We're sunsetting PodQuest on 2025-07-28. Thank you for your support!

EP7 - STPA (System Theoretical Process Analysis) - Thoughts from Dr. Nancy Leveson (Part 1)

2020/6/8

Flight Test Safety Channel

AI Deep Dive AI Insights AI Chapters Transcript

People

Nancy Leveson

Topics

Nancy Leveson: STAMP的开发源于对传统安全分析方法在软件密集型系统中的局限性认识。传统方法基于组件故障假设，而STAMP则将事故视为控制问题，更全面地考虑了组件故障、组件间不安全交互以及不安全的人为行为等因素。STAMP的有效性已在多个项目中得到验证，包括美国导弹防御系统，证明其能够有效识别和预防事故，并降低成本。 Art Tomasetti: 访谈中，主持人与Nancy Leveson教授探讨了STAMP和STPA的开发背景、应用领域以及在不同行业中的应用效果。 Art Tomasetti: 本访谈主要围绕STAMP和STPA展开，探讨了其开发的初衷、应用范围以及在不同行业中的实践效果。通过与Nancy Leveson教授的对话，我们了解到STAMP和STPA在解决软件密集型系统安全问题上的优势，以及其在汽车、航空航天等领域的广泛应用。

Deep Dive

Key Insights

What inspired Dr. Nancy Leveson to develop STAMP and STPA?

Dr. Leveson was initially approached to address software safety in a Navy torpedo project in the 1980s. She realized that traditional safety and hazard analysis methods, developed for electromechanical systems, were inadequate for software-intensive systems. This led her to develop a new causality model that treats accidents as control problems rather than failures.

How does STAMP differ from traditional safety analysis methods?

STAMP shifts the focus from component failures to control problems. It considers unsafe interactions between components, human behavior, and other factors, providing a more comprehensive approach to accident prevention.

Which industries have widely adopted STAMP and STPA?

The automotive and aviation industries have embraced STAMP and STPA the most. Automobiles, especially autonomous vehicles, contain vast amounts of software, making STAMP crucial. Aviation companies like Embraer and defense sectors are also using it extensively.

What was a significant early success of STAMP in a real-world application?

STAMP was used in the U.S. missile defense system before deployment in 2004. It identified numerous paths to inadvertent launch, delaying deployment by six months and costing several hundred million dollars to fix, demonstrating its effectiveness.

What is the 'On the Web' segment about?

The 'On the Web' segment highlights resources available on the Flight Test Safety Committee's website, such as the updated Airshow Display Flight Guidance, which combines historical and contemporary airshow planning information.

What upcoming events are mentioned in the podcast?

The 2020 AIAA Aviation Forum will be a virtual event from June 15-19. The SATP Annual Symposium is planned for September 23-26 in Anaheim, California, with a paper submission deadline of June 15. The European Flight Test Safety Workshop is scheduled for October 13-16 in London, with a paper submission deadline of July 31.

Chapters

This chapter explores the origins of STAMP and STPA, highlighting the limitations of existing safety analysis methods in addressing the challenges posed by software-intensive systems and the evolution of Dr. Leveson's approach from component failure to a control problem perspective.

Dr. Leveson's initial involvement stemmed from a request for help with software safety in a Navy torpedo project.
Existing safety analysis methods were inadequate for software-intensive systems due to their focus on component failures.
STAMP treats accidents as control problems rather than simply component failures, encompassing unsafe interactions and human behavior.
Real-world applications demonstrated STAMP's effectiveness in identifying hazards and reducing costs.

Shownotes Transcript

In this episode you will hear Part 1 of a two part interview with Dr. Nancy Leveson from MIT on STPA and STAMP. We introduce a new segment called "On the Web", provide the latest info we have on upcoming events as well as highlights from this month's Flight Test Safety Fact.

Here is the link for Dr. Leveson's home page: Nancy Leveson's Home Page at MIT)

This Podcast is sponsored by Time2climb Training and Consulting: www.time2climb.com)

EP7 - STPA (System Theoretical Process Analysis) - Thoughts from Dr. Nancy Leveson (Part 1) 12:04 Share