Open Source at Scania
Download as PPTX, PDF0 likes507 views
- Scania conducted a survey that found 88% of their developers sometimes or always try to find open source alternatives, even though 43% were unsure about Scania's open source policy. - The survey also found that 77% of developers were somewhat or very interested in contributing to open source projects if given clear guidelines. - Scania is working to improve confidence in their supply chain, freedom to operate with export controls, and safety of software by following standards, evaluating tools and open source components, and addressing gaps.
![Introducing EXPORT.md
Export-Declaration File v1.0
Contains-encryption: [Yes/No]
Crypto-for-user-authentication: [Yes/No]
...
Declared-ECCN: x-us:5D002
At least between Scania and FNC, we ask the same questions! And
the answers can be shared.
Export Control of Open Source Working
Group – ECOS WG](https://image.slidesharecdn.com/openchainautomotivewgf2f2019-191113072839/85/Open-Source-at-Scania-13-320.jpg)
Open Source at Scania
- 1. open source at scania JONAS ÖBERG, chair of scania open source program
- 2. Jonas Öberg / Open Source at Scania Always 46% Sometimes 42% Rarely 10% Never 2% How often do you try to find open source alternatives?When we ask how often our developers try to find open source options over other kinds of software, we see that 88% of our developers sometimes or always try to use open source. That’s interesting, considering 43% felt there was no policy for open source, it was not permitted, or they didn’t know. Regardless of guidelines and whether open source is encouraged or not, it seems our developers still give some preference to open source. WE’re on the way, but the road is long!
- 3. Jonas Öberg / Open Source at Scania 26% 51% 18% 5% 0% 10% 20% 30% 40% 50% 60% Very interested Somewhat interested Not too interested Not interested at all how interested are you in contributing to open source? Finally, we asked whether our developers have an interest in contributing to open source in the future. 77% are somewhat or very interested in contributing to open source. This gives us some reassurance that if we provide our developers with clear guidelines for contributing to open source, many will take us up on the opportunity to do so.
- 5. confidence in supply chain SPDX Bill-of- Material Mandatory Delivery of Required Compliance Artifacts OpenChain™ or TÜV SÜD TPS Standard PPP 15001A certification Q1 2020
- 6. Sure, we can do this! Q1 2019 Oh, this is actually hard work… Q4 2019 We now deliver!??
- 7. Export control is regulations that limit release of software, technology, services, knowledge to foreign countries: limiting our freedom to operate. Economic sanctions, trade restrictions, barriers, tariffs, embargoes. Designed to protect national security, foreign policy or domestic economic interests. confidence in freedom to operate
- 8. • Sensitive goods; software, technology and technical data, both physical items and transfer of software and technology (e.g. offering as download from a website) − Any goods transferred to a party with the intent of being used for military purposes, − Or, any goods which is part of the product control lists, which may be Dual Use items, i.e. items which can have both a civilian and military purpose. • Both require a license to export – unless they meet an exception • Applies regardless of how it’s transferred: electronically, post, on laptop when visiting foreign country, etc.. • Also apply to transfers within a group, e.g. Scania in Sweden to Scania in Brazil. What is affected by Export Control?
- 9. Self classify .. and then there are exceptions.. and exceptions to the exceptions. Quotation marks means the word is separately defined.
- 11. Contains Encryption? (Yes/No) Is encryption used for User Authentication? (Yes/No) Open-Source Encryption? (Yes/No) Generally available to the public by being sold without restriction from stock at retail points? (Yes/No) Encryption Type Used? (Symmetric/Asymmetric/Elliptic-Curve) Key-length used for the Encryption … Encryption Questionnaire
- 12. • The answers represent a statement of the capabilities of the software, easily understood by the developers. • Different organisations may interpret the answers differently. • No need for developers to make ECCN decisions. • Provides a way for developers to speak to export control groups. Interpretation
- 13. Introducing EXPORT.md Export-Declaration File v1.0 Contains-encryption: [Yes/No] Crypto-for-user-authentication: [Yes/No] ... Declared-ECCN: x-us:5D002 At least between Scania and FNC, we ask the same questions! And the answers can be shared. Export Control of Open Source Working Group – ECOS WG
- 14. confidence in softwareavoidance of physical harm
- 16. Open source / 3pp libraries/code Qualification Evidence that the software development process for the component is based on an appropriate national or international standard (e.g. ISO/IEC/IEEE 12207. Evidence that the software complies with its requirements, reactions to and description of anomalities etc. Complete code coverage including MC/DC (ASIL-D) 26262 Requirements Abridged No or almost no open source fulfilling this today.
- 17. tools TCL3 Confidence from use Evaluation of the tool development process Validation of the software tool Development according to a safety standard 26262 Requirements Highly recommends “For open source developments, some of the standards used by those communities can also be appropriate.” C,D C,D A,B A,B No or almost no open source fulfilling this today.
- 18. No or almost no open source fulfilling this today. Tomorrow?
- 19. supply chain OpenChain freedrom to operate export control of open source working group software ELISA ? Confidence
- 20. Jonas Öberg Scania CV AB <jonas.oberg@scania.com>