Are we ready for open source software in safety-critical embedded systems?


In recent years, the introduction of open source software in security-critical applications has emerged as the next frontier. There is no doubt about the various innovative technologies and products that have come out of open source software. It’s no surprise, then, that the open source model has caught the eye of companies deploying mission and safety critical applications, such as in aerospace and defense, low Earth orbit (LEO) satellites, the industrial and autonomous vehicle industries, and makes their question: can we get some of this?

The momentum of change

My two years of personal experience at Lynx which (among other things) focus on code certification for deployment on large mission-critical programs, tells me that today’s vendors of proprietary RTOS/embedded operating systems are receiving an increasing number of ‘calls from customers demanding a move to an open source – albeit modified – model that builds their confidence that the security and safety of software and hardware can be assured. After all, the stakes are high in cases such as platforms involved in the preservation of human life and/or the use of machines in close collaboration with humans. Needless to say, these present a different and more critical challenge to adopting open source than a streaming service, video game consoles, or mobile messaging application developed on the open source operating system.

Advantages and disadvantages

For customers and vendors, the growing adoption of open source in this environment offers significant advantages, but also brings crucial disadvantages. For defense companies, this reduces their dependence on an individual vendor and provides them with a broader ecosystem of developers that should reduce costs and shorten project cycles. The fact that security patches for Linux emerge much faster than those for proprietary ecosystems has been well-rehearsed.

The flip side of the dynamism and flexibility of the ecosystem environment is that it leads to a loss of control. The advantage of an ecosystem is that it can do anything. The problem with an ecosystem is that it can do anything. Even mighty Google continues to struggle to move developers and OEMs to the latest and greatest versions of Android. Although, as Apple has shown, it can be done.

And the sellers? Isn’t open source destroying our business model by eliminating royalty income? There are other sources of income available, but care must be taken to make the transition successful. Done right, open source has the potential to expand the market we have access to, which could bring growth and better business valuation.

Mixed criticality – the first step

The initial phase was, in fact, a hybrid stage. “Mixed criticality systems” (those that combine workloads of two or more criticality levels, such as non-security-critical and security-critical) focused on maximizing the use of open source code (Linux for example) and restricting the use of proprietary RTOS applications to those that must go through system certification.

Even then, the focus remains on open source code, with organizations increasingly adding static application security testing to quality testing to ensure that their embedded platforms operate reliably and securely. FreeRTOS (part of Amazon) and Azure RTOS ThreadX (Microsoft) have found ecosystem partners who can provide certification services for these operating systems for specific standards such as IEC61508 and ISO26262. Like the successful business model forged by successful vendors such as RedHat, I expect successful embedded operating system vendors to create revenue streams from additional value-added services associated with both cutting edge and legacy variants of open source operating systems.

What we have observed and what customers are hearing from us is that the capabilities of open source hypervisors do not yet meet the requirements of these mission critical systems. In some cases, these are “auxiliary” operating systems that run in conjunction with the hypervisor, presenting a fundamental attack surface for cyberattacks as well as a single point of system failure.

The challenges of supply chain disruption and the government mandates associated with that, the increased complexity of systems, and frankly the focus on connected systems once they’re compromised, means that ads associated with transitioning from compelling technology to the open domain will be difficult. This will require cooperation across the industry to establish tests, controls and standards – not to remove the flexibility that open source is famous for, but to balance its functionality while ensuring security in our most sensitive applications. So, while challenges remain, I believe 2022 will be the year in which demonstrable progress is made in this area.

When’ not ‘If’

In conclusion, the question is no longer “if” open-source hypervisors will appear at the heart of critical systems. The “when” is upon us, and open source will become much more widely trusted and used for systems engineering over the next twelve months and beyond, as long as a software vendor can implement a business model analogous to what RedHat has done to drive Linux adoption across enterprises. While currently low criticality components of mixed criticality systems are being transitioned, the desired path is ultimately one to high criticality. Given the risks, this move will take time, but I have no doubt that we will get there.

Ian Ferguson is Vice President of Sales and Marketing at Lynx software technologies. Prior to Lynx, he spent nearly eleven years at Arm, where he held roles leading vertical marketing, corporate marketing and strategic alliances teams. Ian graduated from Loughborough University (UK) with a BSc in Electrical and Electronic Engineering.

Related Content:


Comments are closed.