Professional Documents
Culture Documents
Thor Myklebust
SINTEF Digital, Norway. E-mail: thor.myklebust@sintef.no
Tor Stålhane
NTNU Norway. E-mail: stalhane@ntnu.no
Geir K. Hanssen
SINTEF Digital, Norway. E-mail: geir.k.hanssen@sintef.no
In recent years, there has been an increasing interest and growing use of agile development methods when
developing safety-critical systems. This interest is motivated by the need to shorten time-to-market, reduce costs,
improve quality, and to support the paradigm of continuous development and deployment.
This paper presents an agile lifecycle approach to Reliability, Availability, Maintainability, Safety and Security
(RAMSS) engineering and management. The current trend for cyber physical systems is more connectivity over
insecure networks, and as a consequence of emerging security threats, we suggest a systematic addition of security
in this area, complementing safety. Depending on the domain, it is not just the software itself that must be updated
due to security issues, but also safety cases and accompanying evidence.
The Agile RAMSS approach covers all phases of the development process, including improvements due to
modifications and safe patching during operation. These improvements have to be performed based on strict safety
standard requirements. The lifecycle is aimed at manufacturers of High Integrity Systems, like Industrial
Automation and Control Systems and Safety Instrumented Systems. We have used our in-depth knowledge of
security standards, like the IEC62443 series and the software safety standards IEC61508-3 and EN 50128, to
establish a risk-based approach that is combined with a fast track solution of the SafeScrum method including
DevOps.
References
T. Myklebust, G. K. Hanssen and N. Lyngby. A
survey of the software and safety case
development practice in the railway signalling
sector. ESREL Portoroz Slovenia 2017
T. Laukkarinen, K. Kuusinen and T. Mikkonen.
Regulated software meets DevOps.
Information and Software Technology 97
(2018) 176-178