Assurance cases and prescriptive software safety certification: a comparative study

Research output: Contribution to journalArticlepeer-review


In safety–critical applications, it is necessary to justify, prior to deployment, why software behaviour is to
be trusted. This is normally referred to as software safety assurance. Within certification standards,
developers demonstrate this by appealing to the satisfaction of objectives that the safety assurance standards
require for compliance. In some standards the objectives can be very detailed in nature, prescribing
specific processes and techniques that must be followed. This approach to certification is often described
as prescriptive or process-based certification. Other standards set out much more high-level objectives
and are less prescriptive about the particular processes and techniques to be used. These standards
instead explicitly require the submission of an assurance argument which communicates how evidence,
generated during development (for example from testing, analysis and review) satisfies claims concerning
the safety of the software. There has been much debate surrounding the relative merits of prescriptive
and safety assurance argument approaches to certification. In many ways this debate can lead to confusion.
There can in fact be seen to be a role for both approaches in a successful software assurance regime.
In this paper, we provide a comparative examination of these two approaches, and seek to identify the
relative merits of each. We first introduce the concepts of assurance cases and prescriptive software
assurance. We describe how an assurance case could be generated for the software of an aircraft wheel
braking system. We then describe how prescriptive certification guidelines could be used in order to gain
assurance in the same system. Finally, we compare the results of the two approaches and explain how
these approaches may complement each other. This comparison highlights the crucial role that an assurance
argument can play in explaining and justifying how the software evidence supports the assurance
argument, even when a prescriptive safety standard is being followed.
Original languageEnglish
Pages (from-to)55-71
Number of pages17
JournalSafety science
Issue numbern/a
Publication statusPublished - Nov 2013

Cite this