Embed Size (px)
Citation preview
Collaborative Large-scale Integrating Project
Open Platform for EvolutioNary Certification Of Safety-critical Systems
Final Report of Dissemination, Training, and Exploitation Activities
D9.6
Work Package: WP9: Dissemination, Training, and Exploitation Dissemination level: PU Status: Ready Date: 31 March 2015 Responsible partner: INTECS S.p.A. Contact information: [email protected]
PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the OPENCOSS Consortium. Neither this document nor the information contained herein shall be used, duplicated or communicated by any means to any third party, in whole or in parts, except with prior written consent of the OPENCOSS consortium.
Final Report of Dissemination, Training, and Exploitation Activities D9.6
FP7 project # 289011 2/74
Contributors
Document History
Version Date Remarks V0.1 2015-03-24 First Draft
Names Organisation Paolo Panaroni Intecs Andrea Musone Intecs Adrian Larkham Atego Systems Ltd. Martijn Klabbers Eindhoven University of Technology Eric Andrianarison Atego SAS
Final Report of Dissemination, Training, and Exploitation Activities D9.6
FP7 project # 289011 3/74
TABLE OF CONTENTS Executive Summary ............................................................................................................................... 7
Abbreviations and Definitions .............................................................................................................. 10
1 Introduction ............................................................................................................................. 12
2 Dissemination Actions Report .................................................................................................. 13 2.1 Introduction ........................................................................................................................... 13 2.2 Dissemination Objectives ....................................................................................................... 13
2.2.1 Objectives .................................................................................................................. 13 2.3 Dissemination Report ............................................................................................................. 14
2.3.1 Published Papers in International Journals, Conferences and Workshops .............. 14 2.3.2 Participation to Public Workshops and Conferences ............................................... 20 2.3.3 SASSUR Worhsop 2014 ............................................................................................. 25 2.3.4 SCSC Symposium 2015 .............................................................................................. 25 2.3.5 OPENCOSS Presentations to External Parties ........................................................... 26 2.3.6 Media Support........................................................................................................... 27 2.3.7 R&D Deliverables ...................................................................................................... 29 2.3.8 EAB - External Advisory Board .................................................................................. 31
3 Training Actions Report ............................................................................................................ 33 3.1 Introduction ........................................................................................................................... 33 3.2 Training Target Groups and Material ..................................................................................... 33 3.3 Internal Training ..................................................................................................................... 34 3.4 External Training .................................................................................................................... 34
3.4.1 Industrial Training ..................................................................................................... 34 3.4.2 Academic Training ..................................................................................................... 35
4 Exploitation Actions Report ...................................................................................................... 37 4.1 Growing reputation of OPENCOSS ......................................................................................... 37 4.2 Consortium-level Activities .................................................................................................... 38 4.3 Partners Exploitation .............................................................................................................. 39 4.4 AdaCore .................................................................................................................................. 39
4.4.1 Company profile ........................................................................................................ 39 4.4.2 OPENCOSS exploitation plans ................................................................................... 39 4.4.3 OPENCOSS related risks ............................................................................................ 39
4.5 Alstom .................................................................................................................................... 40 4.5.1 Company profile ........................................................................................................ 40 4.5.2 Business Idea/Product & Services ............................................................................. 40 4.5.3 Markets/Customers .................................................................................................. 40 4.5.4 Competitors .............................................................................................................. 40 4.5.5 Identified exploitable results .................................................................................... 41 4.5.6 Commercial value ...................................................................................................... 41 4.5.7 Risk Analysis .............................................................................................................. 41
4.6 Altreonic ................................................................................................................................. 41 4.6.1 Company profile ........................................................................................................ 41 4.6.2 OPENCOSS exploitation strategy .............................................................................. 41 4.6.3 OPENCOSS related risks ............................................................................................ 42
4.7 Atego ...................................................................................................................................... 43 4.7.1 Partner profile & Category ........................................................................................ 43
Final Report of Dissemination, Training, and Exploitation Activities D9.6
FP7 project # 289011 4/74
4.7.2 Markets/Customers .................................................................................................. 43 4.7.3 Risk Analysis .............................................................................................................. 43
