b. 1947, USA · Professor of Aeronautics and Astronautics at MIT
Also known as: Nancy G. Leveson
Nancy G. Leveson is the principal authority on software safety in systems where bad design can kill people. Her 1993 paper with Clark Turner, An Investigation of the Therac-25 Accidents, is the most widely-cited case study in safety-critical software engineering: it reconstructs the radiation-overdose deaths of cancer patients in the mid-1980s and shows that the failures were not random bugs but the predictable consequence of a software-only safety architecture, an ambiguous error-reporting interface, and a development organisation that lacked independent safety review.
Her textbook Safeware: System Safety and Computers (1995) extended the case-study method into a general theory of how complex software-controlled systems fail; Engineering a Safer World (2011) introduced STAMP, a system-theoretic accident model that has become standard in aerospace, healthcare and autonomous-vehicle safety analysis. The Therac-25 story is referenced repeatedly in this textbook as the canonical demonstration that interface design and safety engineering are the same discipline.
Related people: James Reason, Atul Gawande
Works cited in this book:
- An investigation of the Therac-25 accidents (1993) (with C.S. Turner)
- An investigation of the Therac-25 accidents (1993) (with Clark S. Turner)
- Engineering a Safer World; Systems Thinking Applied to Safety (2011)
Discussed in:
- Chapter 1: Introduction: What Is Usability? (When Usability Fails)
- Chapter 12: Healthcare Software Usability (Safety-Critical Systems)
- Chapter 10: Design Laws from Aviation and Engineering (Lessons from Aviation)