[SystemSafety] Baseline Safety Assessment for a Linux-based OS to SIL 3 /ASIL D

[Paul Sherwood]

On 2025-05-08 10:19, Prof. Dr. Peter Bernard Ladkin wrote:

> Say I am a provider of software to be used in safety functions to the 
> 61508 standard. CTRL OS offers certain functions which I need. I have 
> (at least) two options. One is to write them myself. The second is to 
> use CTRL OS as part of my software. There are (at least) two decision 
> criteria. One is: which option will cost me more (in terms of all 
> resources)? The second is: which option will enhance the quality of my 
> product?
> 
> I don't see how your response helps answer either of those two 
> questions for me.

I was answering your question, as you framed it. If I were discussing 
with such a provider, I expect they would have (very) different 
questions, and lots of additional criteria.

> Please keep in mind that anyone who chooses Option 2 is going to have 
> to provide evidence to an assessor that the development processes along 
> with the 50+ pieces of documentation mandated by 61508-3 have been 
> followed for the SW. If CTRL OS is to be a part of the software then 
> that requirement includes CTRL OS. But I think we have it on record, 
> don't we, that you didn't use such a development process for CTRL OS; 
> you probably don't have much of that required documentation.
> 
> How are you going to deal with that conundrum?

I believe your interpretation of the record may be inaccurate (or 
perhaps mine is :) ), but in any case we have some confidence 
(increasing over time) in our processes and in our documentation. We 
will continue to satisfy our assessors, and to support our customers in 
satisfying theirs. More importantly we are aiming for defensible safety, 
which I argue must take precedence over blind compliance.

br
Paul