4.8 INSPEARIT ............................................................................................................................... 44 4.8.1 Partner profile and category ..................................................................................... 44 4.8.2 Business Idea/Products & Services ........................................................................... 44 4.8.3 Markets/Customers .................................................................................................. 44 4.8.4 Competitors .............................................................................................................. 44 4.8.5 Identified exploitable results .................................................................................... 45 4.8.6 Commercial value ...................................................................................................... 45 4.8.7 Risk Analysis .............................................................................................................. 45
4.9 CRF .......................................................................................................................................... 46 4.9.1 Partner profile and category ..................................................................................... 46 4.9.2 Business Idea/Products & Services ........................................................................... 46 4.9.3 Markets/Customers .................................................................................................. 46 4.9.4 Competitors .............................................................................................................. 46 4.9.5 Identified exploitable results .................................................................................... 47 4.9.6 Commercial value ...................................................................................................... 47 4.9.7 Risk Analysis .............................................................................................................. 47
4.10 IKV .......................................................................................................................................... 48 4.10.1 Partner profile and category ..................................................................................... 48 4.10.2 Business Idea/Products & Services ........................................................................... 48 4.10.3 Markets/Customers .................................................................................................. 50 4.10.4 Competitors .............................................................................................................. 50 4.10.5 Identified exploitable results .................................................................................... 50 4.10.6 Commercial value ...................................................................................................... 51 4.10.7 Risk Analysis .............................................................................................................. 51
4.11 Intecs ...................................................................................................................................... 51 4.11.1 Partner profile and category ..................................................................................... 52 4.11.2 Business Idea/Products & Services ........................................................................... 52 4.11.3 Markets/Customers .................................................................................................. 53 4.11.4 Competitors .............................................................................................................. 53 4.11.5 Identified exploitable results .................................................................................... 53 4.11.6 Commercial value ...................................................................................................... 54 4.11.7 Risk Analysis .............................................................................................................. 54
4.12 Parasoft .................................................................................................................................. 54 4.12.1 Partner profile and category ..................................................................................... 55 4.12.2 Business Idea/Products & Services ........................................................................... 55 4.12.3 Markets/Customers .................................................................................................. 56 4.12.4 Competitors .............................................................................................................. 56 4.12.5 Identified exploitable results .................................................................................... 56 4.12.6 Commercial value ...................................................................................................... 57 4.12.7 Risk Analysis .............................................................................................................. 57
4.13 RINA ........................................................................................................................................ 58 4.13.1 Partner profile and category ..................................................................................... 58 4.13.2 Business Idea/Products & Services ........................................................................... 58 4.13.3 Markets/Customers .................................................................................................. 59 4.13.4 Competitors .............................................................................................................. 59 4.13.5 Identified exploitable results .................................................................................... 59 4.13.6 Commercial value ...................................................................................................... 60
Final Report of Dissemination, Training, and Exploitation Activities D9.6
FP7 project # 289011 5/74
4.13.7 Risk analysis ............................................................................................................... 60 4.14 Simula ..................................................................................................................................... 60
4.14.1 Partner profile and category ..................................................................................... 60 4.14.2 Business Idea/Products & Services ........................................................................... 61 4.14.3 Markets/Customers .................................................................................................. 61 4.14.4 Competitors .............................................................................................................. 61 4.14.5 Identified exploitable results .................................................................................... 61 4.14.6 Commercial value ...................................................................................................... 61 4.14.7 Risk Analysis .............................................................................................................. 62
