Creating a critical safe or secure system generally comes down to two aspects. The system has to be able to meet the technical expectations to handle its criticality and there needs to be evidence these expectations are actually met. With today’s software systems being built by integrating various software components, more often using open source than custom proprietary solutions, it’s obvious that having complete and reliable evidence that the software is created with criticality considerations, such as safety profiles, in mind is key.
Demonstrating the technical capabilities of a system to achieve the safety and security qualities can be done by established analysis methods. However, proving that its process provides the systematic evidence that all has been implemented, tested, built and configured as required, needs evidence of traceability from requirement to tests and release. Typically this evidence is locked within proprietary tools, never 100%, needing manual tasks to prove traceability between items. With continuous changes due to security updates or continuous deploys, managing this systematic evidence gets impossible.
As part of the ELISA Project Seminar Series, Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation, and Nicole Pappler, CTO and Founder of AlectoMetis, presented a webinar titled, “Automating Adherence to Safety Profiles After Fixing Vulnerabilities.” This video will present a model using SPDX, that allows for automated checks for integrity and availability of evidence to prove the systematic capability of software consumed by critical systems. Watch the full video below.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.