The handling of open source software (OSS) Is deeply anchored in emlix's DNA. It is also a big part of the expertise of the emlix developers. Many of them are involved in the development of OSS themselves and are familiar with the open-source-compatible development of software systems according to international community best practice. emlix is self-certified under ISO/IEC 5230:2020
Open source software is put together by emlix according to the specific requirements of the respective product and is parametrized, configured and optimized. It is particularly important for emlix's customers that this process conforms with current legal and specialist standards, and that the risks derived from using open source components are minimized.
Process-secure use of open source components
The aim of our open source management processes is to fulfil the quality requirements in relation to the source and origin of the components, their exact designation and version, their innovation and maintenance status and the licences they use, for all components used by emlix internally or in customer projects.
The main process steps in utilizing open source software are:
- Determination of selection and search criteria for OSS
- Examination of the technical suitability, licence conditions and relevance
- Decision to adopt in an industrial product (approval process)
- Taking over of original sources and meta information
- Determination and removal of dependencies
- Validation of the build process and the traceability
- Integration according to the architectural requirements of the system design
- Evaluation of the reproducibility of the system (build process)
- Creation of a component list (bill of material)
- Creation of the documentation for the system
- Provision of the system for tests and validation
- Provision of meta-information and licences (declaration process)
- Adoption into OSS maintenance and CVE monitoring
- Definition of the upstream supply chain
With this process as well as its tools for automation it is possible to realize a reliable open source supply chain. This also includes reliable and consistent compliance information. We thereby support the strategic aims of our customers actively.
BEST PRACTICE
PTW-Freiburg GmbHLinux platform for medical devices according to IEC 62304
The UNIDOS embedded Linux platform is the result of an intensive development cooperation between PTW and emlix. In order to meet the extensive requirements of norms over the entire product life cycle, e2factory was used as a software management and build-automation tool. Automation and reproducibility of tests were ensured through the emlix TAF Test Application Framework.