Hacker News new | ask | show | jobs
by nunuvit 1086 days ago
> Agree that many safety-critical coding standards are a grab-bag of sometimes dubiously-valuable rules.

What frustrates me is that most standards are self-aware of this and explicitly allow you to tailor them, but hardly anyone does that to a meaningful extent.
1 comments
munch117 1086 days ago
Do that and you are just creating targets for the next security auditor that you need any sort of certification or approval from.

In the end you'll choose the path of least resistance, which is to slavishly obey every rule on the checklist. It's not that people don't want to tailor the rules. They try at first, and then it gets beaten out of them.

Frustrating indeed.

link
nunuvit 1086 days ago
It's doable sometimes when there's a tailoring framework. Here's a publicly available example [1]. Though I admit that it's usually easier to do in the US than in the European Union, so your experience may vary.

[1] https://www.nasa.gov/seh/3-11_tailoring_and_customization

link
peplee 1086 days ago
I suppose I'm not surprised that this breakdown exists, I just didn't know it existed. Thank you for sharing.
link