By looking at the press headlines, we’ve learned that open source is already being used in market segments (like space, automotive, industrial, medical, agricultural) applications that have safety considerations today. Details about the safety analysis performed are behind NDAs and are not available to developers in the open source projects being used in these products. To make the challenge even more interesting, the processes the safety standards are expecting are behind paywalls, and not readily accessible to the wider open source community maintainers and developers. Figuring out pragmatic steps to adopt in open source projects requires the safety assessor communities, the product creators, and open source developers to communicate openly. There are some tasks that can be done today that help, like knowing exactly what source is being included in a system and how it was configured and built. Automatic creation of accurate Software Bill of Materials (SBOMs), is one pragmatic step that has emerged as a best practice for security and safety analysis. This talk will overview some of the methods being applied in some open source projects (like Linux, Xen & Zephyr), as we try to establish other pragmatic steps when open source projects are used in safety critical.
Last week, thousands of attendees participated in Open Source Summit Japan to learn best practices, celebrate technology, discuss what’s next and network with each other. Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation, was on-site to present a keynote, “Building Dependable Systems with Open Source.” Watch the video below or check out her PPT presentation.
Click here to see the PPT presentation: OSS Japan_Kate Stewart
All videos from Open Source Summit Japan can be found here.