful in this stage, especially when operational scenarios can be
modeled formally as well in order to verify and validate the design. Speci-
fication, modeling and reviews by closely involving the customer may even
require several cycles in order to come to a satisfactory result.
The second point can only be determined within the project itself by
strictly separating safety critical from non-safety related functions and only
focusing on pure safety functions in the vital part of the control system.
NASA has even suggested a certain maximum limit for code size, related
