> That is not to say that safety-critical code is perfect... just that it has a lot more rigour and inspection involved than run-of-the-mill website code.
I had assumed that as well until all of the horror stories around Toyota's firmware came to light.
Yes, the toyota case is a well publicised case.
Consider though, the number of safety critical systems that are out there performing perfectly everyday.
Of course, that is not proof of much, but the fact that you can name the Toyota case (and probably the Therac 25 case) means that the process generally works.
I had assumed that as well until all of the horror stories around Toyota's firmware came to light.
https://en.wikipedia.org/wiki/2009%E2%80%9311_Toyota_vehicle...