SOUP stands for Software of Unknown (or Uncertain) Pedigree (or Provenance), and is a term often used in the context of safety-critical and safety-involved systems such as medical software. SOUP is software that has not been developed with a known software development process or methodology, or which has unknown or no safety-related properties.[1]

Often, engineering projects are faced with economic or other pressure to embody SOUP into their high integrity systems.[citation needed]

The problem with SOUP is that a) it cannot be relied upon to perform safety-related functions, and b) it may prevent other software, hardware or firmware from performing their safety-related functions. The SOUP problem is therefore one of insulating the safety-involved parts of a system from the SOUP and its undesirable effects.[2]

SOUP is now a defined term ("Software Of Unknown Provenance") in some medical device regulations through the standard IEC 62304:2006 "Medical device software – Software life cycle processes". It is not prohibited to use SOUP but additional controls are needed and the risk needs to be taken into account. Specific practices to take when using SOUP as part of a medical device may include review of the vendor's software development process, use of static program analysis by the vendor, design artifacts, and safety guidance.[3]

References

  1. Felix Redmill (2001). "The COTS Debate in Perspective". In Udo Voges. Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2001, Budapest, Hungary, September 26–28, 2001. Springer. pp. 122. ISBN 3540426078 ISBN 978-3-540-42607-3.
  2. Script error
  3. Script error

Further reading

  • D. Frankis (2007-11-05). "Safety in the SOUP". Institution of Engineering and Technology Seminar on Pros and Cons of Using Commercial 'Off the Shelf' Components in Aviation Applications, London, UK, 4-4 Sept. 2007. pp. 9–21. ISSN 0537-9989. ISBN 978-0-86341-801-3.