ELISA Project Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend.
Title: Automating Adherence to Safety Profiles After Fixing Vulnerabilities
Date: Wednesday, August 30, 9:00-10:00 am PDT/12:00-13:00 pm EDT / 18:00-19:00 CEST
Speakers: Kate Stewart, VP Dependable Systems, The Linux Foundation, Nicole Pappler, AlektoMetis
How to attend: Register to attend for free. You will receive a confirmation email with the virtual access details upon registering. And don’t forget to add the event to your calendar from the confirmation email.
Creating a critical safe or secure system generally comes down to two aspects. The system has to be able to meet the technical expectations to handle its criticality and there needs to be evidence these expectations are actually met. With today’s software systems being built by integrating various software components, more often using open source than custom proprietary solutions, it’s obvious that having complete and reliable evidence that the software is created with criticality considerations, such as safety profiles, in mind is key. Demonstrating the technical capabilities of a system to achieve the safety and security qualities can be done by established analysis methods. However, proving that its process provides the systematic evidence that all has been implemented, tested, built and configured as required, needs evidence of traceability from requirement to tests and release. Typically this evidence is locked within proprietary tools, never 100%, needing manual tasks to prove traceability between items. With continuous changes due to security updates or continuous deploys, managing this systematic evidence gets impossible.
This talk will present a model using SPDX, that allows for automated checks for integrity and availability of evidence to prove the systematic capability of software consumed by critical systems.
For all upcoming ELISA Working Group meetings and public seminars please go to https://lists.elisa.tech/calendar.