Software of unknown pedigree explained

Software of unknown pedigree (SOUP) is software that was developed with a unknown process or methodology, or which has unknown or no safety-related properties.^[1] In the medical device development standard IEC 62304, SOUP expands to software of unknown provenance, and in some contexts uncertain is used instead of unknown, but any combination of unknown/uncertain and provenance/pedigree refer to the same concept; all with the same abbreviation.

The term SOUP is often used in the context of safety-critical and high integrity systems such as medical software especially in a medical device.

A risk that SOUP poses is that it cannot be relied upon to perform safety-related functions, and it may prevent other software, hardware or firmware from performing their safety-related functions. Addressing the risk involves insulating the safety-involved parts of a system from potentially undesirable effects caused by the SOUP.^[2]

Rather than prohibiting SOUP, additional controls are often imposed to mitigate risk. Practices may include static program analysis and review of the vendor's development process, design artifacts, and safety guidance.^[3]

Further reading

• Safety in the SOUP. D. Frankis. Institution of Engineering and Technology Seminar on Pros and Cons of Using Commercial 'Off the Shelf' Components in Aviation Applications, London, UK, 4-4 Sept. 2007. 9–21. 0537-9989. 978-0-86341-801-3. 2007-11-05.

Notes and References

1. Felix Redmill. Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2001, Budapest, Hungary, September 26 - 28, 2001. Udo Voges. 122. The COTS Debate in Perspective. Springer. 2001. 978-3-540-42607-3. registration.
2. Developing Medical Device Software to IEC 62304 . Hall . Ken . EMDT - European Medical Device Technology . June 1, 2010 . 2012-12-11.
3. Device makers can take COTS, but only with clear SOUP . https://web.archive.org/web/20130123140527/http://medicaldesign.com/engineering-prototyping/software/device-cots-soup-1111/ . dead . 2013-01-23 . Hobbs . Chris . Medical Design . 2011-11-01.