From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,93594143658b43c2
X-Google-Attributes: gid103376,public
From: digitig@cix.compulink.co.uk ("Tim Rowe")
Subject: Re: Ada puff piece Boeing 777 "major disappointment"
Date: 1996/03/16
Message-ID: <DoDsIK.3Lq@cix.compulink.co.uk>#1/1
X-Deja-AN: 142956707
references: <4ib8va$fl3@fred.netinfo.com.au>
organization: Compulink Information eXchange
x-news-software: Ameol
newsgroups: comp.lang.ada
Date: 1996-03-16T00:00:00+00:00
List-Id: <comp.lang.ada>

The standard I quoted (Draft IEC 1508) is a *system* standard, not a 
software standard (software is specifically addressed in part 3), and the 
claim limits apply even (IIRC) in the presence of error-tolerant 
software. AFAICS (and it matches my own experience) part of it is down to 
the idea that in a system as complicated as modern ones, you don't even 
know what you *want* it to do to a confidence better than 1-1*10^5.

I think the solution *is* self evident, or at least part of the basic 
training of all engineers in disciplines other than software, as "KISS". 
(Keep It Simple, Stupid!)

digiTig
(Tim Rowe)