Print Email Facebook Twitter Beyond sotif Black swans and formal methods Title Beyond sotif Black swans and formal methods Author Saberi, A.K. Hegge, J. Fruehling, T. Groote, J.F. Publication year 2020 Abstract The ISO 26262 standard addresses system failures and the need to mitigate them safely. However, the standard is only implicit regarding the safety of the intended functionality. One should concede that a system without failures, operating in the specified design boundaries should be safe. None the less, the new ISO/PAS 21448 standard on Safety of the Intended Functionality (SOTIF) only explicitly addresses unintended functionality as it pertains to the design of the product, purportedly in the absence of any system, element or component failures. How can this have happened? What guarantees that contemporary complex computer steered systems always behave well under normal circumstances without showing any unexpected and deviant behavior that can be potentially hazardous to the user? How can this conundrum be amended? This paper explores the actual reality of failures in complex systems that rely on complex sub-systems to produce the desired functionality. We challenge the notion that the ISO 26262 and the ISO 21488 standards are presently sufficient in its guidance to resolve this enigma. Subject Automated DrivingFunctional SafetyISO 26262ISO/PAS 21448SOTIF To reference this document use: http://resolver.tudelft.nl/uuid:a502dfd7-796b-4830-b5e3-5eb3510ee224 DOI https://doi.org/10.1109/syscon47679.2020.9275888 TNO identifier 955272 Publisher Institute of Electrical and Electronics Engineers Inc. ISBN 9781728153650 Source SYSCON 2020 - 14th Annual IEEE International Systems Conference, Proceedings, 14th Annual IEEE International Systems Conference, SYSCON 2020, 24 August 2020 through 27 August 2020 Document type conference paper Files To receive the publication files, please send an e-mail request to TNO Library.