Assurance Pitfalls When Using COTS Components:
Using a name-brand, familiar component doesn't automatically ensure safety.
It is common to repurpose Commercial Off-The-Shelf (COTS) software or
components for use in critical autonomous vehicle applications. These
include components originally developed for other domains such as mine
safety, low volume research components such as LIDAR units, and
automotive components such as radars previously used in non-critical or
less critical ADAS applications.
Generally such COTS components are being used in a somewhat different
way than the original non-critical commercial purpose, and are often
modified for use as well. Moreover, even field proven automotive
components are typically customized for each vehicle manufacturer to
conform to customer-specific design requirements. When arguing that a
COTS item is proven in use, it is important to account for at least
whether there is in fact sufficient field experience, whether the field
experience is for a previous or modified version of the component, and
other factors such as potential supply-chain changes, manufacturing
quality fade, and the possibility of counterfeit goods.
In some cases we have seen proven in use arguments attempted for which
the primary evidence relied upon is the reputation of a manufacturer
based on historical performance on other components. While purchasing
from a reputable manufacturer is often a good start, a brand name label
by itself does not necessarily demonstrate that a particular component
is fit for purpose, especially if a complex supply chain is involved.
COTS components can be problematic if they don't come with the information needed for safety assessment. (Hint: source code is only a starting point. But often even that isn't provided.) While third party certification certainly is not a panacea, looking for independent evaluation that relevant technical, development process, and assurance process activities have been performed is a good start to making sure COTS components are fit for purpose.
(This is an excerpt of our SSS 2019 paper: Koopman, P., Kane, A. & Black, J., "Credible Autonomy Safety Argumentation," Safety-Critical Systems Symposium, Bristol UK, Feb. 2019. Read the full text here)
Last week there were two injuries involving human-supervised autonomous test shuttles on different continents, with no apparent connecti...
It's time to get past the irrelevant Trolley Problem and talk about ethical issues that actually matter in the real world of self drivi...
When you build an autonomous vehicle you can't count on a human driver to notice when something's wrong and "do the right thing...
Dealing with Edge Cases: Some failures are neither random nor independent. Moreover, safety is typically more about dealing with unusual ...