|
|
|
|
|
|
by Avamander
841 days ago
|
|
|
> You can get FuSa (functional safety) certified Linux; And they're going to ask how much for the recertification for each CVE fixed? I doubt that'd be cheap. > Neither Windows nor Linux are, to my knowledge, certified for SoL (safety-of-life) applications. I didn't have exactly SoL applications in mind, there are plenty of other situations where the stability of a system could cause a risk. Be it just an emergency call center server or a field laptop for looking up license plates - can't leave them unpatched (especially with some of the new legislation) but also downtime from poor updates could be really bad. |
|
|
FIPS has created an off-kilter perception about "recertification" because they require essentially the entire process when you change a single bit somewhere. Most certifications are not that harebrained.
Also if you need "certified" Linux, you are either already spending resources on it yourself, or paying someone else to do it. This might need adjusting for this new CVE practice, but it's going to be an adjustment and not a reset.
> […] can't leave them unpatched (especially with some of the new legislation) but also downtime from poor updates could be really bad.
Then pay someone to test and deliver.