Safety Factories - a Manifesto

TL;DR

The paper addresses the disconnect between safety engineering and agile software delivery by advocating Safety Factories that make safety content machine-processable and integrated with software pipelines. It introduces nine principles (e.g., Safety Work Products as Code, Single Source of Truth, Automated Impact Analysis, Safety Builds, and Live Documentation) and positions the safety case as the core, driving continuous system development and automated assurance. The contributions include a concrete architectural blueprint for integrating safety into software factories and the concept of live, queryable safety artifacts with eventual consistency. The work is illustrated by parallel efforts in FASTEN and nLoop to operationalize these principles.

Abstract

Modern cyber-physical systems are operated by complex software that increasingly takes over safety-critical functions. Software enables rapid iterations and continuous delivery of new functionality that meets the ever-changing expectations of users. As high-speed development requires discipline, rigor, and automation, software factories are used. These entail methods and tools used for software development, such as build systems and pipelines. To keep up with the rapid evolution of software, we need to bridge the disconnect in methods and tools between software development and safety engineering today. We need to invest more in formality upfront - capturing safety work products in semantically rich models that are machine-processable, defining automatic consistency checks, and automating the generation of documentation - to benefit later. Transferring best practices from software to safety engineering is worth exploring. We advocate for safety factories, which integrate safety tooling and methods into software development pipelines.