Software has an increasingly important role to play in business, security and safety-critical applications. The complexity of the systems and hardware involved in these applications is also growing rapidly, and open source software is increasingly used in these contexts.
Established formal engineering approaches are not keeping up. They are often slow, difficult and costly to scale when applied to complex software and systems, and are not widely or consistently applied to open source software. They are often not intended, or not suitable, for managing rapid changes or continuous updates.
Requirements are a fundamental element in all of these established approaches, but requirements are broken. High-level requirements are a wish list; stakeholders just make a list of features. Low-level requirements are a narrative; developers just describe what is implemented.
Formal process models see the dynamic nature of FOSS projects as a problem, but this can be a key part of their value. However, because requirements are broken, the intent and expectations that inform the software are often lost in the noise.
So, how do we address these issues?
Codethink’s Paul Albertella and Kaspar Matas outline how the Eclipse Trustable Software Framework (TSF) — a lightweight continuous compliance framework, designed as and for FOSS — can help you to do just this.
Watch the talk to discover:
- An overview of TSF and examples of how it is applied
- How to organise and evidence your own objectives, including the intent and expectations that inform the software you are working on
- How the framework is used to manage automated, transparent and traceable bodies of evidence, which can be quantified by a confidence score
- How the results can be mapped to functional safety standards, to support certification and ongoing assessment.
Got your attention? Watch the talk in full below:
Interested in learning more about how to apply TSF to your project? Complete the form below and a member of the team will be in touch with you.
Other Content
- Why Renting Software Is a Dangerous Game
- Linux vs. QNX in Safety-Critical Systems: A Pragmatic View
- Is Rust ready for safety related applications?
- The open projects rethinking safety culture
- RISC-V Summit Europe 2025: What to Expect from Codethink
- Cyber Resilience Act (CRA): What You Need to Know
- Podcast: Embedded Insiders with John Ellis
- To boldly big-endian where no one has big-endianded before
- How Continuous Testing Helps OEMs Navigate UNECE R155/156
- Codethink’s Insights and Highlights from FOSDEM 2025
- CES 2025 Roundup: Codethink's Highlights from Las Vegas
- FOSDEM 2025: What to Expect from Codethink
- Codethink Joins Eclipse Foundation/Eclipse SDV Working Group
- Codethink/Arm White Paper: Arm STLs at Runtime on Linux
- Speed Up Embedded Software Testing with QEMU
- Open Source Summit Europe (OSSEU) 2024
- Watch: Real-time Scheduling Fault Simulation
- Improving systemd’s integration testing infrastructure (part 2)
- Meet the Team: Laurence Urhegyi
- A new way to develop on Linux - Part II
- Shaping the future of GNOME: GUADEC 2024
- Developing a cryptographically secure bootloader for RISC-V in Rust
- Meet the Team: Philip Martin
- Improving systemd’s integration testing infrastructure (part 1)
- A new way to develop on Linux
- RISC-V Summit Europe 2024
- Safety Frontier: A Retrospective on ELISA
- Codethink sponsors Outreachy
- The Linux kernel is a CNA - so what?
- GNOME OS + systemd-sysupdate
- Codethink has achieved ISO 9001:2015 accreditation
- Outreachy internship: Improving end-to-end testing for GNOME
- Lessons learnt from building a distributed system in Rust
- FOSDEM 2024
- QAnvas and QAD: Streamlining UI Testing for Embedded Systems
- Outreachy: Supporting the open source community through mentorship programmes
- Using Git LFS and fast-import together
- Testing in a Box: Streamlining Embedded Systems Testing
- SDV Europe: What Codethink has planned
- How do Hardware Security Modules impact the automotive sector? The final blog in a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part two of a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part one of a three part discussion
- Automated Kernel Testing on RISC-V Hardware
- Automated end-to-end testing for Android Automotive on Hardware
- GUADEC 2023
- Embedded Open Source Summit 2023
- RISC-V: Exploring a Bug in Stack Unwinding
- Adding RISC-V Vector Cryptography Extension support to QEMU
- Introducing Our New Open-Source Tool: Quality Assurance Daemon
- Achieving Long-Term Maintainability with Open Source
- FOSDEM 2023
- PyPI Security: How to Safely Install Python Packages
- BuildStream 2.0 is here, just in time for the holidays!
- A Valuable & Comprehensive Firmware Code Review by Codethink
- Full archive
