Open-DO: Open source for safety-critical systems | Opensource.com
Open-DO: Open source for safety-critical systems
Open source is used just about everywhere, but when it comes to "safety-critical" systems, like software that flies planes or controls medical equipment, most of us assume that open source just doesn't fit the bill. The regulations and requirements are rigorous, and ill-suited to the usual "fail faster" approach of open source.
Then, we learned about an initiative called Open-DO, which shows that FLOSS has a critical role to play, even in this specialized, highly regulated environment.
We asked Jamie Ayre, Marketing Director of AdaCore, to answer some of our questions. AdaCore is the company that develops and markets the Free Software GNAT Pro toolset. Jamie is a passionate advocate of the positive influence the FLOSS community-driven development model, and you can tell from his interview with us (below) how excited he is about the possibilities of the Open-DO project.
Tell us about the Open-DO Initiative and how it began
The Open-DO Initiative (as in "Open" and "DO-178C", the recent revision of the avionics standard for airborne software) aims to produce a cooperative and open framework to reduce the effort in developing certifiable software for safety-critical systems.
To achieve this, Open-DO piggybacks on two of the most active and innovative trends that have recently emerged in the software engineering community:
- Effective collaboration through open source communities.
- Creating a framework in which methodologies such as Agile and Lean software development can be successfully applied to the development of certified software.
The major objectives are:
- Address the "big-freeze" problem of safety-critical software (where tools etc. used in developing a certified system are baselined because of the complexity of upgrading).
- Ensure wide and long-term availability of qualified open source tools and certifiable components for the main aspects of safety-critical software development.
- Decrease the barrier of entry for the development of safety-critical software.
- Encourage research in the area of safety-critical software development.
- Increase the availability of educational material for the development of safety-critical software, in particular for professors and their students.
- Foster cross-fertilization between open source and safety-critical software communities.
The Initiative began following participation in the RTCA/EUROCAE DO-178C working group by several members of AdaCore staff and notably, Dr. Cyrille Comar, AdaCore Managing Director.
The working group included certification authority representatives and also individuals from prime contractors and tool providers often directly competing in the marketplace. Dr. Comar was very impressed with their desire and effort to work towards a common goal—defining a revision to the existing DO-178B standard that would provide the industry as a whole with a standard for building safe avionic systems.
Why is it important for the project to be open source?
The goal is to create an open ecosystem where the industrial community, tool providers, and public institutions can find it in their common interest to increase the productivity and flexibility of high-integrity methodologies. Our experience has shown that open source community development is the most appropriate model.
Concerning the technologies themselves, having open source tools available with qualification material increases availability of these tools to a larger audience, decreases their cost of creation and support by virtue of sharing and reuse, and increases the chances of having adequate life-spans and evolutionary cycles.
How do you manage the tension between open source and a rigorous set of government requirements?
Each project has a designated coordinator who is responsible for the overall quality of the technology. This role incorporates the management of the project team and each individual’s contributions. The team is formed through a selection process based on each individual’s qualities. All coordinators have previous experience working on industrial-grade FLOSS (Freely Licensed Open Source Software) tools, often used by the military, and bring this experience to the Open-DO Initiative.
Is there any military involvement or support?
The military domain is well represented through service staff and prime contractors working on military applications.
One of the pleasant outcomes so far has been the interest in Open-DO from a wide range of communities. We have members from the space, automotive, energy, industrial automation, rail, and medical device industries as well as from the avionics and military domains.
Is there a business model for this initiative? How does that model differ from the proprietary alternatives?
The GNATcoverage tool that came from the Couverture project is commercialized using a "leveraged services," annual subscription business model. That is to say, customers have access to the tool and its sources but also to expert support from the developers of the tools themselves. This support is available throughout the life of the subscription and is vital for customers building critical systems. For other tools and material developed in the Initiative, we will push the same model.
This differs significantly from proprietary models. With the availability of the source code and an active developer and user community, companies benefit from levels of support, maintainability, reliability, stability, flexibility, and freedom that single-vendor software cannot rival. This allows companies to concentrate on the areas where they bring real added value to the development cycle.
How can someone get involved with the project?
The Open-DO initiative is a collaborative effort and the key to its success will be a wide participation from a variety of communities including:
- open source and safety critical programmers
- tool providers
- industry leaders
- certification authorities (and more)
All are welcome!