4.15 Tecnalia .................................................................................................................................. 63 4.15.1 Partner profile and category ..................................................................................... 63 4.15.2 Business Idea/Products & Services ........................................................................... 63 4.15.3 Markets/Customers .................................................................................................. 64 4.15.4 Competitors .............................................................................................................. 64 4.15.5 Commercial value ...................................................................................................... 65 4.15.6 Risks Analysis ............................................................................................................. 65
4.16 Thales Avionics ....................................................................................................................... 66 4.16.1 Partner profile and category ..................................................................................... 66 4.16.2 Business Idea/Products & Services ........................................................................... 66 4.16.3 Markets/Customers .................................................................................................. 66 4.16.4 Competitors .............................................................................................................. 66 4.16.5 Identified exploitable results .................................................................................... 67 4.16.6 Commercial value ...................................................................................................... 67 4.16.7 Risk Analysis .............................................................................................................. 67
4.17 Eindhoven University of Technology/LaQuSo ....................................................................... 68 4.17.1 Partner profile and category ..................................................................................... 68 4.17.2 Business Idea/Products & Services ........................................................................... 68 4.17.3 Markets/Customers .................................................................................................. 69 4.17.4 Identified exploitable results .................................................................................... 69 4.17.5 Risk Analysis .............................................................................................................. 69
4.18 University of York ................................................................................................................... 70 4.18.1 Partner profile and category ..................................................................................... 70 4.18.2 Products & Services ................................................................................................... 70 4.18.3 Markets/Customers .................................................................................................. 71 4.18.4 Competitors .............................................................................................................. 71 4.18.5 Identified exploitable results .................................................................................... 72 4.18.6 Commercial value ...................................................................................................... 72 4.18.7 Risk Analysis .............................................................................................................. 73
5 Concluding Remarks ................................................................................................................. 74
Final Report of Dissemination, Training, and Exploitation Activities D9.6
FP7 project # 289011 6/74
List of Tables Table 1: List of terms ....................................................................................................................................... 10 Table 2: List of abbreviations and acronyms .................................................................................................. 10 Table 3: OPENCOSS partners, including official abbreviations, and their beneficiary number ...................... 11 Table 4: Dissemination milestones (last period) ............................................................................................. 13 Table 5: Publications of OPENCOSS ................................................................................................................ 14 Table 6: Public Deliverables ............................................................................................................................ 29 Table 7: Persons and Companies included in the EAB .................................................................................... 32
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 7/74
Executive Summary This is the third and final OPENCOSS report on dissemination, training, and exploitation activities, as planned by WP9 and as detailed anticipated in specific plans (D9.2A Dissemination Plan, D9.2B Training Plan and D9.3 Exploitation Plan). This document covers the dissemination, training, and exploitation activities during the period from 01 January 2014 till 31 March 2015 (end of the project). However, being this the last report, it provides also a cumulative overview of activities performed. DISSEMINATION The statistics on activities on dissemination show good results. About 37 papers published (and a number waiting for approval) About 44 events where OPENCOCSS was presented with an outreach of approximately 4.000 safety professionals (mostly by industry). Two workshops have been organised by OPENCOSS (SASSUR 2012-2013-2014-2015 and ICSR 2013). OPENCOSS results have been presented to external companies and research institutions. Two workshops were held with the External Advisory Board. A special issue of the IEEE Software magazine addressing Safety-Critical Software was published which included a side-bar section fully dedicated to OPENCOSS. Finally, a subset of all papers originated under the OPENCOSS Project are been considered to be published in a book titled Safety and Assurance in Critical Systems, with the following approach:
• the best papers of OPENCOSS • systematically collected • and logically organized
The publisher will be Springer. TRAINING We have distinguish 3 categories of training: internal training (within the partners), Academic training and Industrial training.
Internal training: it culminated and was completed in June 2014, in York. It was a full week- full immersion training dedicated on the OPENCOSS platform involving most partners. About 20 people attended. It included also a number of hands-on exercises. A unique co-located opportunity for deep discussions and clarifications. This follows other internal training activities in the previous years:
• Goal Structuring Notation (University of York) • Model Based Engineering Design (Atego) • DO-178B/C and DO-254 Workshop (Atego) • ISO 26262 Workshop (INTECS) • CENELEC 5012x (RINA and Atego)
Academic training : the following initiatives occurred in the period.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 8/74
• Technical University of Eindhoven (in cooperation with TNO) gave OPENOCSS lessons by
repeating in 2014 similar lessons given in 2013. The OPENCOSS is becoming integral part of its syllabus.
• Mälardalens University (Sweden) accepted to use OPENCOSS as part of their new Safety Syllabus.
• University of Florence (Italy) accepted to use OPENCOSS as input for their safety courses. • University of York committed to use OPENCOSS as part of its syllabus targeting their
industrial students (seminars, workshops, etc.) • Contacts with other academic organizations are still in progress.
