Program 2019

Monday, 13 May 2019Tuesday, 14 May 2019Wednesday, 15 May 2019
8.00 – 8.30

Registration and welcome coffee

8.30 – 9.00

Welcome address by the chairman

Prof. Dr Dr h.c. Manfred BroyProf. Dr Dr h.c. Manfred Broy
Chair Software & Systems Engineering, Department of Informatics
Technical University of Munich, Germany


9.00 – 9.30

The future customer experience of actual and perceived vehicle safety

Alexander EdwardsAlexander Edwards
Strategic Vision, USA


Q&A and discussion


9.30 – 10.00

Update: Product liability and safety: US/EU issues

Jeffrey Greene Jeffrey Greene
Lawyer, Shareholder,
Greenberg Traurig, LLP, USA

Daniel Wuhrmann Daniel Wuhrmann
Attorney-at-Law (Germany),
reuschlaw Legal Consultants, Germany


10.00 – 10.30

What does the future hold for SOTIF, ISO PAS 21448?

  • Overview of where SOTIF is heading as it moves towards a full standard
  • Summary of the scope increase and added topics to support higher levels of automated driving

Kyle PostKyle Post
Vehicle Systems Safety Supervisor,
Ford Motor Company, USA

10.30 – 11.00

Coffee break

11.00 – 11.30

A testable scenario framework for OEDR through safety analysis using STPA for SOTIF

  • Generation of SOTIF related OEDR through STPA analysis
  • STPA analysis in application for SOTIF testable scenario framework
  • OEDR in consideration for SOTIF for verification and validation
  • Verification and Validation for SOTIF focusing on OEDR

Haiyan Fateh Haiyan Fateh
AV System Safety Engineer Autonomous System Safety,
General Motors

Hsing-Hua FanHsing-Hua Fan
AV System Safety Engineer,
General Motors, USA

11.30 – 12.00

Developing safer AI based systems using ISO 26262 and ISO 21448

Karl GrebKarl Greb
Director of Functional Safety,


12.00 – 12.30

Safety and security: latest approaches to coordination

  • Examining the challenges in vehicle resilience and product integrity
  • What are the latest updates from standardization?
  • Key coordination points between safety and security

Dr David WardDr David Ward
Head of Functional Safety,
MIRA Limited, UK

12.30 – 1.00 2.00

Integrating Functional Cybersecurity Concept Strategies and Functional Safety Concept Strategies

Dr Barbara CzernyDr Barbara Czerny
Technical Fellow Engineering, Functional Safety and Cybersecurity,
DURA Automotive Systems, USA

1.00 – 2.00


2.00 – 2.30

Static Verification of Non-Functional Software  Requirements in the ISO 26262 – Changes in the 2nd Edition

  • ISO-26262 verification goals include non-functional quality requirements: coding guidelines have to be respected, memory corruption by invalid pointer manipulations, stack overflows, or data races has to be prevented, freedom of interference has to be shown, and real-time deadlines have to be met
  • Non-functional requirements and methodological recommendations in the ISO/FDIS 26262 (2nd Edition) and illustrates the changes from the 1st Edition
  • Particular focus is on the role of static code analysis and tool qualification

Dr Daniel KästnerDr Daniel Kästner
AbsInt GmbH, Germany

2.30 – 3.00

Ensuring Automotive Safety and Consistency with Agile Development

  • Continuous integration and delivery process in automotive E/E development
  • Agile safety analysis process supported by semi-automated tooling
  • Scaling agile development for critical systems

Christof EbertChristof Ebert
Managing Director,
Vector Consulting Services, Germany

3.00 – 3.30

Securing the Connected Car from the Cloud

Dan SaharDan Sahar
VP Product,
Upstream Security, Israel

3.30 – 4.00

AV Cyber Protection

Issak DavidovichIssak Davidovich
C2A Security, Israel

4.00 – 4.30

Coffee break


4.30 – 5.00

Current chances and challenges in safety, SOTIF and security

Carsten GebauerCarsten Gebauer
Senior Expert, Bosch Center of Competence „Functional Safety“, Robert Bosch GmbH, Germany

