Frequently Asked Questions

No.  Most organizations with a commercial license for Socrates deploy this tool on their own hardware behind their firewall with complete control over how security is managed.  The term “web-based” means that Socrates operates over a network rather than being installed on individual PCs. In addition to facilitating collaboration between authorized users, operating over a network is advantageous for IT security management because it provides centralized control over access to the tool and stored data. Being “web-based” also means that users simply use a browser to access Socrates rather than installing software on their own notebook computer.

Yes.  In addition to a report-style copy of the argument that can be generated in .docx or .pdf format , Socrates provides an export function that allows user to filter the information in an argument to enhance communication so that only the information pertinent to the stakeholders can be shared with them. It is also very easy to give stakeholders “read-only” access to a live version of the argument, provided they have been given appropriate access by administrators.

No. Socrates does not depend on other tools that must be used in conjunction with Socrates. Recognizing that there is not a “one size fits all” approach, Socrates was designed to accommodate individual choices about what other tools are used for safety assurance. You can decide to use Socrates without the need to buy other tools. The choice is entirely yours.

Yes. You can integrate other tools in your ecosystem with Socrates using its REST API programming interface. Almost anything that a user can do using the browser UI can also be done through the programming interface. You also have an option to export arguments, or selected elements of an argument, into a CSV file. A typical use of this export capability is generating a list of test results that are required to finish an assurance case.

A drawing tool just creates an image that can be pasted into a report. Each time a change is made, it can be tedious and time-consuming to re-draw the image. Often no one bothers to re-draw the image until it’s time to issue the report. Socrates provides a user with a completely different experience. With Socrates, a user creates and maintains an internal representation of an argument that is rendered in either a graphical or tabular format. Changes are easily made, such that the argument is automatically rendered to show the result of the changes. Socrates also provides a variety of features that operate on the underlying representation of an argument.

Socrates automates some of the tedious and error-prone tasks of creating and maintaining assurance cases. Socrates also provides static analysis of assurance case arguments to flag rule violations. Other features of Socrates such as the ability to create and instantiate re-useable patterns also helps users work more efficiently. There is no reason why Socrates couldn’t be used to display an automatically generated argument imported into Socrates using the REST API. However, the intent of Socrates is to support critical thinking rather than replace critical thinking.

In general, an assurance case is a claim supported by a reasoned and compelling argument based on a body of evidence, where the claim offers assurance about a system, product, service or process. The assurance case often takes the form of a report. The assurance case is sometimes represented in a structured format, such as tree-shaped graph or table, which might be embedded in a report. When an assurance case offers assurance about safety, it can be called a “safety assurance case” or more simply, a “safety case”. There are other kinds of assurance cases. For example, a “security assurance case” offers assurance about the security of a system, product, service or process.

“Live” in this context means that Socrates is acquiring numerical data from an external source that is typically an indicator of performance. Sometimes called Key Performance Indicators (KPI) or Safety Performance Indicators (SPI), these indicators can be attached to specific nodes of an argument. For example, there might be an indicator that represents the frequency at which a particular safety condition is violated during testing or operational use of a system. As the external data is updated, the indicators displayed to the Socrates user are refreshed. With indicators, Socrates can be used as a “dashboard” in the operationalization of a safety process.

While Socrates is not designed specifically to support STPA, it can be used in conjunction with this popular method of analysis. For example, when using the Eliminative Argumentation (EA) approach within Socrates, Unsafe Control Actions (UCA) identified using STPA could be mapped directly to defeater nodes.

Socrates allows browsable links to be created from nodes in an argument to any document or other artifact that the user can access through the browser. This approach has several advantages over a tool that maintains an internal copy of documents. Socrates also shows users which artifacts are referenced and the location of these references in the argument.

Socrates is not tied to the use of any particular standard or other form of guidance. Socrates includes a feature to support traceability from nodes of an argument to any list of “shall statements”, such as elements parsed out of a published standard. CSL can also help with providing re-useable argument patterns based on published standards.

