One of the vulnerabilities that are really easy to exploit is when people leave super-sensitive information in source code - and you get your hands on this source code. In early prototyping a lot of people will hardcode passwords and certificate keys in their code, and remove it later when moving to production code. Sometimes … Continue reading Avoid keeping sensitive info in a code repo – how to remove files from git version history
There is one post on this blog that consistently receives traffic from search engines; namely this post on the effect of uncertainty on PFD calculations in reliability engineering: https://safecontrols.wordpress.com/2015/07/21/uncertainty-and-effect-of-proof-test-intervals-on-failure-probabilities-of-critical-safety-functions/ It is interesting to see the effect on the dynamic probability of failure on demand from a theoretical perspective. Consider now instead the problem of collecting … Continue reading How do you update failure rates and test intervals based on limited data observations?
Risk management is a topic with a large number of methods. Within the process industries, semi-quantitative methods are popular, in particular for determining required SIL for safety instrumented functions (automatic shutdowns, etc.). Two common approaches are known as LOPA, which is short for "layers of protection analysis" and Riskgraph. These methods are sometimes treated as … Continue reading Thinking about risk through methods
https://twitter.com/sjefersuper/status/762934451542302720 Digital control systems control almost every piece of technology we use, from the thermostat in your fridge to oil refineries and self-driving cars. My answer to this Quora user's question suggests an iterative process involving: setting objectives and goals modeling the plant designing the control structure testing and simulation studies testing on the real … Continue reading How do digital control systems get developed?
Failure rates for critical components are difficult to trust. Basically, if we look at public sources for data, such as the OREDA handbook, we observe that typical components have very wide confidence intervals for estimated failure rates, in spite of 30 years of collecting these data. If we look at the data supplied by vendors, … Continue reading Updating failure rates based on operational data – are we fooling ourselves again?
Reliability standards require that suppliers of components that will be used as parts in a safety function or a safety instrumented system shall be documented to show full compliance with the reliability requirements. In practice, however, documentation is often severely lacking. In essence, the documentation required for a given component would include: A description of … Continue reading Solving the fragmentation problem in documentation of reliability
Functional safety work usually involves a lot of people, and multiple organizations. One key success factor for design and operation of safety instrumented systems is the competence of the people involved in the safety lifecycle. In practice, when activities have been omitted, or the quality of the work is not acceptable, this is discovered in … Continue reading Why functional safety audits are useful