Subject: Re: [boost] Use of boost in safety critical work
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2014-12-06 09:29:40
On 6 Dec 2014 at 8:46, Edward Diener wrote:
> My last consulting job was for a company essentially doing "safety
> critical work" ( they were periodically inspected/checked by the FDA ).
> They felt that Microsoft's MFC and VC++ standard libraries were "safe"
> but I could not convince them that using Boost libraries were "safe".
> They were upset when they found bug reports against some Boost
> libraries, but evidently were not at all upset when I conversely pointed
> out bug reports against MFC and the VC++ compiler.
"Safe" in this context means there is someone to sue. It has a huge
effect on insurance premiums if there is no one to sue, you can't
securitise and package off the risk you see because of counterparty
Also, "safety critical" isn't some nebulous adjective. It's
rigorously defined in an IEC standard. And put simply, it means you
cannot put software which has not been verified by someone recognised
by insurers into a safety critical system.
That perversely enough can mean that stonking pieces of known crap
closed source software can be allowed in, while almost all open
source is almost always excluded because its review processes aren't
recognised by insurance. There are occasional exceptions, for example
SQLite3 someone paid for a full SIL verification and analysis, so it
gets in. Its unit test suite really is the gold standard for computer
software, it's *amazing*. And compared to SQLite3's testing, we here
in Boost are in the stone age - but then we are nothing like as well
-- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk