Fitting Automotive Quality and Safety Expectations to Free and Open Source Software

SAE Technical Paper Series Pub Date : 2024-07-02 DOI:10.4271/2024-01-2984

Joachim Schlosser, Ulrich Kirchmaier, Michael Armbruster, Wolfgang Lindner

{"title":"Fitting Automotive Quality and Safety Expectations to Free and Open Source Software","authors":"Joachim Schlosser, Ulrich Kirchmaier, Michael Armbruster, Wolfgang Lindner","doi":"10.4271/2024-01-2984","DOIUrl":null,"url":null,"abstract":"Due to manifold benefits compared to proprietary software solutions, free and open source software (FOSS) in general, and Linux especially becomes more and more relevant for embedded solutions in the automotive domain, especially in High Performance Computing Platforms (HPC). However, taking over liability and warranty for a FOSS-based problem raises the problem of software quality assurance, and thus risk control. In order to control and minimize the residual risk of a product or service, the traditional and well-accepted measure in the automotive domain is to assess the engineering processes and resulting work products via a process assessment model given by the ASPICE maturity model, as well as requirements from functional safety standards for safety related functions. The underlying process reference model of ASPICE covers software development performed and controlled by an organization. However, this situation is not given by and even contrary to the nature of FOSS development, where high quality is achieved based on feedback and contributions of an open community. While typical software quality assurance measures are widespread in community-based software development, a single entity cannot control these. This, along with the huge code base in Linux makes applying the low-level software related processes ASPICE Process Reference Model (PRM) both meaningless and economically infeasible. In this paper, we propose a selection and tailoring of standard ASPICE accompanied with compensation measures, which accounts for the FOSS specifics. This allows to achieve the quality assurance and risk mitigation goals of ASPICE, and consequently an assessment via the ASPICE Process Assessment Model (PAM) as well as functional safety standards. We further provide details on our solutions and strategies to fulfill the key elements of our solution. The solution presented here is one key factor for our EB corbos Linux – built on Ubuntu to provide a production grade Linux distribution suited to the automotive embedded needs, including liability, warranty, and long-term maintenance.","PeriodicalId":510086,"journal":{"name":"SAE Technical Paper Series","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SAE Technical Paper Series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4271/2024-01-2984","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Due to manifold benefits compared to proprietary software solutions, free and open source software (FOSS) in general, and Linux especially becomes more and more relevant for embedded solutions in the automotive domain, especially in High Performance Computing Platforms (HPC). However, taking over liability and warranty for a FOSS-based problem raises the problem of software quality assurance, and thus risk control. In order to control and minimize the residual risk of a product or service, the traditional and well-accepted measure in the automotive domain is to assess the engineering processes and resulting work products via a process assessment model given by the ASPICE maturity model, as well as requirements from functional safety standards for safety related functions. The underlying process reference model of ASPICE covers software development performed and controlled by an organization. However, this situation is not given by and even contrary to the nature of FOSS development, where high quality is achieved based on feedback and contributions of an open community. While typical software quality assurance measures are widespread in community-based software development, a single entity cannot control these. This, along with the huge code base in Linux makes applying the low-level software related processes ASPICE Process Reference Model (PRM) both meaningless and economically infeasible. In this paper, we propose a selection and tailoring of standard ASPICE accompanied with compensation measures, which accounts for the FOSS specifics. This allows to achieve the quality assurance and risk mitigation goals of ASPICE, and consequently an assessment via the ASPICE Process Assessment Model (PAM) as well as functional safety standards. We further provide details on our solutions and strategies to fulfill the key elements of our solution. The solution presented here is one key factor for our EB corbos Linux – built on Ubuntu to provide a production grade Linux distribution suited to the automotive embedded needs, including liability, warranty, and long-term maintenance.

查看原文本刊更多论文

将汽车质量和安全要求与自由开放源码软件相结合

与专有软件解决方案相比，自由与开放源码软件（FOSS）具有多方面的优势，尤其是在高性能计算平台（HPC）中，Linux 与汽车领域的嵌入式解决方案越来越密切相关。然而，接管基于 FOSS 的问题的责任和担保会引发软件质量保证问题，进而引发风险控制问题。为了控制并最大限度地降低产品或服务的残余风险，汽车领域公认的传统方法是通过 ASPICE 成熟度模型给出的流程评估模型，以及功能安全标准对安全相关功能的要求，对工程流程和由此产生的工作产品进行评估。ASPICE 的基本过程参考模型涵盖了由组织执行和控制的软件开发。然而，这种情况与自由和开放源码软件开发的性质不符，甚至是背道而驰的，因为在自由和开放源码软件开发中，高质量是基于开放社区的反馈和贡献来实现的。虽然典型的软件质量保证措施在基于社区的软件开发中非常普遍，但单个实体无法控制这些措施。这一点，再加上 Linux 的庞大代码库，使得应用底层软件相关流程 ASPICE 流程参考模型（PRM）既毫无意义，又不经济可行。在本文中，我们提出了一种标准 ASPICE 的选择和定制方法，并附有补偿措施，以考虑到自由和开放源码软件的特殊性。这样就能实现 ASPICE 的质量保证和风险缓解目标，从而通过 ASPICE 流程评估模型 (PAM) 以及功能安全标准进行评估。我们将进一步详细介绍我们的解决方案和策略，以实现我们解决方案的关键要素。这里介绍的解决方案是我们 EB corbos Linux 的一个关键因素，它基于 Ubuntu 构建，提供适合汽车嵌入式需求的生产级 Linux 发行版，包括责任、保修和长期维护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SAE Technical Paper Series

自引率

0.00%

发文量