Describe software hazard analysis in safety-critical systems and how it informs design choices for mission computers.

• A. Identify hazards, assess risk, implement mitigations like redundancy, safe states, testing; informs safety requirements.
• B. Hazard analysis is optional for safety-critical systems.
• C. Hazard analysis focuses only on cybersecurity.
• D. Hazard analysis is performed after deployment.

Answer: (A)

Hazard analysis in safety-critical software starts with systematically identifying potential software-induced hazards and their possible consequences, then assessing how likely they are and how severe the impact would be. From there, you pick mitigations to bring risk down to acceptable levels, and those mitigations shape the safety requirements and, in turn, the overall design of the mission computer. In practice, the analysis leads to design choices like adding redundancy to critical functions, defining safe or degraded (fail-safe) states, and implementing thorough testing, fault detection, isolation, and deterministic behavior to prevent or limit impact when something goes wrong. It also guides how software interfaces with hardware, how timing and scheduling are managed, and how health monitoring and alarms are structured, so the system can fail gracefully and continue operating safely or shut down safely if needed. This approach isn’t optional, it isn’t limited to cybersecurity, and it isn’t done after deployment—the hazard analysis informs development from the outset and evolves as the system is built, tested, and operated.