Ben Brosgol, AdaCore
How does one demonstrate that a system is “safe enough” for application domains such as avionics, where a software failure can lead to loss of human life? Additionally, the risk of system penetration from inadvertent or malevolent sources has raised the stakes and highlighted the need to pay serious attention to security. However, it is unrealistic to add security to a system as an afterthought.
When developing safety-critical software, the language chosen is vital. However, common candidates such as C, C++, Java, and Ada are too complex in their entirety. Thus, language subsets are meeting the challenge.