Software safety for air traffic management systems

The introduction of advanced air traffic management (ATM) functionality is often heralded as a safety improvement. On the whole, the introduction of advanced ATM functionality will probably reduce the likelihood of an accident. However, its introduction may also entail new sources of safety risk that need to be carefully weighed against the safety benefits of advanced ATM functionality. Many new sources of safety risk associated with the introduction of advanced automation are due to specific problems in the following categories: too much effort spent entering data; too much information displayed; increased semantic complexity; not enough visibility into automated processes; coarse-grained reuse of software; conflicts between availability objectives and safety objectives. The purpose of this paper is to argue that stakeholders must look beyond the "safety-net" functions to thoroughly understand the impact of advanced ATM functionality on the safety of an air navigation system.