Industrial Training The consortium has been waiting to run industrial training to avoid the boomerang effects of providing training on early unstable prototypes and methodologies. Once results were consolidated a systematic approach to industrial training, was taken to support industrial seminars, including the preparation of standard seminar material and an attractive video. The first industrial training actions has been targeted to all EAB External Advisory Board Member, as to receive final feedback both on contents an style being targeted at industry acceptance.
In the mean-time a number of contacts have been taken to run specific seminars ether within the partners internal departments (e.g. Thales, FIAT, Alstom) and to other industrial organizations such as Astrium, AgustaWestland, Continental, Magneti Marelli.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 9/74
EXPLOITATION During this last period, the most relevant, long term and strategic consortium exploitation action has been to formally join the Topcased/Polarsys initiative (that, in turn is part, of the Eclipse initiative). Polarsys, originally funded by the French government mainly in support of its aerospace industry, is now a full European (and international) open source initiative driven (and funded) by large customers such as Airbus, Thales, Ericsson, Continental, etc.
Polarsys consists of an open source platform and a set of tools supporting system/software engineering for critical projects covering aerospace (Airbus, Thales, etc.), but also telecom (Ericsson), automotive (Continental) and likely soon also railway (see the confluence of the OpenETCS initiative, led by Deutsche Baan). After a joint event and stand organized in Toulouse at ERTS 2014, Polarsys was glad to accept the OPENCOSS tools integration as they consist of a unique new breed of tools (and methods) in support of safety certification, thus adding value to the entire platform. This alliance with Polarsys is a strategic exploitation action, at the project level, that should provide a foundation and context for the individual partners exploitation activities. It will also secure the OPENCOSS long term impact and visibility and may be the basis for further R&D activities. In addition, the OPENCOSS project has actively contributed to the definition of a safety case standard from OMG (Object Management Group) called SACM - Structured Assurance Case Metamodel. The standard can be freely downloaded from http://www.omg.org/spec/SACM/1.0/ This standard provides and industrial long term foundation to represent assurance cases. Individual partners exploitations are detailed in a dedicated chapter.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 10/74
Abbreviations and Definitions Table 1: List of terms
Term Definition Dissemination Publication or presentation of project expected results and projects actual
results to a target group with the intention to promote the use of project results.
Exploitation Taking industrial advantage of projects results by the project partners as a whole consortium or individually. Exploitation will be addressed in Deliverable 9.3 of the OPENCOSS project.
Network building Any dissemination activity (not related to a publication or a web site) that aims to involve people outside the OPENCOSS network to introduce to the OPENCOSS community, its activities, and/or its products.
Publication The act of publication means any information or result disseminated to third parties in writing and/or multimedia.
Target Group The target group concerns those who will be directly, or indirectly, positively affected by the project, its activities, and/or its results.
Teacher A person qualified to provide formal training Technology transfer Dissemination activities to transfer specific technological knowledge from the
OPENCOSS activities to people outside the OPENCOSS community. Training Knowledge transfer of project results internally with the consortium partners
and/or to a target group, as part of dissemination and/or exploitation. Training supports familiarization with project results, internally within the consortium partners, and toward a target group.
Training Activity An activity with the purpose of training, be it a course, a seminar, a video, etc. Training Event The execution of a training activity at a given date, time and location, and with
given participants. Training Material Any information used to support a training activity. Training Target Group Those who will be positively affected, directly or indirectly, by the project
through its activities and its results. Web Site Dissemination activities related to publications in an electronic form at a
certain URL (Uniform Resource Locator – or web address).
