Open Source in Automotive

The cars of tomorrow will be defined by software advances and user-friendly technology interfaces that make drivers feel more connected with their cars, instead of leather seats and raw horsepower. As a result of this increasing complexity and the need for efficient and continual innovation, automotive manufacturers (OEMs), Tier 1 suppliers and automotive software developers are seeking partners to help them harness the unlimited ingenuity emerging from the OSS ecosystem to: Reduce development costs, Speed time-to-market of IVI systems, Gain competitive advantage through innovation. Automotive Grade Linux (AGL) is an open collaboration between contributors from the Automotive Industry, the Communications Industry and Semiconductor Industry, Community and others, combining open source components into a core operating system software stack suitable for automotive applications. AGL builds upon over $10B of investment made in the Linux kernel, as well as many other open-source software projects. It is leveraging the technology contributions made by the Communications, Consumer Electronics, and Enterprise Computing Industries while defining and developing new functionality. Black Duck is uniquely positioned to address the needs of the automotive industry with our trusted open source governance and compliance solutions and strategic open source policy development services. The Black Duck Suite allows automotive integrators, developers and independent software vendors (ISVs) to seamlessly implement OSS logistics and best practices while streamlining the development process and making the most efficient use of development resources.

Open Source Selection - During the open source selection process, the Suite provides developers with the latest information from the National Vulnerability Database, identifying the security vulnerabilities associated with a potential component. Open Source Approvals - Vulnerability data can be factored into the open source approval process, altering workflows based on the severity of an identified vulnerability. Post-deployment Monitoring - After a component has been selected, the Suite provides a continuous monitoring process ensuring that future security vulnerabilities associated with a specific component are quickly flagged for resolution.

Open Source Application Security: Managing application security is essential in today's complex IT environment. According to Forrester Research, most third-party code, including open source, is not tested for security vulnerabilities with the same level of rigor as in-house developed code. To truly protect your software applications from potential vulnerabilities, you need an accurate understanding of: What open source components are in your current products and applications? Where are developers acquiring these components? National Vulnerability Database: The National Vulnerability Database (NVD) is a public resource managed by the US Government that tracks security vulnerabilities reported for all types of software. Black Duck leverages the information tracked in the NVD to help automate and manage open source security. 

Open Source Governance & Compliance

The Black Duck Suite is the industry's leading OSS Logistics solution for managing security risks posed by the use of open source components. Customizable to fit an organization's risk profile and size, the Suite helps ensure open source application security by providing ongoing visibility into vulnerabilities throughout the software lifecycle, from the early stages of development when components are selected and approved to deployment.

References:
http://automotive.linuxfoundation.org/

https://www.blackducksoftware.com/solutions/open-source-governance-compliance
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRBPiVRLhrUHh2Uso7pVV9VvhUkSVguzcJ_8XvfQGvEp05RHg--zw