[burstmode]

>If your product has a software-related failure, customers won't care about all of your certifications. Only the end product.

If you're in a market where a ASIL certification is needed, the customers ONLY care about this certifications. I keeps them out of jail.

[nrclark]

Can you point me at some more detailed rules that support your assertion? Not trying to argue - I’m actually interested to read more details on that.

[rwmj]

It's the reason why some companies, like IBM [disclosure: I work for Red Hat], seem to sell products even though there seems to be little rational reason why customers would buy them, as in they have poorer performance or quality at a much greater price. Those products are certified against dozens of financial, safety, security or other standards, and customers in certain markets (government, military, nuclear, automotive etc) simply have to buy the certified products. The consequences of not doing so range from products not being supported, all the way to going to jail for gross negligence.

Edit: I wrote a rather highly rated HN comment about why Red Hat makes money last year: https://news.ycombinator.com/item?id=35588297

[jeffrallen]

Another example of this is FIPS-140 crypto. It is objectively bad crypto in the 2020's. But it's mandated in some settings for either bureaucratic reasons or due to regulatory capture.

[throwaway173738]

It’s not really a rule, but rather in some environments you have to be able to say in court that you did everything you could to make sure your software worked safely and correctly. Sometimes you will be risking criminal charges if you can’t.

[f1shy]

The truth is, too many managers have never read the ISO document, and follow the CYA methodology, and ask for everything to be certified. The ISO just says (bare with me with this stupid simplification) “do whatever you want, but make sure p(disaster)<1e-20. You have to be able to justify decisions, but will not helt having certified frameworks, os, and tools, if you did a bad FMEDA

[szundi]

Following this logic it seems to be a good choice to buy RHEL because you have no chance running linux with those probability margins that you just wrote. Electronic components might have those. So stay out of jail

[f1shy]

There is NO market where “ASIL” is required. Of course if something happens you better have a safety case as described in the ISO26262, or a good excuse. That being said, that a system has a safety case according to ISO26262 ASIL D, does bot mean at all that all pieces must be certified.

Currently working in a project where ASIL D is reached by having an independent microcontroller, whatching out the whole QM mess.

[foooorsyth]

>There is NO market where “ASIL” is required

Define “required”. If every single legal department at every single major automotive company says “we must obtain ASIL-B certification for our gauge cluster software or we can’t sell cars”, does it matter if regulators don’t overtly mandate it? The legal environments of all of the major automotive markets make it a de facto requirement.

[f1shy]

The ISO26262 was defined by the automakers themselves (almost all were represented in the committee) so yes, they want to follow it. There is no legal requirement. It does not specially help in case of litigation either.

[rcxdude]

It's not legally mandated, but the dynamics of the regulation and the risk-averse nature of companies mean that it's effectively become a requirement to compete: if you don't have it, you're only going to sell to the rare company that is willing to stick their neck out and deal with novel arguments in the paperwork themselves. For commercial aerospace that is none of the manufacturers.

(someone else might come along and certify it themselves, effectively acting as a middleman, but then they're going to get most of the money)