Table 2: List of abbreviations and acronyms
Term Definition Explanation DoW Description of Work The main and agreed document describing the project activities. ERTS Embedded Real Time
Systems
INCOSE Conference International Council on Systems Engineering SAFECOMP Conference International Conference on Computer Safety, Reliability and
Security SASSUR Workshop created by
OPENCOSS System Assurance Approaches for Safety-Critical Systems
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 11/74
Table 3: OPENCOSS partners, including official abbreviations, and their beneficiary number
Beneficiary ID Abbreviation Partner name
1 TEC TECNALIA Research & Innovation 2 ALS ALSTOM Transport 3 RIN RINA Services SpA 4 ADA AdaCore 5 TU/e Eindhoven University of Technology 6 PSF Parasoft SA 7 INT Intecs 8 ATU ATEGO UK 9 SIM Simula Research Laboratory
10 IKV ikv++ technologies ag 11 ATF ATEGO France 12 INS Inspearit (former DNV ITGS) 13 ALT ALTREONIC 14 HPD HPDahle 15 UOY University of York 16 CRF Centro Ricerche Fiat S.C.p.A. 17 TAV THALES Avionics
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 12/74
1 Introduction The OPENCOSS project aims at having a substantial impact on the safety critical systems community reducing costs and time for certification and reuse of “pre-certified” subsystems within and across application domains (e.g. avionics, railway, automotive). It also aims at supporting rapid evolution of systems by optimizing the “re-certification” process. The project placed a cornerstone in the safety culture by collecting the certification best practices, from different application domains, and stressing a common conceptual framework and language. This has been the basis for common approaches and support tools leading to safe systems certification. Dissemination, training, and exploitation play a crucial role in creating awareness of projects results and its potential benefits, and support faster and widespread adoption. This document reports the progress of OPENCOSS dissemination, training, and exploitation for the period from January 2014 till March 2015 (month 28 to 42, i.e. one year + 3 months). Although many activities have some overlap and mutual influences, and also affect WP8 activities (standardisation and community building)–, the results will be presented as much as possible according the separate WP9 tasks (Task T9.1 dissemination, T9.2 training, and T9.3 exploitation). Based on the strategies and plans described in the OPENCOSS deliverables of Work package 9 (D9.1 Collaboration Platform, D9.2A Dissemination Plan, D9.2B Training Plan, and D9.3 Exploitation Plan) this report shows how these strategies and plans have been realised in practice and what the results are. The document is structured as follows: after this introduction, it describes the results of dissemination in Chapter 2, training in Chapter 3, and exploitation in Chapter 4. This document ends with Chapter 5, the conclusion. In the appendices, dissemination and training events are listed showing the performed activities cumulative from the start of the project with a focus on the reporting period (01 January 2014 to 31 march 2015). A description of the dissemination categories and dissemination assessment ranking is also provided.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 13/74
2 Dissemination Actions Report
2.1 Introduction
The basis for the dissemination action report is in the Dissemination Plan (D9.2A). This plan has been elaborated to coordinate and discipline the dissemination activities. It was revised in a second issue, in order to include EC recommendations.
In this last period, the focus of dissemination activities has been on raising awareness of the project results, publicising key challenges addressed by the project as well as collecting feedback from the relevant (external) stakeholders. The target audience for these activities has been mainly the wider industrial community (with the focus on equipment suppliers and platform integrators) but also scientific and research community. The External Advisory Board (EAB) and a number of engineering and safety related conferences have been targeted for this reason.
2.2 Dissemination Objectives
2.2.1 Objectives During month 28 to 42 the dissemination activities have focussed on the following areas: • Raising awareness of the project results (not just its objectives), including a final presentation “event”
placed at a major conference. • Advertising key challenges addressed by the project and its results as well as collecting feedback from
the relevant (external) stakeholders.
To these ends, OPENCOSS has: • Organised public workshops on compositional certification and cross-domain reuse of certification
artefacts. A one day workshop for the EAB was co-located with SAFECOMP 2014 in Florence, a prominent conference in the area of dependable systems engineering.
• Published papers in international conferences and workshops. Each core work package of OPENCOSS has published papers to raise awareness of its results for both industrial as well as the academic target audience.
The OPENOCSS consortium has, also contributed to relevant active standardisation working groups.
All dissemination materials have been uploaded onto the internal collaboration platform and, where permissible by the copyright and non-disclosure agreements, onto the project’s public website. If not permissible, a link to the publication has been added instead. A number of key dissemination milestones have been reached. These are listed in Table 4.
Table 4: Dissemination milestones (last period)
Dissemination milestones Description Lead partners
Dissemination of R&D Published a book from Springer with a selection of best papers from OPENCOSS
TEC
Standardization of methods SACM becomes an OMG standard UOY
Standardization of tools OPENCOSS joins the Polasrys initative.
