Safety Integrity
Levels (SIL) are a common technique used in the evaluation of safety-related
software. They are used in a number of standards, including many of those
discussed in the standards section of this
website.
Standards generally prescribe, for differing safety integrity levels,
progressively more rigorous software development processes.
Paolo Panaroni of Intecs SpA
comments as follows:
"Software, in general, is only a component of
an overall system, and thus the concept of software safety itself is
essentially equivalent to that of component safety. A component by itself
is, therefore, never 'safe' or 'unsafe.' Nevertheless, there are a
number of dependability characteristics and/or development processes also
for components for different safety integrity levels.
One could, therefore, say that Component X has
been developed according to the processes defined for a certain (high)
safety integrity level, yet perhaps when inserted into the overall system,
it renders it extremely dangerous (see the
ARIANE 5 example). Only a system safety analysis (at the architectural
level) can confirm its safety; it is not enough to merely assemble
components developed according to the processes defined for high safety
integrity levels.
Nevertheless, the concept of a 'safety critical
component' does remain valid - a component which, by itself, may lay claim
to the property of having been developed according to the processes defined
for a high safety integrity level."
Thus, the applicability of the SIL concept at the level of reusable software
components is an important area of investigation. For an interesting discussion of
a number of potential misunderstandings and abuses of the SIL concept, see the article by
Redmill.
