Date: Wed, 09 Oct 2002 12:26:14 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: "Nelson, Trent ." <tnelson@switch.com> Cc: "'hackers@freebsd.org'" <hackers@freebsd.org>, "'questions@freebsd.org'" <questions@freebsd.org> Subject: Re: FreeBSD usage in safety-critical environments Message-ID: <3DA482D6.F618F6C5@mindspring.com> References: <8F329FEDF58BD411BE5200508B10DA7607D71A10@exchptc1.switch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Nelson, Trent ." wrote: > Has anyone had any experience with deploying FreeBSD in > safety-critical environments? Has any work been done attempting to certify > FreeBSD to any particular SIL? Is there any intention to do such a thing? > > If not FreeBSD, I'd be interested to hear if any has had exposure to > other BSD flavors being used in safety-critical environments. Life support systems need to be designed from the ground up. > I've just been shown a report at work that has been commissioned by > the UK Health & Safety Executives and sponsored by the UK Ministry of > Defense and Safety Regulation Group of the UK Civil Aviation Authority > undertaking a preliminary assessment of Linux for safety-related systems. > The report 'identifies' that it would be possible to certify Linux to SIL 1 > and SIL 2 quite easily, and SIL 3 with a little work. Tell me where these systems will be deployed, so I avoid going there. Seriously. > I'd hate to think that this would be an arena where BSD couldn't > compete. I'd also hate to think that the tendency for big players such as > the MoD or DoD etc to lean towards Linux is based on the general Linux > 'hype', rather than technical merit... Life support systems require formal proofs of correctness for code; since neither Linux nor FreeBSD is formally correct, in total, you would need to be insane to deplaoy either of them as, for example, a part of an air traffic control system. The same goes for AIX, Solaris, Windows, VMS, and most other systems. The SIL 1/2 stuff, from my understanding, depends on fast reboot times and other things that are out of the control of the OS, and are more BIOS things anyway (external signal state changes during debvice probes, etc., causing actions in the hardware attached to the ports, etc.). The biggest cost factor in an life support deployment (IMO) is the liability insurance. By becoming your own vendor, you get to assume all of the liability. Not a good thing, from a risk analysis perspective. 8-(. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA482D6.F618F6C5>