Software of unknown pedigree
Software of unknown pedigree (SOUP) is software that was developed with a unknown process or methodology, or which has unknown or no safety-related properties.{{cite conference|author=Felix Redmill|book-title=Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2001, Budapest, Hungary, September 26–28, 2001|editor=Udo Voges|pages=[https://archive.org/details/computersafetyre0000safe/page/122 122]|title=The COTS Debate in Perspective|publisher=Springer|date=2001|isbn=978-3-540-42607-3|url-access=registration|url=https://archive.org/details/computersafetyre0000safe/page/122}} In the medical device development standard IEC 62304, SOUP expands to software of unknown provenance, and in some contexts uncertain is used instead of unknown, but any combination of unknown/uncertain and provenance/pedigree refer to the same concept; all with the same abbreviation.
The term SOUP is often used in the context of safety-critical and high integrity systems such as medical software {{endash}} especially in a medical device.
A risk that SOUP poses is that it cannot be relied upon to perform safety-related functions, and it may prevent other software, hardware or firmware from performing their safety-related functions. Addressing the risk involves insulating the safety-involved parts of a system from potentially undesirable effects caused by the SOUP.{{cite journal |url=https://www.mddionline.com/software/developing-medical-device-software-iec-62304 |title=Developing Medical Device Software to IEC 62304 |last=Hall |first=Ken |journal=EMDT - European Medical Device Technology |date=June 1, 2010 |access-date=2012-12-11}}
Rather than prohibiting SOUP, additional controls are often imposed to mitigate risk. Practices may include static program analysis and review of the vendor's development process, design artifacts, and safety guidance.{{cite journal |url=http://medicaldesign.com/engineering-prototyping/software/device-cots-soup-1111/ |archive-url=https://web.archive.org/web/20130123140527/http://medicaldesign.com/engineering-prototyping/software/device-cots-soup-1111/ |url-status=dead |archive-date=2013-01-23 |title=Device makers can take COTS, but only with clear SOUP |last=Hobbs |first=Chris |journal=Medical Design |date=2011-11-01}}
References
{{Reflist}}
Further reading
- {{cite conference|title=Safety in the SOUP|author=D. Frankis|book-title=Institution of Engineering and Technology Seminar on Pros and Cons of Using Commercial 'Off the Shelf' Components in Aviation Applications, London, UK, 4-4 Sept. 2007|pages=9–21|issn=0537-9989|isbn=978-0-86341-801-3|date=2007-11-05}}
{{software-eng-stub}}