In her February 2020 column ("Are You Sure Your Software Will Not Kill Anyone?"), Nancy Leveson says the solution to software safety is not "building a software architecture and generating the requirements later." Reading this, we were surprised that anyone would propose such an approach, or that Leveson would find it necessary to argue against it. We were even more surprised to see that Leveson attributes the proposal to a National Academies report that we edited.1
Perhaps Leveson had a different report in mind. Our report actually substantiates the very arguments she makes in her column, identifying the same misconceptions that she notes, along with others—and provides citations for the earlier origins of these supposedly new arguments.
Contrary to Leveson's article, however, our report does not take the design as given and claim that "analysis tools can be developed to analyze the safety of complex systems." Rather than treating safety as a quality to be established by an ex post facto analysis, our report calls for the design to be shaped by the safety requirements. Our report's key point is that safety needs a compelling and reasoned argument and that, if the design is constructed with this argument in mind, the credibility of the argument can be increased and the cost of producing it reduced.
Daniel Jackson, Cambridge, MA, USA
Lynette Millett, Washington, D.C., USA
Martyn Thomas, London, U.K.
Author response
I have reread the NRC report and I was mistaken. I must have confused it with something else I read around the time (probably related to Agile). I am very sorry for my mistake. I should have checked before my column appeared.
Nancy Leveson, Cambridge, MA, USA
Sustainable Charge
In his February column, Vinton G. Cerf called for more durability from manufacturers and cited Tesla as an example. I would like to suggest that Tesla and other makers of electric cars include with every purchase a garage battery of the same capacity as that in the automobile. The home battery would have suitable programmable switching to enable charging at steady sustainable rate, for example, from renewable resources or overnight, without the wholesale need to strengthen the domestic power grid. This would allow instant vehicle recharging when the driver returns home.
W.B. Langdon, London, U.K.
Response from the Editor-in-Chief
The temporal misalignment of renewable electricity generation with load (use) is indeed a growing challenge. In fact, in grids with solar-dominated renewables, such as California, "time of use" rates already favor consumption from morning to mid-afternoon—when an electric car might well be at work, rather than at home! More charging stations at business offices would be a much cheaper solution than redundant batteries for electric cars.
Andrew A. Chien, Chicago, IL, USA
Bleating in Computing Machinery
I have been a member of the Association for Computing Machinery for over 60 years. Over these three-score years, I have spent a great deal of time adjusting to the machinery in vogue. We first worked hands-on and later used time sharing and a score of other fads. Now we are somewhere in the clouds.
The time has come to call a general meeting of the team. We are not an association of computing machinery; we are an association of individuals concerned about computing. We may have different interests and experience. We work in varied environments. We research many interesting areas of computation. For almost 70 years, ACM has held us in good stead. However, technology has now overwhelmed us. It is and for several years has been moving too fast for all of us.
With the Coronavirus Revolution we now have to work in an environment that is often unreliable, lonely, and depressing.
In a very bleating voice, I cry out for change. We should be called ACP—the Association of Computing Professionals. Let us put it to a vote; 'STAY WITH ACM or MOVE TO ACP.'
Donald F. Costello, Lincoln, NE, USA
Response from the Editor-in-Chief
It would be difficult to make the argument that ACM isn't well beyond "computing machinery," and I like ACP—any other good suggestions? This sounds like just the thing that should be put to ACM Council, and then to a vote by the membership! We have just missed this year's cycle, so plenty of lead time to develop this for next year.
Andrew A. Chien, Chicago, IL, USA
Join the Discussion (0)
Become a Member or Sign In to Post a Comment