[SystemSafety] Collected stopgap measures

Paul Sherwood paul.sherwood at codethink.co.uk
Sun Nov 4 21:53:32 CET 2018


On 2018-11-04 11:41, Martyn Thomas wrote:
> Please don't take offense at the style of some of the responses on this
> list. The signal-to-noise ratio is generally reasonably high, there's a
> lot of expertise here (and a lot of frustration because so many
> safety-related systems are built unprofessionally and unsafely and it
> seems impossible to achieve the necessary culture changes).

Noted.

> Your questions and challenges have been constructive and useful, in my
> opinion.

Thank you.

> You are right of course that Linux is used in critical systems but it 
> is
> an open question whether that is adequately safe, secure or (in some
> countries) legal, because of the problem of establishing its effect on
> the dependability of the system.

Yup, understood, and I recognise the systemic difficulties in attempting 
to answer that question.

We can affect dependability in a multitude of ways, though.

One anti-pattern I've grown a bit tired of is people choosing a 
micro-kernel instead of Linux, because of the notional 'safety cert', 
and then having to implement tons of custom software in attempting to 
match off-the-shelf Linux functionality or performance. When application 
of the standards leads to "develop new, from scratch" instead of using 
existing code which is widely used and known to be reliable, something 
is clearly weird imo.

> (There's been a lot of debate here
> about the "proven in use" approach to assurance. Summarising that
> deserves a separate thread but, in essence, there's insufficient
> scientific basis for almost all such claims).

> So please hang in here. We need people who are doing their best and
> willing to engage with others who are doing the same.

Agreed. I think I'll need to get some air, first :-)



More information about the systemsafety mailing list