Safety Factories - a Manifesto

• URL: http://arxiv.org/abs/2509.08285v2
• Date: Tue, 07 Oct 2025 04:34:21 GMT
• Title: Safety Factories - a Manifesto
• Authors: Carmen Cârlan, Daniel Ratiu, Michael Wagner,
• Abstract summary: We need to bridge the disconnect in methods and tools between software development and safety engineering.<n>We advocate for safety factories, which integrate safety tooling and methods into software development pipelines.
• Score: 1.1916129241436584
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Modern cyber-physical systems are operated by complex software that increasingly takes over safety-critical functions. Software enables rapid iterations and continuous delivery of new functionality that meets the ever-changing expectations of users. As high-speed development requires discipline, rigor, and automation, software factories are used. These entail methods and tools used for software development, such as build systems and pipelines. To keep up with the rapid evolution of software, we need to bridge the disconnect in methods and tools between software development and safety engineering today. We need to invest more in formality upfront - capturing safety work products in semantically rich models that are machine-processable, defining automatic consistency checks, and automating the generation of documentation - to benefit later. Transferring best practices from software to safety engineering is worth exploring. We advocate for safety factories, which integrate safety tooling and methods into software development pipelines.

Related papers

• Training Language Models to Generate Quality Code with Program Analysis Feedback [66.0854002147103]
  Code generation with large language models (LLMs) is increasingly adopted in production but fails to ensure code quality.<n>We propose REAL, a reinforcement learning framework that incentivizes LLMs to generate production-quality code.
  arXiv  Detail & Related papers  (2025-05-28T17:57:47Z)
• SafeAgent: Safeguarding LLM Agents via an Automated Risk Simulator [77.86600052899156]
  Large Language Model (LLM)-based agents are increasingly deployed in real-world applications.<n>We propose AutoSafe, the first framework that systematically enhances agent safety through fully automated synthetic data generation.<n>We show that AutoSafe boosts safety scores by 45% on average and achieves a 28.91% improvement on real-world tasks.
  arXiv  Detail & Related papers  (2025-05-23T10:56:06Z)
• Software Security Mapping Framework: Operationalization of Security Requirements [12.04694982718246]
  The Software Security Mapping Framework is a structured solution designed to operationalize security requirements across hierarchical levels.<n>The framework systematically maps 131 refined security requirements to over 400 actionable operational steps spanning the software development lifecycle.<n>It is grounded in four core security goals: Secure Software Environment, Secure Software Development, Software Traceability, and Vulnerability Management.
  arXiv  Detail & Related papers  (2025-05-22T06:34:48Z)
• Integrating DAST in Kanban and CI/CD: A Real World Security Case Study [2.3480418671346164]
  Web application attacks and exploited vulnerabilities are rising.<n>It is increasingly crucial to integrate security into modern development practices.<n>It is challenging to adopt security practices and activities in modern development practices.
  arXiv  Detail & Related papers  (2025-03-27T19:46:05Z)
• LightSC: The Making of a Usable Security Classification Tool for DevSecOps [0.0]
  We propose five principles for a security classification to be emphDevOps-ready We then exemplify how one can make a security classification methodology DevOps-ready. Since such work seems to be new within the usable security community, we extract from our process a general, three-steps recipe' Our tool is perceived (by the test subjects) as most useful in the design phase, but also during the testing phase where the security class would be one of the metrics used to evaluate the quality of their software.
  arXiv  Detail & Related papers  (2024-10-02T17:17:14Z)
• Position: How Regulation Will Change Software Security Research [3.8165295526908243]
  We argue that software engineering research needs to provide better tools and support that helps industry comply with the new standards. We argue for a stronger cooperation between legal scholars and computer scientists.
  arXiv  Detail & Related papers  (2024-06-06T15:16:44Z)
• Software Repositories and Machine Learning Research in Cyber Security [0.0]
  The integration of robust cyber security defenses has become essential across all phases of software development. Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
  arXiv  Detail & Related papers  (2023-11-01T17:46:07Z)
• Embedded Software Development with Digital Twins: Specific Requirements for Small and Medium-Sized Enterprises [55.57032418885258]
  Digital twins have the potential for cost-effective software development and maintenance strategies. We interviewed SMEs about their current development processes. First results show that real-time requirements prevent, to date, a Software-in-the-Loop development approach.
  arXiv  Detail & Related papers  (2023-09-17T08:56:36Z)
• ChatDev: Communicative Agents for Software Development [84.90400377131962]
  ChatDev is a chat-powered software development framework in which specialized agents are guided in what to communicate. These agents actively contribute to the design, coding, and testing phases through unified language-based communication.
  arXiv  Detail & Related papers  (2023-07-16T02:11:34Z)
• Empowered and Embedded: Ethics and Agile Processes [60.63670249088117]
  We argue that ethical considerations need to be embedded into the (agile) software development process. We put emphasis on the possibility to implement ethical deliberations in already existing and well established agile software development processes.
  arXiv  Detail & Related papers  (2021-07-15T11:14:03Z)
• Technology Readiness Levels for Machine Learning Systems [107.56979560568232]
  Development and deployment of machine learning systems can be executed easily with modern tools, but the process is typically rushed and means-to-an-end. We have developed a proven systems engineering approach for machine learning development and deployment. Our "Machine Learning Technology Readiness Levels" framework defines a principled process to ensure robust, reliable, and responsible systems.
  arXiv  Detail & Related papers  (2021-01-11T15:54:48Z)
• Technology Readiness Levels for AI & ML [79.22051549519989]
  Development of machine learning systems can be executed easily with modern tools, but the process is typically rushed and means-to-an-end. Engineering systems follow well-defined processes and testing standards to streamline development for high-quality, reliable results. We propose a proven systems engineering approach for machine learning development and deployment.
  arXiv  Detail & Related papers  (2020-06-21T17:14:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.