Software−related accidents are usually caused by flawed requirements..

Safety is an emergent property of systems, not a component property..

Requirement completeness: Requirements are sufficient to distinguish the desired behavior of the software from that of any other undesired program th….

What [software] must not do is not the inverse of what it must do. ..

Highly reliable components are not necessarily safe. ..

Reliability engineers often assume that reliability and safety are synonymous, but this assumption is true only in special cases..