At 11:56 AM -0700 4/22/04, Jim & Mary Ronback wrote:Safety critical sofware has a lot of overlap with the requirements for high security software.
Can anyone think of any _differences_ between those domain (process and code-wise, not regulatory-wise).
Well, I would normally think of "safety critical" as an embedded application that controls a public system like an elevator, subway, or an airplane navigation system, and a "high security" application as one that controls a state defense function, such as an access control system to a bank vault or a missile launch/guidance app. As such, I would think that the two domains' failure states are likely to be completely different, depending on the _actual_ nature of the function that the applications perform. E.g., an elevator application should fail open on the ground floor, such as in a fire, whereas a missile launch application should fail closed. In my view, it all gets back to the nature of the "business" that the application is running.
Cheers,
Ken van Wyk KRvW Associates, LLC http://www.krvw.com
