“If computers systems technology is to be effectively and safely exploited, it is essential that those responsible for making decisions have sufficient guidance on the safety aspects on which to make these decisions” [IEC 61508-1 Introduction]

Is there enough guidance on COTS/OSS ?

The simple answer is no – but IEC 61508 is designed in a relatively open way – considering when it was written and that the authors were aware of a standard needing to be flexible enough to accommodate emerging technologies without breaking the fundamental concepts. “…has been conceived with a rapidly developing technology in mind…” [IEC 61508-1 Introduction]

So are the fundamental concepts of IEC 61508 applicable in COTS/OSS based systems ?

There is no simple answer to this one – but we believe it is yes.

In this article we will point out some main issues of using COTS/OSS software in the context of 61508 (and derivative) compliant safety-related systems. We will sketch what basic arguments are available, what the shortcomings of GNU/Linux and specifically of the Linux kernel are and what is available to address these shortcomings. Then we follow 61508s criteria and see what fits and what could be problematic followed by a brief outline of a general strategy in developing of COTS/OSS based safety cases based on the concept of cross-mapping application sector specific standards, concluded by a somewhat speculative view of in what direction we believe standards are developing and why this is good for COTS/OSS.

Read Full Paper (PDF Download)

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.