Teadriver
You're spot on with the safety philosophy. It gets even worse because even the systems that directly interface with your safety critical system are then by default also safety critical. It is common then to see a a hazard generating software changes throughout the aircraft. Your development costs then ratchet up by orders of magnitude depending on the complexity and a programme rapidly becomes unaffordable.
I had a discussion on this recently about whether secondary hazards should be made a part of the hazard analysis (i.e the effects of not fitting quite as robust a system). As a sledgehammer analogy, removing a weapon because there is a statisical chance that firing the weapon may take down the launch aircraft, against the odds of survival of going to war without said weapon. I think that your only work around because of the fear of litigation is to make your GPWS an advisory system only.
regards
Retard