Kyle PostKyle Post

Dr David WardDr David Ward


5.00 – 5.30

Fail Operational and ISO 26262, 2nd Edition

  • Basic Concept
  • Some Simple Examples
  • Applying ASIL decomposition

Carsten GebauerCarsten Gebauer

5.30 – 6.00

Fail Operational Systems in Autonomous Driving

  • Introduction
  • Considerations
  • Verification & Validation of Fail Operational Systems
  • Example of a Fail Operational System
  • Conclusion

Gurmit BanvaitGurmit Banvait
Senior System Safety Engineer,
General Motors Company, USA

Charles GuCharles Gu
System Safety Engineer,
General Motors Company, USA

Namitha JayakumarNamitha Jayakumar
System Safety Engineer,
General Motors Company, USA


CTI Networking Night

The CTI Networking Night is an opportunity to mingle with the participants, speakers, exhibitors and sponsors of the CTI Conference Automotive Glazing USA. Make new business contacts in a relaxed atmosphere, discuss the topics of the day with your colleagues and peers while enjoying delicious food and drinks.

8.00 – 8.30

Reception and welcome coffee

8.30 – 9.00

Short summary of the first day by the chairman

Prof. Dr Dr h.c. Manfred BroyProf. Dr Dr h.c. Manfred Broy


9.00 – 9.30

Characterizing the Safety of Automated Vehicles

  • Safety of the Intended Functionality (SOTIF)
  • System Theoretic Process Analysis (STPA)
  • Multi-agent safety, RSS (Responsibility Sensitive Safety)
  • Risk-based automated vehicle safety integrated model

Prof. Dr Juan PimentelProf. Dr Juan Pimentel
Professor, Electrical and Computer Engineering,
Kettering University, USA

9.30 – 10.00

Autonomous vehicles in urban spaces – threats and challenges

Karol NiewiadomskiDr.-Ing. Karol Niewiadomski
Product Manager Cyber Security, Functional Safety Expert,
SGS-TÜV Saar GmbH, Germany

10.00 – 10.30

How to achieve complete traceability as per ISO 26262 Standard for highly autonomous vehicle development

  • Automotive product Development with reduced risk by well-defined process
  • How to Achieve the Traceability based on the ISO 26262 standard using tool chain
  • Definition of the Project within the Requirement Management Tool
  • Process for Model Based Development & Requirement based Verification

Dr Abdolreza Fallahi
Software Architect Active Safety,
Aptiv, USA

Santoshkumar TeliSantoshkumar Teli
Functional Safety Manager,
Aptiv, USA

10.30 – 11.00

Strategic Analysis Techniques for Common Cause and Systematic Failures of Sensor Data

  • ASIL Assurance of Sensor Data
  • Architecture proposals for protection against random failures
  • Analysis for Systematic Faults of Common Sensing Elements
  • Basis for Argument for Engineering Judgment Acceptance of Common Cause Failures

Angelina KretzAngelina Kretz,
Principal Functional Safety Consultant,

11.00 – 11.30

Q&A and discussion

11.30 – 12.00

Coffee break


12.00 – 12.30

Qualitative Safety Analysis for System, HW and SW

  • Norms and Standards
  • Best practice for successful implementations

Dr Pierre MetzDr Pierre Metz
Organisational Safety Manager,
Brose Fahrzeugteile GmbH & Co. KG, Germany

12.30 – 1.00

How-To: Calculation of Hardware Metrics in items with redundant elements

  • HW Metric requirements in ISO 26262
  • PMHF issues with redundant items (Real examples for Airbag and ADAS Level 3/4)
  • Single Point Fault Metric (SPFM) and Latent Point Fault Metric (LPFM) in a redundant system
    • How is that described in ISO 26262
    • Common issues between OEM and Tier1
    • Real examples for Airbag and ADAS Level 3/4