TEC, INT
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 14/74
Dissemination milestones Description Lead partners
Final workshop A final presentation of OEPNCOSS is given to the SCSC Symposium to show OPENCOSS framework to an industrial community
UOY
2.3 Dissemination Report
2.3.1 Published Papers in International Journals, Conferences and Workshops Table 5 shows all papers that have been published or accepted by prestigious international events (also beyond Europe). In this table, the contributing partners, the main location for the presentation of the paper or workshop, and a description and link are provided. The papers very often include authors from multiple partners which demonstrate the good cooperation between partners. The following is a cumulative list from project start. Paper published during the last reporting period have dates indicated in bold.
Table 5: Publications of OPENCOSS
Title Authors Review or Conference Proceedings Date Publisher Place URL
Challenges for an Open and
Evolutionary Approach to Safety
Assurance and Certification of Safety-Critical
Systems
Huáscar Espinoza, Alejandra Ruiz (TEC), Mehrdad Sabetzadeh (SIM), Paolo Panaroni (INT)
WOSOCER 2011 (International Workshop on Software Certification, satellite event of ISSRE 2011, the IEEE International Symposium of Software Reliability Engineering) This paper has been recently cited by Nancy Leveson in its paper: Improving Hazard Analysis and Certification of Integrated Modular Avionics
Nov 29 - Dec 2, 2011
IEEE Hiroshima PDF
A harmonized multimodel
framework for safety environments
Xabier Larrucea (TEC), Paolo Panaroni (INT)
EuroSPI2 Conference 2012 Jun 25-27, 2012 Springer Vienna Springe
rLink
Towards a Case-Based Reasoning
Approach for Safety Assurance Reuse
Alejandra Ruiz, Ibrahim Habli, Huáscar Espinoza
Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR), 31st International Conference on Computer Safety, Reliability and Security (SAFECOMP 2012)
Sep 25, 2012 Springer Magdeburg Springe
rLink
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 15/74
Title Authors Review or Conference Proceedings Date Publisher Place URL
Towards a Model-Based Evolutionary
Chain of Evidence for Compliance with Safety Standards
Jose Luis de la Vara, Sunil Nair, Eric Verhulst, Janusz Studzizba, Piotr Pepek, Jerome Lambourg, Mehrdad Sabetzadeh
Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR), 31st International Conference on Computer Safety, Reliability and Security (SAFECOMP 2012)
Sep 25, 2012 Springer Magdeburg Springe
rLink
An Unified Meta-Model for
Trustworthy Systems Engineering
Eric Verhulst, Bernhard H. C. Sputh
Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR), 31st International Conference on Computer Safety, Reliability and Security (SAFECOMP 2012)
Sep 25, 2012 Springer Magdeburg Springe
rLink
A Preliminary Study towards a
Quantitative Approach for
Compositional Safety Assurance
A. Ruiz, H. Espinoza, F. Tagliabo, Sandra Torchiaro, Alberto Melzi
21st Safety-Critical Systems Symposium
15-17 October
2013 NA Cardiff
IET TV link; ACM Library link
Supporting the Verification of
Compliance to Safety Standards via Model-Driven Engineering:
Approach, Tool-Support and
Empirical Validation
Rajwinder Kaur Panesar-Walawege, Mehrdad Sabetzadeh, Lionel Briand
Journal of Information and Software Technology, Volume 55, Issue 05
May, 2013 Elsevier NA DOI
Nuanced term-matching to assist in compositional safety
assurance
Katrina Attwood, Philippa Conmy
1st International Workshop on Assurance Cases for Software-intensive Systems (ASSURE 2013)
May 19, 2013 NA San
Francisco
PDF (preprint)
Extracting Models from ISO 26262 for
Reusable Safety Assurance
Yaping Luo1, Mark van den Brand, Luc Engelen, John Favaro, Martijn Klabbers, and Giovanni Sartori
13th International Conference on Software Reuse
12-13 June 2013 Springer Pisa Sprin
gerLink
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 16/74
Title Authors Review or Conference Proceedings Date Publisher Place URL
Making Software Safety Assessable and Transparent
Risto Nevalainen, Alejandra Ruiz, and Timo Varkoi
20th EuroSPI2 Conference 2013
25-27 June 2013 Springer Dundalk Sprin
gerLink
A Review of Traceability Research at the Requirements
Engineering Conference
Sunil Nair, Jose Luis de la Vara, Sagar Sen
21st IEEE International Requirements Engineering Conference
15-19 July 2013 IEEE Rio de
Janeiro IEEE
Explore
On the Use of Goal Models and Business Process Models for
