[SystemSafety] Collected stopgap measures

Peter Bishop pgb at adelard.com
Sun Nov 4 12:13:27 CET 2018


On 04/11/2018 07:44, Andrew Banks wrote:
>>> Linux (and lots of other FOSS) is used in critical systems - even 
>>> safety-critical systems.
> Just because it is, doesn't mean it should
>
> I would love to see the safety case of anything running on Linux - or WinCE
> for that matter...
I think that takes too narrow a view.

The safety case is for the /s//ystem/ as a whole, and an important part
of assuring safety is the /architecture/ of the system rather than
individual components.

The architecture should seek to minimise the safety impact of individual
component failures . For example, common design paradigms where
"fail-silent" is safe are:

- primary system + safety monitor,

- cross-checking pair doing the same job but with diverse software and
hardware components (the pre-cooked bits)

Peter Bishop, Adelard

>
> A
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety

-- 
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: 5th Floor, Ashford Commercial Quarter, 1 Dover Place,
Ashford, Kent TN23 1FB
Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181104/ab587778/attachment.html>


More information about the systemsafety mailing list