Reliability engineers often assume that reliability and safety are synonymous, but this assumption is true only in special cases.
Softwareโrelated accidents are usually caused by flawed requirements.
Safety is an emergent property of systems, not a component property.
Highly reliable components are not necessarily safe. .
What [software] must not do is not the inverse of what it must do. .
Requirement completeness: Requirements are sufficient to distinguish the desired behavior of the software from that of any other undesired program that might be designed. .