Software of unknown pedigree

SOUP stands for software of unknown (or uncertain) pedigree (or provenance), and is a term often used in the context of safety-critical and safety-involved systems such as medical software. SOUP is software that has not been developed with a known software development process or methodology, or which has unknown or no safety-related properties.^[1]

Often, engineering projects are faced with economic or other pressure to embody SOUP into their high integrity systems.^{[citation needed]}

The problem with SOUP is that it cannot be relied upon to perform safety-related functions, and it may prevent other software, hardware or firmware from performing their safety-related functions. The SOUP problem is therefore one of insulating the safety-involved parts of a system from the SOUP and its undesirable effects.^[2]

SOUP is now a defined term ("Software Of Unknown Provenance") in some medical device regulations through the standard IEC 62304:2006 "medical device software – software life cycle processes". It is not prohibited to use SOUP but additional controls are needed and the risk needs to be taken into account. Specific practices to take when using SOUP as part of a medical device may include review of the vendor's software development process, use of static program analysis by the vendor, design artifacts, and safety guidance.^[3]

References

^ Felix Redmill (2001). "The COTS Debate in Perspective". In Udo Voges (ed.). Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2001, Budapest, Hungary, September 26–28, 2001. Springer. pp. 122. ISBN 978-3-540-42607-3.
^ Hall, Ken (June 1, 2010). "Developing Medical Device Software to IEC 62304". EMDT - European Medical Device Technology. Retrieved 2012-12-11.
^ Hobbs, Chris (2011-11-01). "Device makers can take COTS, but only with clear SOUP". Medical Design. Archived from the original on 2013-01-23.

Software of unknown pedigree

References

Further reading