[zaroth]

There are a vast number of “known bugs that could lead to deaths” in these devices.

But when the bug is known to be hit only is astronomically slim scenarios, they don’t rework the entire stack to eliminate it because, well perhaps it is more likely to cause more harm than good?

[mehrdadn]

Maybe it depends on what you'd call a "bug". Even a flip-flop always has a nonzero probability of failure via metastability, but I wouldn't classify every system that uses a flip-flop as "buggy". Though to be honest now I'm not really sure what a consistent and useful definition of a "bug" is, if it's even clear and noncircular. (Maybe the best definition is "has a failure mode unaccepted by the users"? Not sure.)

[Senderman]

The state of "Bug" vs. "not a bug" is similarly non-binary.

"unaccepted by users" is circular in this particular discussion, because it started with trying to tease out whether a rare* safety* risk was "acceptable."

* All these debatable words tell me GuB-42's comment is taking the right approach.

[mehrdadn]

Yeah, I think you're probably right.