(no title)

However, most relevant regulation (IEC61508, ISO26262, DO-178X) requires that systems controlling machines in automotive, rail or aerospace have a possibility of dangerous faults lower than 10^-9 (over the expected lifespan).

Many critical control systems like this are formally verified and/or extremely well-tested and have redundancy in both software and hardware.