[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ieee] Re: Re: Quick Re: to Dick Johnson's Re: COTS scope



When Vince Lipsio talks about "mission critical" he is talking about
systems where health, safety, and similar critical issues are involved. 
Examples include aircraft control (such as "fly-by-wire), nuclear plant
control, and medical devices.  

That's the kind of systems he works on.  

I place voting systems firmly in this category.   


Stan Klein


On Fri, 2004-12-03 at 19:10, Andrew Berg wrote:
> Perhaps this is another example of "IEEE 1583 Specific Terminology" but  
> are we all working from the same definition of "mission critical" here?   
> Who certifies systems (or even components) for "mission critical" use?   
> Lots of people and orginizations do lots of things which are clearly  
> critical to their success on Microsoft OSs.
> 
> In previous jobs, I have had to perform maintanence and troublshooting on  
> a couple of Pont of Sale systems that were built on Microsoft OSs using  
> Microsoft Visual Basic and Microsoft Access.  These are pretty clearly  
> mission critical to the stores that use them.  Some kind of certification  
> probably would not have hurt them, but then probably would not have helped  
> all that much, either.
> 
> -andrew
> 
> On Fri, 3 Dec 2004 13:01:48 -0500 (EST), Vincent J. Lipsio  
> <Vince@LIPSIO.COM> wrote:
> 
> >> My best understanding (and I may be wrong) is that Diebold software runs
> >> on Windows2000 and that its GEMS software uses Access.  I intended the
> >> "DRE" reference to be generic and to include the voting system and not
> >
> > Fair enough; however, 1583 does not in any way apply to the GEMS or to
> > anything else that is not at the polling place; therefore, it is simply
> > irrelevant to the COTS scope we are discussing.
> >
> >
> >> Inspection of Windows CE would indeed be a major chore.  But without
> >
> > Which is why it is not used in any mission critical system to the best
> > of my knowledge.  There are commercial RTOSes that are used in such  
> > systems,
> > and their source code has been reviewed so that they could be used in  
> > those
> > systems, and I see RTOSes advertise that they are certified for use in
> > certain types of systems, but to the best of my knoweldge, no Microsoft
> > OS has ever been certified for any mission critical use.
> >
> >
> >> inspection, how can we have any assurance that there aren't deliberate
> >> backdoors in the OS, for example?
> >
> > Even in systems where malicious backdoors are not a concern, standards
> > for critical systems require all source code to be reviewed.
> >
> >
> >> If one of the requirements of the P1583 standard is to accommodate
> >> existing DRE designs, however flawed, we should say so explicitly in
> >> the document.
> >
> > As with price considerations, as I argued earlier this year:  If the
> > purpose is to cap development costs, and that concern may preempt the
> > purposes stated in the scope of 1583, then that, too, should be added to
> > the scope.
> >
> > Other industries are required to treat COTS as we are proposing and,
> > unless we are indeed trying to accommodate existing flawed designs,
> > we should also; else, we should say so, as Dave wrote, explicitly in
> > the document.
> >
> >
> > Vince
-- 
Stanley A. Klein <sklein@cpcug.org>