18 ;;Quote: study of the software-related accidents of the Therac-25; six over two years, including death and serious injury

38 ;;Quote: a common mistake is to put too much confidence in software; design errors are hard to find and eliminate

38+;;Quote: hardware failure modes are more limited than software failures, so hardware interlocks should still be used

39 ;;Quote: software errors can always be attributed to transient hardware errors

39+;;Quote: early problems with the Therac-25 were blamed on the hardware

39 ;;Quote: no independent checks of Therac-25 malfunctioning; only patient reactions

39+;;Quote: Therac-25 could not detect massive overdoses; the ion chambers were saturated and indicated low dosage

39 ;;Quote: companies building hazardous equipment should log, track, and analyze all safety-related failures and accidents

39 ;;Quote: very low safety probabilities seem hard to justify; do not rely on them

39 ;;Quote: safety is a quality of the system in which the software is used; it is not a quality of the software itself; reused software may be unsafe

40 ;;Quote: should certify software engineers for safety-critical software