Alexander MirmilsteinAlexander Mirmilstein
Functional Safety Coordinator, IEE S.A.,
Delegate for Luxembourg in ISO TC22/SC32/WG8, Luxembourg

Lino AlvesLino Alves
Hardware Safety Specialist

1.00 –1.30

Q&A and discussion

1.30 – 2.30


2.30 – 3.00

Calculating Diagnostic Coverage and Single Point Fault Metric for high-level safety mechanisms

  • HW Faults and their propagation to application level
  • Detection coverage of fault effects by high-level safety mechanism
  • Determining SPFM by applying Detection Coverage to FMEDA

Dr David BacaDr David Baca
Functional Safety Architect,
NXP, Germany

3.00 – 3.30

Stepwise building an ASIL system

  • Goal independent safety features for ASIL x system
    • System monitors
    • Platform SW monitors
    • Communication monitors
    • System Reset strategy
  • Goal dependent safety features for ASIL x system
  • Signals based feature monitoring

Kapil KumarKapil Kumar
Functional Safety Manager,
Aptiv, USA

3.30 – 4.00

Testing and qualification of optimizing compilers for functional safety

  • ISO 26262 compiler qualification
  • „„How to validate „non-functional“ compiler behavior such as optimizations
  • „„Examples of compiler optimization error

Remi van VeenRemi van Veen
Software Quality Engineer,
Solid Sands B.V., The Netherlands

4.00 – 4.30

SCDL 2.0: Update of Safety Concept Description Language

  • „„Overview of SCDL
  • „„Impact of ISO 26262 2nd Edition
  • „„Motivation of evolution of SCDL
  • „„International Standardization via ASAM
  • „„Use cases and applications

Shuhei YamashitaShuhei Yamashita
Principal Technical Expert/Senior Director,
DNV GL Business Assurance Japan K.K., Japan

Stephen NortonStephen Norton
Managing Director,
Quint Safety GmbH, Germany

4.30 – 5.00

Simplified functional safety process for prototype vehicles

  • Taylored functional safety process for prototype vehicles
  • „„Preliminary item definition
  • „„High-level hazard analysis and risk assessment
  • „„Derivation of safety measures

Dr Jan NowackDr Jan Nowack
Department Manager Transmission Software Functions,
FEV Europe GmbH, Germany

5.00 – 5.30

Model-based standard-compliance checks

  • Compliance-Models for Safety Standards: Requirements & Parameterized Processes
  • Automated Consistency and Completeness Checks
  • Generation of Safety Plan and Safety Cases
  • Practical Example: Certified Qualification Processes

Dr Oscar SlotoschDr Oscar Slotosch
Validas AG


8.30 – 9.00

Reception and welcome coffee

9.00 – 9.30

Short summary of the second conference day by the chairman

Prof. Dr Dr h.c. Manfred BroyProf. Dr Dr h.c. Manfred Broy


Dr Barbara CzernyDr Barbara J. Czerny
Technical Fellow Engineering, Functional Safety and Cybersecurity,
DURA Automotive Systems, USA

Dr David WardDr David Ward
Head of Functional Safety,
MIRA Limited, UK

9.30 – 11.00

Workshop session 1 – Overview of automotive standardization status

  • J3061 and the route to ISO/SAE 21434
  • „„Future legislative challenges (e.g. UNECE draft regulation)
11.00 – 11.30

Coffee break

11.30 – 1.00

Workshop session 2 – Cybersecurity Management

  • Cybersecurity lifecycle during product development
  • Interfaces and interactions with functional safety management
  • „Cybersecurity management post start of production
1.00 – 2.00


2.00 – 4.00

Workshop session 3 – Technical topics

  • Threat analysis and risk assessment
  • Communicating development requirements e.g. cybersecurity assurance levels (CAL)

End of the 8th International CTI Conference ISO 26262 USA