TL; DR - We are aiming to identify|provoke|create viable processes|methods|tools for secure|high-integrity|safety-critical|deterministic software engineering
This project sets out to ask questions about the problem of Compliance in software, particularly with regards to software engineering which is expected to be Safety Critical, High Integrity, Mission Critical, Secure, Deterministic.
What is the problem of Compliance in software? From a simplified viewpoint: verification against Compliance requirements, as we know it, does not work. The process is overly bureaucratic and subjective - there is no formal, objective method of guaranteeing that a piece of software will do what it claims it will do, and nothing more or less.
The volume and complexity of code in the software used in Safety Critical Engineering is rising fast, and we believe that automated processes for formal verification of Compliance are required to mitigate against the costs and risks involved. As far as we can tell there appears to be little applicable work on this available in the open domain.
As a initial objective, we are aiming to complete some research into some of the existing technologies in this field, so that we can create something in the way of a 'toy' or minimal framework for the creation of Trustable Software, providing a traceable link from requirements to tests, to code. We intend for this to be used, reviewed and critiqued by the wider community, and then built upon.
At a very high level, we are working on the following principles:
Using a tool to perform compliance validation is more objective, reliable, cheaper and ultimately more trustable than an industry of people performing compliance validation.
Working transparently and having discussions in the open whilst engaging the wider community is better than working behind closed doors.