There is a sharp counter-trend to this scientific progress, however: "human error" gets cited as cause more often than before, and costs associated with for example malpractice claims are soaring. It seems that human factors as science does a great job explaining why things go wrong, but a bad job providing the succor people crave after failure. After all, it is much easier to live with a failure if you get told that it happened because somebody did something wrong. System explanations, instead, distribute contributions all over the place and are diffuse in their assignment of accountability.

This talk will address how many people turn to human factors not for explanation, but to feel better about themselves and their engineered systems. It will contrast human factors as science with human factors as succor. (less)

He has worked in Australia , New Zealand , the Netherlands , and England and has been a Senior Fellow at Nanyang Technological University in Singapore as well as Visiting Academic in the Department of Epidemiology and Preventive Medicine, Monash University in Melbourne . He is currently scientific advisor on healthcare system safety to the Winnipeg Regional Health Authority and Professor of Community Health Science at the Faculty of Medicine, University of Manitoba , in Canada .

His research interests include system safety, human error, reactions to failure, and organizational resilience. His most recent books are "Ten Questions About Human Error: A New View of Human Factors and System Safety" (2005), "The Field Guide to Understanding Human Error" (2006), and "Just Culture: Balancing Safety and Accountability" (2007). He also recently became an airline pilot, flying part-time on the Boeing 737NG. (less)

He will introduce the concept of a success argument, an evolving argument that the engineering effort under way will lead to an acceptable system in an acceptable time and with acceptable cost. Professor Knight will describe the ABD decision mechanism underlying process synthesis, in which the evolving product assurance and success arguments guide the formulation of the evolving concrete development process.

In ABD, completing the incomplete portions of the product assurance and success arguments reveals the obligations that the detailed process has to meet. The detailed process, in turn, returns the evidence needed to complete the incomplete portions of the arguments. He will illustrate the ideas with examples taken from a case study of a medical device. (less)

Dr. Knight's research interests are in software dependability. He is currently working on projects in safety-critical embedded systems and the survivability of critical networked applications. Specific research topics include the use of natural language in specification, tool support for comprehensive specification development and analysis, formal verification, assurance arguments, and network survivability architectures.

In 2006, Dr. Knight received the IEEE Computer Society's Harlan D. Mills Award for contributions to the practice of software engineering. From

2001 to 2005 he served as Editor in Chief of the IEEE Transactions on Software Engineering. He served as the General Chair of the 2000 International Symposium on the Foundations of Software Engineering and as the General Chair of the 2007 International Conference on Software Engineering. (less)

Systems safety may be compromised by random failures resulting from physical breakdown or by systematic failures resulting from design errors. The safety argument may be based on evidence that some classes of failure cannot occur, or that failures will only occur infrequently, or that component failures will not lead to unsafe system states. Digital components cannot be assumed to behave continuously, which means that testing particular input values provides little evidence that the system will behave as required when presented with different inputs.

What confidence can we have that a software-based system will meet its safety targets? How should the confidence level be calculated and assessed? What sort of evidence leads to high confidence? Does combining different sorts of evidence increase or decrease confidence in the system, and why?

How should international standards for the development and assessment of safety-related systems address these issues? (less)

In this capacity Alec was involved in developing EUROCONTROL Guidelines for the conduct of Air Navigation Service Provider Safety Surveys and for the design and delivery of an associated safety survey training course for the Institute of Air Navigation Services in Luxembourg. Prior to that he spent 30 years in the Royal Air Force as a Fighter Controller, serving in a wide range of operational controlling, examining and staff appointments in the UK and overseas.

Towards the end of his RAF career, Alec spent 5 years leading a joint team of controllers and safety engineers developing the RAF’s first formal Safety Management System for the UK Air Surveillance and Control System (a network of fixed and mobile ground-based radar control units and airborne early warning aircraft). Alec completed an MSc in Defence Management with Cranfield University in 2003. His dissertation topic was a comparative study of military and civil approaches to aviation safety. An active General Aviation pilot in his spare time,

Alec holds a Commercial Pilot Licence and flying instructor rating. He took up post as Head of International Coordination & Strategy within the Air Traffic Standards Division of the UK CAA Safety Regulation Group in November 2007 and has been actively involved in the development of regulatory policy on a wide range of Air Traffic Management subjects including the introduction of Unmanned Air Systems (UAS). He attends meetings of EUROCAE Working Group 73 which is developing European standards for UAS and has represented the UK CAA at the International Civil Aviation Organisation (ICAO) UAS Steering Group. (less)