Socrates offers users something very different than a toolbox.  The aim of Socrates is to help users combine the results of analysis, testing, reviews, and other such activities into a single unified comprehensive “argument” that speaks directly to the ultimate purpose of a SSA, namely, to demonstrate that the aircraft and systems, as implemented, meet the safety requirements established by the PSSA.  A toolbox alone is not enough to explain why all of the evidence adds up to a sound conclusion.  Socrates allows a user to gather evidence produced by other tools and then combines this evidence into a reasoned and compelling argument.

Socrates includes a variety of features intended to support large arguments. For example, arguments can be organized into sub-arguments which can be selectively displayed so that the user controls how much detail is visible.   Another powerful feature is the ability to apply filters to arguments to provide limited views of an arguments from different perspectives, e.g., only show branches of the argument that are incomplete. Also, for users who simply don’t like graphical representations, Socrates provides users with the option of rendering arguments in a tabular format.  Socrates users can switch between graphical and tabular formats with a single mouse click.

The largest argument created using Socrates that we know of, so far, has approximately 3,000 nodes.  Most of the time, Socrates users are viewing only a limited portion of a large argument, and so rendering the argument is very efficient.  This  PDF shows an example of a medium-size argument created using Socrates for the CERN Large Hadron Collider Machine Protection System.

Yes. While a licensed copy of Socrates provides a limited number of seats for users who can edit arguments, a standard license also includes an unbounded number of “read-only” seats. A Socrates user in your organization with administrative privileges can add number of read-only users at no extra cost.  This can be a great way to provide other stakeholders, such as developers and executive decision-makers, with direct visibility into the state of an evolving assurance case. See Socrates License Details for more information

A licensed copy of Socrates provides a limited number of seats for users who can create and maintain arguments.  See Socrates License Details for more information.  However, a standard license also includes an unbounded number of “read-only” seats.

Multiple arguments can be created and maintained within an instance of Socrates deployed by an organization. By default, arguments are private with access restricted to specific users by invitation.  However, it is possible to grant access to particular arguments for all users, if so desired.

Goal Structuring Notation (GSN) is graphical notation that can be used to represent a structured argument. This notation is defined in a community standard developed by the SCSC Assurance Case Working Group (ACWG).  GSN, including the use of dialectics, is one of several notations supported by Socrates.

Eliminative Argumentation (EA) is a variant of Goal Structuring Notation (GSN) that may be used to systematically improve confidence in a safety case via “defensible reasoning” wherein reasons to doubt safety claims are introduced and subsequently eliminated.  This concept was first described by John Goodenough, Charles Weinstock, and Ari  Klein at the Carnegie Mellon University (CMU) Software Engineering Institute (SEI). EA is supported by Socrates and has been used extensively by CSL in client projects.  Several publications elaborate on CSL’s experience with EA including “Eliminative Argumentation for Arguing System Safety – A Practitioner’s Experience” and “Incremental Assurance Through Eliminative Argumentation”.

This depends on whether the legacy tool provides a means to export arguments in a format that represents the structure of an argument, i.e., not just an image.  If so, then it should be a simple task to create a script that pushes an exported argument into Socrates using its REST API.  CSL could help with this task, if so desired.

It’s true that this particular standard does not focus on argumentation.  CENELEC EN 50129 takes a prescriptive approach by specifying the structure of a safety case leaving a user of this standard to fill in details, e.g., evidence of safety management, evidence of quality management, etc.  This prescriptive approach might work well enough for well established technology.  Socrates could be used to provide logical structure for managing this evidence using a pre-defined template based on CENELEC EN 50129.  However, like many other industries, rail signalling technology is rapidly evolving with new kinds of sensors and the use of Machine Learning for advanced automation.  Instead of a prescribed structure approach to developing a safety case, managing safety risk associated with emergent technology will depend on critical thinking – and this is where Socrates would be especially helpful.

Yes, we have used Socrates to create an argument represented in NASA’s FAN approach to assurance argumentation for overarching properties. The ability of Socrates to render arguments in a tabular format was especially useful in the case of making FAN style arguments.

Most new users of Socrates learn how to perform basic tasks such as navigating an argument within a few minutes. Most basic tasks only involve simple point-and-click interactions.  More advanced features require more time to learn, but much can be done with Socrates before learning everything that it offers.