Software Engineering Institute

There is growing interest in using a structure of claims, arguments, and evidence to explain why all critical software hazards have been eliminated or adequately mitigated in mission-critical and safety-critical systems. Such a structure has been called a dependability case, an assurance case, or a (goal-structured) safety case. Dependability cases are sometimes viewed as adding no extra value, e.g., given an existing hazard analysis, what is the added value of a dependability case showing how the hazard is mitigated? In this paper we present an example to show the value a dependability case adds to a traditional hazard analysis.