Security in High Reliability Applications: Is it safe?
Tuesday, August 26th, 2008
Increasingly in this modern world, we rely on systems where an error could cause financial disaster, organisational chaos, or in the worst case death. Software now plays a crucial role in these systems, but the disturbing fact is that the increasing use of embedded computers, controlling all sorts of devices, is moving us in the opposite direction.
Organisations like ‘Which?’ in the UK devote their energies to examining such devices. They test them thoroughly, but importantly they also examine and dismantle the devices to detect engineering defects, such as unsafe wiring. If they find a device unsafe it is rated as unacceptable and the public is protected against the dangerous device. But as soon as embedded computer systems are involved we have no such transparency. Cars, for example, are now full of computers and without access to the software details, there is no way to tell if these cars are ‘Unsafe at Any Speed’.
If you want to read Robert Dewar’s whole article at ESE Magazine, click here.
Code review checklists are usually a pain. They’re often ridiculous in length or content. They’re not fun to use. Checklists can be an excellent way of finding defects early in the development process, but most of the time, checklists are so impractical that they’re more of a hindrance than a help.
People have been writing software for over 50 years, and building embedded systems for 30 years. The one constant over all of that time is that features increase while schedules shrink.