As a result of collaborative research with MIT, Codethink announces a new open source project AV-STPA, to analyse and document safety requirements for autonomous vehicles by applying System-Theoretic Process Analysis.
On our continuing journey to understand the implications of safety and security risk management for complex software-intensive systems, Codethink has been inspired by the STAMP/STPA approach pioneered by Professor Nancy Leveson and her colleagues at MIT.
Following discussions with Nancy and other members of the safety community in 2018, Codethink has been collaborating with John Thomas, MIT Executive Director of System Safety and Cybersecurity, in applying the STPA process to analyse safety for an Autonomous Vehicle software platform.
A key innovation on this project is that all of Codethink's work has followed an open source approach, with documented evolution tracked over time using Git to record work-in-progress and history. The Git Repo is here. As an open source project the work is available for review and study by interested parties around the world. As far as we know this is the first public initiative to document detailed system-level safety requirements for review and re-use, free from non-disclosure restrictions and commercial paywalls.
John Thomas presented findings from this research collaboration at the recent STAMP Workshop at MIT in Boston, attended by around 400 safety and cybersecurity professionals. The work was very warmly received, and many attendees commented that they appreciated that this project was able to discuss the details of the analysis as a direct consequence of the open-source approach adopted by Codethink.
A key point is that the STPA approach is top-down, starting from the general case and progressing towards specific implementation details. As a result we believe that most of the analysis can be be considered as a generically applicable input for autonomous vehicle safety architecture implementation. We hope that experts will review the public materials and contribute where possible, to establish a useful representation of the 'state-of-the-art'.
The repository is a work-in-progress - incomplete and not perfect; however it represents a step forward in our general understanding of the safety requirements for autonomous vehicle systems, which we believe can be of benefit to engineers and executives working on initiatives in this challenging domain. As with all open source projects, we welcome reviews and feedback as well as contributions to improve the work itself. In addition we are ready to share knowledge and assist in open analyis of safety and security requirements for other domains.
The original upload of the article can be found here
Other Content
- The open projects rethinking safety culture
- RISC-V Summit Europe 2025: What to Expect from Codethink
- Cyber Resilience Act (CRA): What You Need to Know
- Podcast: Embedded Insiders with John Ellis
- To boldly big-endian where no one has big-endianded before
- How Continuous Testing Helps OEMs Navigate UNECE R155/156
- Codethink’s Insights and Highlights from FOSDEM 2025
- CES 2025 Roundup: Codethink's Highlights from Las Vegas
- FOSDEM 2025: What to Expect from Codethink
- Codethink Joins Eclipse Foundation/Eclipse SDV Working Group
- Codethink/Arm White Paper: Arm STLs at Runtime on Linux
- Speed Up Embedded Software Testing with QEMU
- Open Source Summit Europe (OSSEU) 2024
- Watch: Real-time Scheduling Fault Simulation
- Improving systemd’s integration testing infrastructure (part 2)
- Meet the Team: Laurence Urhegyi
- A new way to develop on Linux - Part II
- Shaping the future of GNOME: GUADEC 2024
- Developing a cryptographically secure bootloader for RISC-V in Rust
- Meet the Team: Philip Martin
- Improving systemd’s integration testing infrastructure (part 1)
- A new way to develop on Linux
- RISC-V Summit Europe 2024
- Safety Frontier: A Retrospective on ELISA
- Codethink sponsors Outreachy
- The Linux kernel is a CNA - so what?
- GNOME OS + systemd-sysupdate
- Codethink has achieved ISO 9001:2015 accreditation
- Outreachy internship: Improving end-to-end testing for GNOME
- Lessons learnt from building a distributed system in Rust
- FOSDEM 2024
- QAnvas and QAD: Streamlining UI Testing for Embedded Systems
- Outreachy: Supporting the open source community through mentorship programmes
- Using Git LFS and fast-import together
- Testing in a Box: Streamlining Embedded Systems Testing
- SDV Europe: What Codethink has planned
- How do Hardware Security Modules impact the automotive sector? The final blog in a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part two of a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part one of a three part discussion
- Automated Kernel Testing on RISC-V Hardware
- Automated end-to-end testing for Android Automotive on Hardware
- GUADEC 2023
- Embedded Open Source Summit 2023
- RISC-V: Exploring a Bug in Stack Unwinding
- Adding RISC-V Vector Cryptography Extension support to QEMU
- Introducing Our New Open-Source Tool: Quality Assurance Daemon
- Achieving Long-Term Maintainability with Open Source
- FOSDEM 2023
- PyPI Security: How to Safely Install Python Packages
- BuildStream 2.0 is here, just in time for the holidays!
- A Valuable & Comprehensive Firmware Code Review by Codethink
- GNOME OS & Atomic Upgrades on the PinePhone
- Flathub-Codethink Collaboration
- Codethink proudly sponsors GUADEC 2022
- Tracking Down an Obscure Reproducibility Bug in glibc
- Full archive
