From owner-freebsd-questions Wed Oct 9 12:27:31 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0AA137B401; Wed, 9 Oct 2002 12:27:28 -0700 (PDT) Received: from flamingo.mail.pas.earthlink.net (flamingo.mail.pas.earthlink.net [207.217.120.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B42343E6A; Wed, 9 Oct 2002 12:27:28 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0579.cvx22-bradley.dialup.earthlink.net ([209.179.200.69] helo=mindspring.com) by flamingo.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17zMUP-0001Dx-00; Wed, 09 Oct 2002 12:27:26 -0700 Message-ID: <3DA482D6.F618F6C5@mindspring.com> Date: Wed, 09 Oct 2002 12:26:14 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Nelson, Trent ." Cc: "'hackers@freebsd.org'" , "'questions@freebsd.org'" Subject: Re: FreeBSD usage in safety-critical environments References: <8F329FEDF58BD411BE5200508B10DA7607D71A10@exchptc1.switch.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Nelson, Trent ." wrote: > Has anyone had any experience with deploying FreeBSD in > safety-critical environments? Has any work been done attempting to certify > FreeBSD to any particular SIL? Is there any intention to do such a thing? > > If not FreeBSD, I'd be interested to hear if any has had exposure to > other BSD flavors being used in safety-critical environments. Life support systems need to be designed from the ground up. > I've just been shown a report at work that has been commissioned by > the UK Health & Safety Executives and sponsored by the UK Ministry of > Defense and Safety Regulation Group of the UK Civil Aviation Authority > undertaking a preliminary assessment of Linux for safety-related systems. > The report 'identifies' that it would be possible to certify Linux to SIL 1 > and SIL 2 quite easily, and SIL 3 with a little work. Tell me where these systems will be deployed, so I avoid going there. Seriously. > I'd hate to think that this would be an arena where BSD couldn't > compete. I'd also hate to think that the tendency for big players such as > the MoD or DoD etc to lean towards Linux is based on the general Linux > 'hype', rather than technical merit... Life support systems require formal proofs of correctness for code; since neither Linux nor FreeBSD is formally correct, in total, you would need to be insane to deplaoy either of them as, for example, a part of an air traffic control system. The same goes for AIX, Solaris, Windows, VMS, and most other systems. The SIL 1/2 stuff, from my understanding, depends on fast reboot times and other things that are out of the control of the OS, and are more BIOS things anyway (external signal state changes during debvice probes, etc., causing actions in the hardware attached to the ports, etc.). The biggest cost factor in an life support deployment (IMO) is the liability insurance. By becoming your own vendor, you get to assume all of the liability. Not a good thing, from a risk analysis perspective. 8-(. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message