Hello, Engineers! This is Hermes Solution.
Today, we’d like to discuss a topic that’s gaining significant attention in the automotive industry—the use of open source from the perspective of Functional Safety.
What is Open Source?
Before diving into the main content, let’s clarify what open source is. Open source refers to software whose source code is publicly available, allowing anyone to use, modify, and distribute it freely. Examples include the Linux operating system and the Apache web server.
Open source offers many advantages, such as accelerating development and reducing maintenance costs. However, in industries like automotive, where compliance with safety standards like ISO 26262 is essential, ensuring quality and safety becomes a top priority.
Now, let’s explore the key considerations and effective strategies for leveraging open source in automotive development.
Key Challenges in Functional Safety When Using Open Source
1. Uncertainty in Code Quality
Since open source projects often involve voluntary contributions from various developers, the quality is not always guaranteed. Older projects or those with limited maintenance may harbor critical defects that could compromise safety systems.
2. Licensing Issues
Open source projects come with various licenses, such as GPL, LGPL, MIT, and BSD, each with distinct conditions. In the automotive industry, where multiple stakeholders collaborate, conflicting licenses can lead to legal disputes.
3. Security Vulnerabilities
While open source vulnerabilities are usually patched promptly, applying these patches to actual products can take time. For systems without OTA (Over-the-Air) updates, security issues might evolve into safety concerns.
4. Difficulty in Complying with ISO 26262
ISO 26262 requires strict documentation and compliance for vehicle safety systems. However, most open source projects do not provide documentation tailored to these standards, leaving companies to perform additional verification and create documentation themselves.
Effective Strategies for Leveraging Open Source
1. Evaluate Quality and Maintainability
Community Activity Indicators: Check metrics like issue response times and pull request acceptance rates on platforms like GitHub.
Defect History Analysis: Review past defects (e.g., CVE lists) to assess security.
Proven in Use Evidence: Investigate whether the open source has been reliably used in other automotive projects.
2. Manage Licenses and Create an SBOM
License Compatibility Review: Verify the licenses of each software module to prevent conflicts.
SBOM (Software Bill of Materials): Systematically document the open source libraries and licenses included in your project.
Automated Scanning Tools: Use tools like Snyk and Black Duck to automatically analyze open source for licensing and security issues.
3. Perform Additional Functional Safety Verifications
Static Analysis Tools: Ensure compliance with coding standards like MISRA C/C++ using automated checks.
HIL/SIL Testing: Validate the open source software in real-world vehicle environments.
FMEA/FTA Documentation: Systematically assess the impact of potential defects on safety goals.
4. Integrate Security with Functional Safety
Vulnerability Patch Process: Establish a fast response system for addressing vulnerabilities.
Prepare for OTA Updates: Ensure an environment where software can be updated quickly via OTA.
Organizational Readiness and Latest Trends
The automotive industry is moving towards managing open source systematically to minimize risks rather than prohibiting its use outright. To achieve this, organizations must prepare in the following ways:
1. Establish Internal Policies
Introduce checklists for open source quality, security, and licensing.
Define application criteria for open source based on ASIL levels.
2. Provide Education and Develop Expertise
Offer training on open source management and ISO 26262 standards to developers and functional safety teams.
Operate a PSIRT (Product Security Incident Response Team) to build a vulnerability response framework.
3. Adopt AI and Cloud-Based Analysis
Leverage AI for vulnerability prediction and use cloud-based parallel computing to accelerate open source validation.
Safely Utilizing Open Source
Open source provides significant benefits for automotive development, but systematic management and additional verification are essential to ensure safety and quality. Companies and development teams must establish clear open source management standards, adopt the latest tools, and comply with safety standards like ISO 26262, while maximizing development efficiency.
By doing so, organizations can achieve efficient development while ensuring maximum safety.
Partner with Hermes Solution, experts in automotive functional safety and security, to utilize open source safely and efficiently while building a more trustworthy mobility environment!