Avoiding Enemies and Making Friends Using Embedded Open Source Software
Open source software has become an entrenched component of embedded systems within the last decade. Marc Andreessen, cofounder of Netscape and the key investor in LinkedIn, recently announced that “Software is eating the world”. There are more instances of embedded software in the world today than any other type of software combined. It is at the heart of transportation, safety, health care, food, agriculture, defense, entertainment and therefore virtually every sector of industry that one way or another touches our everyday lives.
Complexity of software design within the embedded space has increased exponentially. In a way it has mirrored and followed the way gate complexity in integrated devices has doubled every 18 months in the last forty years. The growth in code complexity has overlapped the change in business dynamics of our interconnected global market. Demands for shortening product development times, increasing functionality in products and reducing development costs has led to an increase in outsourcing, contracting, and code-reuse. Open source software, the ultimate manifestation of code-reuse, has become a key enabler of today’s competitive embedded market.
From the first GNU in 1983 to invasion of the whole IT stack by 2011, open source has penetrated every facet of software development. Such desirable attributes as faster time to market, lower development cost, better security, peer-reviewed quality, variety, zero licensing cost and multiple sources from mostly reputable suppliers are some of the reasons where open source has become the software of choice for over 40% of embedded projects (download Select Findings: Embedded Engineering Survey \\[PDF file\\] from VDC Research).
Open Source Has Conquered Embedded Devices
Better known examples of open source software targeted for embedded applications include Android, embedded Linux and other open source Real Time Operating Systems (RTOS), Qt User Interface (UI) used in phones and PDAs, refrigerators and industrial control systems, and roughly 100,000 other projects that cover everything from communications stacks, web browsing, user interfaces, remote management, embedded databases, audio and video codecs and even virtual machines (as in Java Virtual Machine). More than 40% of the RTOS solutions for embedded environment are open source, and apart from Android, they include the heavyweights from vendors such as MontaVista, QNX and Mentor.
Open Source Adoption Must be Managed
The advantages of open source software can only be realized if its adoption is managed. Open source software invariable comes with obligations that are represented in their associated licenses, copyrights, security vulnerability notices and export control classifications. Failure to understand and respect these obligations has repercussions that are similar to those due to shortcomings in product quality. Embedded devices such as consumer products are distributed in volume, and any impairment in quality, or in meeting licensing obligations, can be very costly in the field.
Project-level or organizational policies usually frame the acceptable terms and obligations. Although some may find it difficult to admit, today’s resourceful developers do not write code from scratch. They know where to get code and enhance it with their own creativity. It is unreasonable and impractical to expect developers to be aware of, and manage, code obligations as they create software under tight schedules. Increasingly, organizations are deploying practices that allow managed adoption open source in projects, shortening development intervals and reducing development costs.
A survey of more than hundred technology organizations, from large multinationals to small technology firms of less than 50 people has identified the best practices used in embedded industry for leveraging and managing open source software. Establishing license policies, adopting package pre-approval processes, creating a baseline of the existing inventory of software, regular software analysis in real-time and at build-time, before the final product is shipped to the market, are some of the steps deployed by the embedded industry.
Open source software has become entrenched in the embedded device market, offering a range of advantages to developers and management in embedded system enterprises and to the end users of embedded solutions. These advantages include lower development costs, lower cost products in the market, shorter time to market, faster product evolutions, peer-reviewed quality solutions, and variety of solutions and sources that ensure long term product viability with reduced uncertainties around supply disruption. Ease of adoption of open source software is particularly attractive to resourceful developers, where they can concentrate on applying their creativity to existing code, resulting in a faster innovation cycles. Pitfalls of readily available open source code include lapses in good record keeping in order to know the open source content of an embedded project, keeping track of the newer versions, potential licensing and copyright obligations, and knowledge of known security viabilities and the patched to mitigate these impairments.
A structured Open Source Software Adoption Process (OSSAP) allows organizations to take advantage of open source software in a controlled and managed fashion. The steps involved in OSSAP include establishing a policy, software package pre-approval, establishing a baseline of existing code and scanning code acquired from commercial suppliers or outsourcers. Regular scanning of code portfolio in a project, complemented with real-time identification and management of software as it is checked into the project library or as it is developed on a developer workstation, ensures that at any time the open source software content within a project is known and understood. Build-time scanning ensures that the final artifact that is shipped to market satisfies the open source policies adopted by the organization.