As a result of collaborative research with MIT, Codethink announces a new open source project AV-STPA, to analyse and document safety requirements for autonomous vehicles by applying System-Theoretic Process Analysis.
On our continuing journey to understand the implications of safety and security risk management for complex software-intensive systems, Codethink has been inspired by the STAMP/STPA approach pioneered by Professor Nancy Leveson and her colleagues at MIT.
Following discussions with Nancy and other members of the safety community in 2018, Codethink has been collaborating with John Thomas, MIT Executive Director of System Safety and Cybersecurity, in applying the STPA process to analyse safety for an Autonomous Vehicle software platform.
A key innovation on this project is that all of Codethink's work has followed an open source approach, with documented evolution tracked over time using Git to record work-in-progress and history. The Git Repo is here. As an open source project the work is available for review and study by interested parties around the world. As far as we know this is the first public initiative to document detailed system-level safety requirements for review and re-use, free from non-disclosure restrictions and commercial paywalls.
John Thomas presented findings from this research collaboration at the recent STAMP Workshop at MIT in Boston, attended by around 400 safety and cybersecurity professionals. The work was very warmly received, and many attendees commented that they appreciated that this project was able to discuss the details of the analysis as a direct consequence of the open-source approach adopted by Codethink.
A key point is that the STPA approach is top-down, starting from the general case and progressing towards specific implementation details. As a result we believe that most of the analysis can be be considered as a generically applicable input for autonomous vehicle safety architecture implementation. We hope that experts will review the public materials and contribute where possible, to establish a useful representation of the 'state-of-the-art'.
The repository is a work-in-progress - incomplete and not perfect; however it represents a step forward in our general understanding of the safety requirements for autonomous vehicle systems, which we believe can be of benefit to engineers and executives working on initiatives in this challenging domain. As with all open source projects, we welcome reviews and feedback as well as contributions to improve the work itself. In addition we are ready to share knowledge and assist in open analyis of safety and security requirements for other domains.
The original upload of the article can be found here
- Using STPA with software-intensive systems
- Codethink achieves ISO 26262 ASIL D Tool Certification
- RISC-V: running GNOME OS on SiFive hardware for the first time
- Automated Linux kernel testing
- Native compilation on Arm servers is so much faster now
- Higher quality of FOSS: How we are helping GNOME to improve their test pipeline
- RISC-V: A Small Hardware Project
- Why aligning with open source mainline is the way to go
- Build Meetup 2021: The BuildTeam Community Event
- A new approach to software safety
- Does the "Hypocrite Commits" incident prove that Linux is unsafe?
- ABI Stability in freedesktop-sdk
- Why your organisation needs to embrace working in the open-source ecosystem
- RISC-V User space access Oops
- Tracking Players at the Edge: An Overview
- What is Remote Asset API?
- Running a devroom at FOSDEM: Safety and Open Source
- Meet the codethings: Understanding BuildGrid and BuildBox with Beth White
- Streamlining Terraform configuration with Jsonnet
- Bloodlight: Designing a Heart Rate Sensor with STM32, LEDs and Photodiode
- Making the tech industry more inclusive for women
- Bloodlight Case Design: Lessons Learned
- Safety is a system property, not a software property
- RISC-V: Codethink's first research about the open instruction set
- Meet the Codethings: Safety-critical systems and the benefits of STPA with Shaun Mooney
- Why Project Managers are essential in an effective software consultancy
- FOSDEM 2021: Devroom for Safety and Open Source
- Meet the Codethings: Ben Dooks talks about Linux kernel and RISC-V
- Here we go 2021: 4 open source events for software engineers and project leaders
- Xmas Greetings from Codethink
- Call for Papers: FOSDEM 2021 Dev Room Safety and Open Source Software
- Building the abseil-hello Bazel project for a different architecture using a dynamically generated toolchain
- Advent of Code: programming puzzle challenges
- Improving performance on Interrogizer with the stm32
- Introducing Interrogizer: providing affordable troubleshooting
- Improving software security through input validation
- More time on top: My latest work improving Topplot
- Cycling around the world
- Orchestrating applications by (ab)using Ansible's Network XML Parser
- My experience of the MIT STAMP workshop 2020
- Red Hat announces new Flatpak Runtime for RHEL
- How to keep your staff healthy in lockdown
- Bloodlight: A Medical PPG Testbed
- Bringing Lorry into the 2020s
- How to use Tracecompass to analyse kernel traces from LTTng
- Fixing Rust's test suite on RISC-V
- The challenges behind electric vehicle infrastructure
- Investigating kernel user-space access
- Consuming BuildStream projects in Bazel: the bazelize plugin
- Improving RISC-V Linux support in Rust
- Creating a Build toolkit using the Remote Execution API
- Trusting software in a pandemic
- The Case For Open Source Software In The Medical Industry
- My experiences moving to remote working
- Impact of COVID-19 on the Medical Devices Industry
- COVID-19 (Coronavirus) and Codethink
- Codethink develops Open Source drivers for Microsoft Azure Sphere MediaTek MT3620
- Codethink partners with Wirepas
- Testing Bazel's Remote Execution API
- Passing the age of retirement: our work with Fortran and its compilers
- Sharing technical knowledge at Codethink
- Using the REAPI for Distributed Builds
- An Introduction to Remote Execution and Distributed Builds
- Gluing hardware and software: Board Support Packages (BSPs)
- Engineering's jack of all trades: an intro to FPGAs
- Bust out your pendrives: Debian 10 is out!
- Why you should attend local open source meet-ups
- Acceptance, strife, and progress in the LGBTIQ+ and open source communities
- Codethink helps York Instruments to deliver world-beating medical brain-scanner
- Codethink open sources part of staff onboarding - 'How To Git Going In FOSS'
- Getting into open source
- How to put GitOps to work for your software delivery
- Codethink engineers develop custom debug solution for customer project
- Codethink contributes to CIP Super Long Term Kernel maintenance
- Codethink creates custom USB 3 switch to support customer's CI/CD pipeline requirements
- Codethink unlocks data analysis potential for British Cycling
- MIT Doctor delivers Manchester masterclass on innovative safety methodology
- Balance for Better: Women in Technology Codethink Interviews
- Introducing BuildGrid
- Full archive