[adrianN]

You'd be surprised what fraction of a safety critical codebase is just mundane code that anybody can understand with the same amount of effort it takes for "normal" software. The real problem is that most outsiders don't understand the requirements very well (unless you make them public too!), so they can likely only find "simple" code quality issues.

[king_magic]

That’s essentially my point. Just finding simple code quality issues isn’t going to cut it, especially when you need hundreds of thousands of dollars of hardware to even test the code against.

[adrianN]

It doesn't hurt either.

[king_magic]

Open sourcing my MRI scans for the general public to read "doesn't hurt" either. Doesn't mean it's a worthwhile/valuable thing to do.

And I also challenge you on "it doesn't hurt". Consider military adversaries developing targeted attacks against critical infrastructure because it's open sourced.

[adrianN]

You should assume that military adversaries already have access to the source code. Spies are a thing.

[king_magic]

So, make it worse by opening it up from the top 5-10 most capable state actors to the next 200?

This just isn’t a good idea. Full stop.

[Glawen]

Safety critical is by design simple, it is a requirement by the norms to ensure low complexity :)