Are we ready for open-source software in safety-critical embedded systems? -

Are we ready for open-source software in safety-critical embedded systems?

Proprietary RTOS / embedded operating systems vendors see growing customer demand for a move toward an open-source model, albeit a modified one that builds trust and confidence that security and safety of both software and hardware can be ensured.

For a few years now, the introduction of open-source software into safety-critical applications has felt like the next frontier. There’s no doubt about the diverse innovative technologies and products that have sprung from open-source software. It’s therefore not surprising that the open-source model has caught the attention of companies that deploy mission- and safety- critical applications, such as in the aerospace and defense, low earth orbit (LEO) satellites, industrial and autonomous vehicle industries, and made them question: can we get some of that?

The momentum for change

My two years of personal experience at Lynx that (among other things) focusses on certifying code for deployment on big mission-critical programs, tells me that today’s vendors of proprietary RTOS / embedded operating systems are receiving a growing number of calls from customers demanding a move toward an open-source model – albeit a modified one that builds their trust and confidence that the security and safety of both software and hardware can be ensured. After all, the stakes are high in cases such as platforms that are involved in preserving human life and/or operating machinery closely alongside humans. Needless to say, these present a different, more critical challenge of embracing open source than a streaming service, video games consoles or mobile messaging application developed on the open-source operating system.

Advantages and drawbacks

For customers and vendors alike, increasing the adoption of open source in this environment offers some important advantages, but also brings with it some crucial drawbacks. For defense companies, it reduces their lock-in to an individual supplier and brings them a wider ecosystem of developers which should reduce costs and shorten project cycles. The point that security patches for Linux emerge much more quickly than those for proprietary ecosystems has been well rehearsed.

The flipside of the dynamism and flexibility of the ecosystem environment is that it brings a loss of control. The advantage of an ecosystem is that it can do anything. The problem with an ecosystem is that it can do anything. Even the mighty Google continues to struggle to move developers and OEMs to latest and greatest versions of the Android. Though as Apple has shown, it can be done.

What about the vendors? Doesn’t open source destroy our business model by eliminating earnings from royalties? There are other revenue streams available, but care is needed to make the transition successfully. Done well, open source has the potential to expand the market we have access to, which could bring growth and an enhanced valuation on the business.

Mixed criticality – the first step

The initial phase has been, in effect, a hybrid step. “Mixed criticality systems” (those that combine workloads of two or more levels of criticality, such as non-safety critical and safety-critical) have focused on maximizing the use of open-source code (Linux as an example) and restricting the use of proprietary RTOS applications to those that have to be taken through system certification.

Even here, there remains a significant focus on the open-source code, with organizations increasingly adding static application security testing alongside quality testing in order to ensure reliable and secure operation of their embedded platforms. Both FreeRTOS (part of Amazon) and Azure RTOS ThreadX (Microsoft) have found ecosystem partners that can provide certification services for these operating systems for specific standards such as IEC61508 and ISO26262. Like the successful business model forged by successful vendors such as RedHat, I expect that high-achieving embedded OS vendors will create revenue streams from complementary, value-added services associated with both bleeding edge and legacy variants of open-source operating systems.

What we have observed and what we hear back from customers is that the capabilities of open-source hypervisors are yet to meet the requirements of those mission critical systems. In some cases, they are “helper” OS’s that are running in conjunction with the hypervisor, presenting a fundamental attack surface for cyber-attack as well as being a single point of system failure.

The challenges of supply chain disruption and government mandates associated with this, increased system complexity and, frankly, the spotlight on connected systems once they are compromised, means that the commercials associated with transitioning compelling technology into the open domain will be challenging. This will require cooperation across the industry in establishing testing, controls and standards – not to take away the flexibility that open source is known for, but to balance its functionality with guaranteeing safety in our most sensitive applications. So, while challenges remain, I think 2022 will be the year where demonstrable progress will be made in this area.

When’ not ‘If’

In conclusion, the question is no longer “if” open-source hypervisors will appear at the heart of mission critical systems. The “when” is upon us, and open source will become much more widely trusted and used for systems engineering in the next twelve months and beyond so long as a software company can implement a business model analogous to what RedHat has done to drive Linux adoption across enterprises. Whilst currently the low criticality components of mixed criticality systems are being transitioned, ultimately the desired path is to high criticality. Given the risks, this move will take time, but I have no doubt that we will get there.

Ian Ferguson Vice President of Marketing and Strategic Alliances

Ian Ferguson is VP sales and marketing at Lynx Software Technologies. Prior to Lynx, he spent nearly eleven years at Arm, where he held roles leading teams in vertical marketing, corporate marketing and strategic alliances. Ian is a graduate of Loughborough University (UK) with a BSc in electrical and electronic engineering.

Related Content:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.