Everyone who writes safety critical software should read this

[bearophile]

Walter Bright:

> I think you're missing the point. Improving the quality of the 
> software is not the answer to making fail safe systems.

To make high integrity software you have to start with reliable 
tools, and then use the right testing methodologies, sometimes 
you have to write down proofs, then you have to add redundancy, 
to use the right politics in the firm that writes the software, 
etc. Improving the quality of the language is not enough, but 
it's useful. You have to face the reliability problem from all 
the sides at the same time.

All subsystems can fail, but to to make a reliable system you 
don't start building your whole system using the less reliable 
sub-parts you can find in the market. You use "good" components 
and good strategies at all levels.

Bye,
bearophile