From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f43e6,5ac12f5a60b1bfe
X-Google-Attributes: gidf43e6,public
X-Google-Thread: 103376,5ac12f5a60b1bfe
X-Google-Attributes: gid103376,public
From: eachus@spectre.mitre.org (Robert I. Eachus)
Subject: Re: Ariane 5 - not an exception?
Date: 1996/07/30
Message-ID: <EACHUS.96Jul30184744@spectre.mitre.org>#1/1
X-Deja-AN: 171165037
references: <Dv45EJ.8r@fsa.bris.ac.uk> <285641259wnr@diphi.demon.co.uk>
organization: The Mitre Corp., Bedford, MA.
newsgroups: comp.lang.ada,comp.software-eng
Date: 1996-07-30T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <483202904wnr@diphi.demon.co.uk> JP Thornley <jpt@diphi.demon.co.uk> writes:

  > The report also describes the software as "mission critical", which in 
  > my terminology suggests a much lower dependability of software than 
  > safety-critical.  Even though there were no crew at risk I would have 
  > expected the enormous financial cost of a failure to push the software 
  > into the safety-critical area.

   First, I think of mission critical as a different category than
safety critical.  In safety critical systems, fail safe is often an
option where in mission critical systems you need to fail operational.
And yes, systems can be safety AND mission critical.  Those are the
expensive ones.

   Having said that, this software should have been classed exactly
that way, given the amount of miscellaneous missle parts that ended up
scattered over the launch site, and the possibility that a guidance
failure could put the missle anywhere in the world.



--

					Robert I. Eachus

with Standard_Disclaimer;
use  Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...