[C-safe-secure-studygroup] [SystemSafety] [cip-dev] Critical systems Linux
paul.sherwood at codethink.co.uk
Thu Nov 22 09:24:27 GMT 2018
>>> The question is:-
>>> As Linux is monolithic, already written (with minimal
>>> docs) and not to any coding standard
>>> How would the world go about making a Certifiable Linux?
>>> Is it possible?
Sadly most of the followon discussion seems to have stayed only on
systemsafetylist.org  which rather reduces its impact IMO.
I cross-posted in the hope that knowledge from the safety community
could be usefully shared with other communities who are (for better or
worse) considering and in some cases already using Linux in
safety-critical systems. For example Linux Foundation is actively
soliciting contributors expressly for an initiative to establish how
best to support safety scenarios, as discussed at ELCE  with
contributors from OSADL (e.g. ) and others.
Perhaps I'm being stupid but it's still unclear to me, after the
discussion about existing certificates, whether the 'pre-certification'
approach is justifiable at all, for **any** software, not just Linux.
As I understand it, for any particular project/system/service we need to
define safety requirements, and safety architecture. From that we need
to establish constraints and required properties and behaviours of
chosen architecture components (including OS components). On that basis
it seems to me that we must always prepare a specific argument for an
actual system, and cannot safely claim that any generic
pre-certification fits our use-case?
Please could someone from systemsafetylist.org reply-all and spell it
out, preferably without referring to standards and without triggering a
lot of controversy?
More information about the C-safe-secure-studygroup