Elicitation of System Requirements
Jose Luis de la Vara, Juan Sánchez, Oscar Pastor
14th Working Conference on Business Process Modeling, Development, and Support (BPMDS'13)
17-18 June 2013 Springer Valencia
(Spain) Sprin
gerLink
Classification, Structuring, and Assessment of
Evidence for Safety: a Systematic
Literature Review
Sunil Nair, Jose Luis de la Vara, Mehrdad Sabetzadeh, Lionel Briand
6th IEEE International Conference on Software Testing, Verification and Validation (ICST 2013)
18-22 March 2013
IEEE Luxemburg IEEE Explore
SafetyMet: A Metamodel for Safety
Standards
J.L. de la Vara and R.K. Panesar-Walawege
ACM/IEEE 16th International Conference on Model Driven Engineering Languages and Systems (MODELS 2013)
29 Sep – 4 Oct, 2013
Springer Miami SpringerLink
Specifying a Framework for
Evaluating Requirements Engineering Technology:
Challenges and Lessons Learned
J.L. de la Vara, D. Falessi, and E. Verhulst
3rd IEEE International Workshop on Empirical Requirements Engineering (Empire 2013)
July 15, 2013 IEEE Rio de
Janeiro IEEE
Explore
Dealing with Software Model
Quality in Practice: Experience in a
Research Project
J.L. de la Vara and H. Espinoza
1st International Workshop on Quality and Measurement of Software Model-Driven Developments (QUAMES 2013)
July 29-30 2013 IEEE Nanjing IEEE
Explore
Conceptualisation of Industrial Safety
Assurance Activities: Towards Computer-Aided Certification
Katrina Attwood, Fabien Belmonte, Laurent de la Beaujardière and Andrea Palermo
International Workshop on Model-Based Safety Assurance 2013
March 2013 NA Paris NA
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 17/74
Title Authors Review or Conference Proceedings Date Publisher Place URL
The role of the safety-case lexicon in
cross-domain translation: the
OPENCOSS project
Katrina Attwood
Independent Safety Assurance Group/Safety-Critical Systems Club Workshop 'Transferable Safety - fact or fiction?'
Dec 5, 2013 NA London PDF
Cross-domain systems and safety
engineering: is it feasible?
Eric Verhulst
Flanders Drive seminar: Functional Safety in the Vehicle Industry
Jan 17, 2013 NA Brussels
Altreonic link
A Preliminary Study towards a
Quantitative Approach for
Compositional Safety Assurance
A. Ruiz, H. Espinoza, F. Tagliabo, Sandra Torchiaro, Alberto Melzi
21st Safety-critical Systems Symposium
Feb 5-7, 2013 NA Bristol IET
TV link
ARRL: A Criterion for Composable Safety
and Systems Engineering
Eric Verhulst, Bernhard Sputh (Altreonic), Jose Luis de la Vara (Simula), Vincenzo de Florio (University of Antwerp)
2013 Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR), part of the 32nd International Conference on Computer Safety, Reliability and Security (Safecomp)
Sep 24-27, 2013 NA Toulouse PDF
From Safety Integrity Level to Assured
Reliability and Resilience Level for Composable Safety
Critical Systems
Eric Verhulst, Bernhard Sputh, Jose Luis de la Vara, Vincenzo de Florio
ICSSEA November 2013 NA Paris PDF
ARRL: A criterion for compositional safety
and systems engineering: A
normative approach to specifying components
Eric Verhulst, Bernhard Sputh
ISSRE 2013 November 2013 IEEE Pasadena IEEE
Explore
Towards a multi-view point safety contract
Alejandra Ruiz, Tim Kelly, Huascar Espinoza
Proceedings of Workshop SASSUR (Next Generation of System Assurance Approaches for Safety-Critical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security
24-27 September
2013 NA Toulouse PDF
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 18/74
Title Authors Review or Conference Proceedings Date Publisher Place URL
Adequacy of contract grammars for component
certification (Fast Abstract)
Alejandra Ruiz, Huascar Espinoza, Tim Kelly
32nd International Conference on Computer Safety, Reliability and Security
24-27 September
2013 NA Toulouse PDF
Safety Evidence Traceability: Problem Analysis and Model
Sunil Nair , Jose Luis de la Vara, Alberto Melzi, Giorgio Tagliaferri, Laurent de-la-Beaujardiere and Fabien Belmonte
20th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2014)
April 7-10, 2014 NA Essen PDF
Extracting Models from ISO 26262 for
Reusable Safety Assurance
Yaping Luo, Mark van den Brand, Luc Engelen, Martijn Klabbers, Giovanni Sartori
Safe and Secure Software Reuse, Lecture Notes in Computer Science
2013 Springer Springer SpringerLink
From Conceptual Models to Safety
Assurance
Yaping Luo, Mark van den Brand, Luc Engelen, Martijn Klabbers
Conceptual Modeling, Eric Yu, Gillian Dobbie, Matthias Jarke, Sandeep Purao (eds.)
