Mission-Critical and Safety-Critical Systems Handbook Quotes

“Open-loop control leads to assumptions by its nature; and unverified assumptions are very, very frequently the root cause of high-risk failure modes in safety- and mission-critical systems.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“Safety cannot be left to an internal model of the physical system that is not continuously updated and verified.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“Another aspect of provability occurs during operation, but must be planned for during design. The idea can be reduced to verify reality.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“Independently designed and tested failsafe routines that are not part of the primary control code are key to reliable, demonstrable safety. Put more simply: CYA.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“It may seem counterintuitive to save work by allowing more than one piece of code to perform the same task. It’s not.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“When the failure of your code could result in the loss of a quarter-billion-dollar aircraft and human lives, clarity counts.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications

“the process chosen is often much less critical to success than the simple existence of a process.”
― Kim Fowler, Mission-Critical and Safety-Critical Systems Handbook: Design and Development for Embedded Applications