Context: Today's safety critical systems are increasingly reliant onsoftware. Software becomes responsible for most of the critical functions ofsystems. Many different safety analysis techniques have been developed toidentify hazards of systems. FTA and FMEA are most commonly used by safetyanalysts. Recently, STPA has been proposed with the goal to better cope withcomplex systems including software. Objective: This research aimed at comparingquantitatively these three safety analysis techniques with regard to theireffectiveness, applicability, understandability, ease of use and efficiency inidentifying software safety requirements at the system level. Method: Weconducted a controlled experiment with 21 master and bachelor students applyingthese three techniques to three safety-critical systems: train door control,anti-lock braking and traffic collision and avoidance. Results: The resultsshowed that there is no statistically significant difference between thesetechniques in terms of applicability, understandability and ease of use, but asignificant difference in terms of effectiveness and efficiency is obtained.Conclusion: We conclude that STPA seems to be an effective method to identifysoftware safety requirements at the system level. In particular, STPA addressesmore different software safety requirements than the traditional techniques FTAand FMEA, but STPA needs more time to carry out by safety analysts with littleor no prior experience.
展开▼
