[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ieee] Re: Re: Quick Re: to Dick Johnson's Re: COTS scope
When Vince Lipsio talks about "mission critical" he is talking about
systems where health, safety, and similar critical issues are involved.
Examples include aircraft control (such as "fly-by-wire), nuclear plant
control, and medical devices.
That's the kind of systems he works on.
I place voting systems firmly in this category.
On Fri, 2004-12-03 at 19:10, Andrew Berg wrote:
> Perhaps this is another example of "IEEE 1583 Specific Terminology" but
> are we all working from the same definition of "mission critical" here?
> Who certifies systems (or even components) for "mission critical" use?
> Lots of people and orginizations do lots of things which are clearly
> critical to their success on Microsoft OSs.
> In previous jobs, I have had to perform maintanence and troublshooting on
> a couple of Pont of Sale systems that were built on Microsoft OSs using
> Microsoft Visual Basic and Microsoft Access. These are pretty clearly
> mission critical to the stores that use them. Some kind of certification
> probably would not have hurt them, but then probably would not have helped
> all that much, either.
> On Fri, 3 Dec 2004 13:01:48 -0500 (EST), Vincent J. Lipsio
> <Vince@LIPSIO.COM> wrote:
> >> My best understanding (and I may be wrong) is that Diebold software runs
> >> on Windows2000 and that its GEMS software uses Access. I intended the
> >> "DRE" reference to be generic and to include the voting system and not
> > Fair enough; however, 1583 does not in any way apply to the GEMS or to
> > anything else that is not at the polling place; therefore, it is simply
> > irrelevant to the COTS scope we are discussing.
> >> Inspection of Windows CE would indeed be a major chore. But without
> > Which is why it is not used in any mission critical system to the best
> > of my knowledge. There are commercial RTOSes that are used in such
> > systems,
> > and their source code has been reviewed so that they could be used in
> > those
> > systems, and I see RTOSes advertise that they are certified for use in
> > certain types of systems, but to the best of my knoweldge, no Microsoft
> > OS has ever been certified for any mission critical use.
> >> inspection, how can we have any assurance that there aren't deliberate
> >> backdoors in the OS, for example?
> > Even in systems where malicious backdoors are not a concern, standards
> > for critical systems require all source code to be reviewed.
> >> If one of the requirements of the P1583 standard is to accommodate
> >> existing DRE designs, however flawed, we should say so explicitly in
> >> the document.
> > As with price considerations, as I argued earlier this year: If the
> > purpose is to cap development costs, and that concern may preempt the
> > purposes stated in the scope of 1583, then that, too, should be added to
> > the scope.
> > Other industries are required to treat COTS as we are proposing and,
> > unless we are indeed trying to accommodate existing flawed designs,
> > we should also; else, we should say so, as Dave wrote, explicitly in
> > the document.
> > Vince
Stanley A. Klein <firstname.lastname@example.org>