COTS, integration and critical systems

The use of COTS (commercial off-the-shelf software) in critical systems raises a number of significant issues involving the software process, the choice of system architecture and the applicable standards. The payoffs can be high in terms of improvements in functionality, scheduling, lifecycle costs and risks. Inevitably, the inappropriate use of COTS can exacerbate problems precisely in these areas. In the case of critical systems, certification is a central issue that is likely to be affected by choosing COTS. By and large, existing defence standards preclude the use of COTS because of reverse engineering requirements. A solution in this respect may be the judicious use of service history. A further possibility is the use of firewalls between critical kernels and COTS which effectively means that only the firewall itself needs to be certified. In this context, it would seem profitable to review solutions used in security applications, where the concept of a firewall is well understood and other interesting properties, such as non-interference, have been extensively studied