Software of unknown pedigree

Last updated

Software of unknown provenance (SOUP) is software that was developed with a unknown process or methodology, or which has unknown or no safety-related properties. [1] In the medical device development standard IEC 62304, SOUP expands to software of unknown provenance, and in some contexts uncertain is used instead of unknown, but any combination of unknown/uncertain and provenance/pedigree refer to the same concept; all with the same abbreviation.

The term SOUP is often used in the context of safety-critical and high integrity systems such as medical software especially in a medical device.

A risk that SOUP poses is that it cannot be relied upon to perform safety-related functions, and it may prevent other software, hardware or firmware from performing their safety-related functions. Addressing the risk involves insulating the safety-involved parts of a system from potentially undesirable effects caused by the SOUP. [2]

Rather than prohibiting SOUP, additional controls are often imposed to mitigate risk. Practices may include static program analysis and review of the vendor's development process, design artifacts, and safety guidance. [3]

References

  1. Felix Redmill (2001). "The COTS Debate in Perspective" . In Udo Voges (ed.). Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2001, Budapest, Hungary, September 2628, 2001. Springer. pp.  122. ISBN   978-3-540-42607-3.
  2. Hall, Ken (June 1, 2010). "Developing Medical Device Software to IEC 62304". EMDT - European Medical Device Technology. Retrieved 2012-12-11.
  3. Hobbs, Chris (2011-11-01). "Device makers can take COTS, but only with clear SOUP". Medical Design. Archived from the original on 2013-01-23.

Further reading


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.