D for safety critical applications

[FeepingCreature]

On Tuesday, 9 February 2021 at 15:10:55 UTC, Dominikus Dittes 
Scherkl wrote:
> I know, here are a lot of people that have very little trust in 
> thoughts that someone else put into something, but it's their 
> choice: use something certified or spent a lot of time to prove 
> it yourself.
> If you proof it yourself anyway, a certificate maybe really 
> useless for you.

I don't see how a certificate relieves you of the responsibility 
to consider the safety and quality of your tools yourself.

You use a certified compiler. The certified compiler produces a 
bug. As a result, a product that you released doesn't work. Does 
that mean that it isn't your problem? No, of course it doesn't! 
It's still 100% on you to fix it. With that said, I don't 
understand what you are paying for. Are you paying for the vendor 
to think about security? But why would you want to use a tool 
from a vendor who doesn't think about security to begin with? One 
way or another, the buck stops with you, not the vendor.

It's not that if you consider the safety and security of your 
tools yourself, the certificate is useless for you. It's that you 
have to consider the safety and security of your tools *whether 
or not* they're certified.