Embedded Systems Conference
Breaking News
Newest First | Oldest First | Threaded View
User Rank
Re: safety: spiral vs agile development model
Sanjib.A   2/19/2014 10:27:29 PM

This is great point you have brought out. I worked on the industrial safety system products following IEC 61508 and that standard also says the same thing. The independent assessor & approver TUV told us the same...the person writing the code shall not test. Also, the person writing the test plan shall not execute the test. I am from the electronics circuit design & FPGA back ground. My difficulty in understanding Agile is, in electronics design we cannot so incremental developments like it says in Agile....completing backlogs in sprints lasting for only two-three weeks and can't demonstrate a working product to the customers. Hardware development for safety critical system would be even tougher to execute (or won't make any sense) in this way. 

User Rank
Re: safety: spiral vs agile development model
JeffL_2   2/19/2014 3:06:28 PM
I'm not at all sure that "spiral VS. agile" is the right way to frame the debate, considering how disparate the two approaches are, and I doubt whether many of us who have done heavily safety-critical projects ever get close enough to "agile" to know it very well at all. Nonetheless I could offer one comment, one of the "pluses" that's been touted for agile is that the code developer does the unit testing himself because he's the "best qualified" to understand the routine he's trying to code. This used to be common too in the older military coding standards like MIL-STD-1679 (I think that's the #, been awhile) but this is in direct contradiction to the premise of something like DO-178C where the notion is you specifically need different people writing the tests so you get "separation of responsibility" and the testing MUST be done by different people, so the critical part of writing the test code MUST be done "through a different pair of eyes". It kind of seems like in this example the advocates of agile don't even have the correct mindset to address the critical issues, and I would submit that if you took a closer look this type of "critical discrepancy" would likely be found throughout the process. I believe the two approaches at best (as currently defined at least) are barely compatible but I'd be willing to listen to an argument to the contrary.

User Rank
safety: spiral vs agile development model
Sanjib.A   2/18/2014 8:53:46 PM
This is a good topic and there could be a constructive and fruitful debate on it. I have worked on several safety projects and mostly functional safety per IEC 61508. A few years back, nobody questioned the process and it followed kind of spiral model or iterative waterfall or what ever you call it as. We spent several months in doing the FMEAs to understand the failure modes well, before starting the real development work. There were many reviews, especially by independent assessor. The project took almost double the time compared to if it were a normal project. Now a days with the popularity of Agile development, management perspective has got changed. Recently we were asked to think about executing a safety project with Agile development rigor...we could not figure out how it benefits...the project eventually did not get management focus, may be due to other reasons too. But I am not seeing any safety project being executed following Agile development.

Even if it is not a safety critical product, did somebody apply Agile development to hardware development successfully?

As data rates begin to move beyond 25 Gbps channels, new problems arise. Getting to 50 Gbps channels might not be possible with the traditional NRZ (2-level) signaling. PAM4 lets data rates double with only a small increase in channel bandwidth by sending two bits per symbol. But, it brings new measurement and analysis problems. Signal integrity sage Ransom Stephens will explain how PAM4 differs from NRZ and what to expect in design, measurement, and signal analysis.

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Most Recent Comments
Most Recent Messages
1:23:21 PM
Like Us on Facebook
Special Video Section
The LTC®6363 is a low power, low noise, fully differential ...
Vincent Ching, applications engineer at Avago Technologies, ...
The LT®6375 is a unity-gain difference amplifier which ...
The LTC®4015 is a complete synchronous buck controller/ ...
The LTC®2983 measures a wide variety of temperature sensors ...
The LTC®3886 is a dual PolyPhase DC/DC synchronous ...
The LTC®2348-18 is an 18-bit, low noise 8-channel ...
The LT®3042 is a high performance low dropout linear ...
Chwan-Jye Foo (C.J Foo), product marketing manager for ...
The LT®3752/LT3752-1 are current mode PWM controllers ...
LED lighting is an important feature in today’s and future ...
Active balancing of series connected battery stacks exists ...
After a four-year absence, Infineon returns to Mobile World ...
A laptop’s 65-watt adapter can be made 6 times smaller and ...
An industry network should have device and data security at ...
The LTC2975 is a four-channel PMBus Power System Manager ...
In this video, a new high speed CMOS output comparator ...
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...