The technology for building dependable computing systems has advanced dramatically. Nevertheless, there is still no complete solution to building software for critical systems in which every aspect of software dependability can be demonstrated with high confidence. In this paper, we present the results of a case study exploration of the practical limitations on software dependability. We analyze a software assurance argument for weaknesses and extrapolate a set of limitations including dependence upon correct requirements, dependence upon reliable human-to-human communication, dependence upon human compliance with protocols, dependence upon unqualified tools, the difficulty of verifying low-level code, and the limitations of testing. We discuss each limitation’s impact on our specimen system and potential mitigations.
Patrick J. Graydon, John C. Knight, Xiang Yin