Skip to main content

Critical Software Summit 2024

By June 26, 2024Blog, Linux Foundation, News

The Open Source Summit Europe, which takes place on September 16-18 in Vienna, Austria, is packed with technical content. It is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem.

As a conference umbrella, Open Source Summit is composed of a collection of events covering the most important technologies, topics, and issues affecting open source today. The Critical Software Summit is one of those microconferences.

As open source is found more and more in safety-critical products and infrastructure, the need to ensure dependability and reliability has increased. This event gathers developers focused on solving these issues, to figure out how we can increase the confidence of using OS projects in safety, mission, and business-critical applications.

Several of ambassadors, contributors and leaders from the ELISA Project will be giving presentations on Monday, including:

Creating and maintaining a safety critical project comes with a lot of challenges. A central issue is keeping your documentation, starting from planning and guideline documents, down to requirements, safety analysis, reviews and tests, consistent and up to date. These artefacts often have their own lifecycle and are natively managed in different tools, with usually great traceability capabilities regarding dependencies between these artefacts as long as you stay within one tool or within a (usually propriety) tool family of one single tool vendor. Currently the resulting traceability gaps between these tools are handled either by the popular engineering tools like MS Excel or methods like “search for identical names”, depending highly on manual maintenance.

Using SPDX relationships, the upcoming Safety Profile in SPDX 3.1 will provide a model to represent all these dependencies as a knowledge model that can be used both to analyse possible impacts after a change (be it because of a security update or functional variants of your product), provide evidence of completeness and compliance as a Safety SBOM or simply keep track of your product variants.

In Safety Critical applications it is mandatory to ensure Sw Requirements traceability to Sw Specifications, Test Cases, Test Results, Bugs and more.
The process leading to this goal is usually complex and time-consuming and it is essential to understand the state step by step and highlight what remains to be done.
Moreover, for the intrinsic nature of a software project, we need to ensure traceability and test verification following any evolution in the ecosystem of the project.

BASIL The FuSa Spice, is an open source sw that provides a quality management solution aimed to address the above mentioned challenges for SW developments that are code driven and equally for the ones requirements driven.

We will see how to implement in BASIL Sw Requirements traceability to the source Code and to existing upstream Test Cases, how to execute them, how to navigate Test Results and artifacts and how to link failures to a bug in a bug tracking system.

We will also go into the details of a pipeline implementation based on the BASIL HTTP Api to understand how changes in one or more work items can be managed through automation with the goal of implementing a continuous certification framework.

In order to make functional safety claims on SW components, having a clear understanding of the underlying software architecture is crucial. However, if SW architectural documentation is missing, understanding how software operates and how its parts fit together can be challenging. For the Linux kernel and many other OSS SW, such documents are absent and instead, analysts must rely on code, which can be hard to read.
ks-nav is a tool designed to help in reverse engineering and understanding the code by generating diagrams that highlight the interactions between code elements and sub-elements.

ks-nav relies on binary images instead of source code analysis to get rid of the uncertainty introduced by configurations, compiler optimizations, and any other toolchain related issues. Additionally, using the MAINTAINERS file, it precisely pinpoints subsystems, enabling users to delve into their interactions with clarity.

This session focuses on:
* Why understanding the code is critical in FuSa activities;
* How ks-nav works, how it addresses the various challenges of analyzing the code;
* An example of how ks-nav can be used to support an expert-driven FMEA for a specific use case.

The increasing computation power of embedded CPUs has revolutionized industries such as Automotive, Aerospace, or Industrial by enabling centralized and enhanced use cases, software-defined functionalities, and increased automation. The challenges of this increased complexity are often addressed by incorporating Open Source Software, particularly Linux, virtualization and RTOS. As these industries are heavily regulated by quality and safety-integrity standards, the certification of these highly complex systems becomes crucial.

Starting from the similarities and overlaps in system architecture design across use cases, this talk will explore the demands imposed by safety integrity standards in various industries. To develop these systems and adhere to required processes, the integration of tools and a high degree of automation is essential.

The authors show how Open Source projects bridge the gap between open source and safety-criticality, introducing tools and processes, and showcasing collaborative efforts in creating reproducible example system architectures. These systems can serve as a foundation for companies and projects adopting Open Source in safety-critical applications.

The full schedule for the Critical Software Summit Schedule can be viewed here. Register here to attend in-person. Virtual registration is not required to access the event live stream. All conference sessions will be live-streamed to the Linux Foundation YouTube channel with freely available access during the event. Live stream links for each session can be accessed from each session listing in the schedule. More information is coming soon.

Stay tuned by subscribing to the ELISA Project newsletter or connect with us on TwitterLinkedIn or mailing lists to talk with community and TSC members.