2013 Springer Springer SpringerLink
A Modeling Approach to Support Safety Assurance in the
Automotive Domain
Yaping Luo, Mark van den Brand, Luc Engelen, Martijn Klabbers
Progress in Systems Engineering 2014 Springer Springer Sprin
gerLink
Metamodel Comparison and
Model Comparison for Safety Assurance
Yaping Luo, Luc Engelen, Mark van den Brand
Computer Safety, Reliability, and Security 2014 Springer Springer Sprin
gerLink
The use of Controlled Vocabulary and
Structured Expressions in the Assurance of CPS
Katrina Attwood, Philippa Conmy, Tim Kelly
Challenges and New Approaches for Dependable and Cyber-Physical Systems Engineering (De-CPS 2014), part of Ada Europe 2014
Jun 23, 2014 Ada Europe Paris
Ada User Journal, Vol. 35, N. 3 Sep 2014
An Extended Systematic Literature Review on Provision
of Evidence for Safety Certification
Sunil Nair, Jose Luis de la Vara, Mehrdad Sabetzadeh, Lionel
Information and Software Technology, Volume 56, Issue 7
July, 2014 Elsevier Elsevier (North-Holland)
ScienceDirect
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 19/74
Title Authors Review or Conference Proceedings Date Publisher Place URL
C. Briand
Current and necessary insights
into SACM: An analysis based on past publications
Jose Luis de la Vara
IEEE 7th International Workshop on Requirements Engineering and Law (RELAW 2014)
Aug 26, 2014 IEEE Karlskrona DOI
Quantifying Uncertainty in Safety
Cases Using Evidential Reasoning
Sunil Nair, Neil Walkinshaw, Tim Kelly
Proceedings of SAFECOMP Workshops 2014
Sep 10-12, 2014 Springer Firenze DOI
Supporting the verification of
compliance to safety standards via model-driven engineering:
Approach, tool-support and
empirical validation
Rajwinder Kaur Panesar-Walawege, Mehrdad Sabetzadeh, Lionel Briand
Information and Software Technology, accepted December, 2014
2015 Elsevier Elsevier (North-Holland)
DOI
Systematic Application of ISO 26262 on a SEooC
Alejandra Ruiz, Alberto Melzi, Tim Kelly
Design, Automation and Test in Europe 2015 (DATE15)
Mar 9-13, 2015 NA Grenoble PDF
Evidence Management for Compliance of
Critical Systems with Safety Standards: A Survey on the State
of Practice
Nair, S., de la Vara, J.L., Sabetzadeh, M., Falessi, D
Information and Software Technology 60: 1-15 (2015) April, 2015 Elsevier Elsevier DOI
Controlled Expression for
Assurance Case Development
Katrina Attwood and Tim
Kelly
Engineering Systems for Safety: Proceedings of the
23rd Safety-Critical Systems Symposium
February 2015
Mike Parsons and Tom
Anderson (eds)
Bristol
You can also visit the project web site to see the full list of papers published at http://www.opencoss-project.eu/node/8.
In addition to these papers the consortium was successful in organizing a special issue of IEEE Software Magazine dedicated to safety critical software. An internal section (a side box) was dedicated to OPENCOSS. IEEE Software is likely the most prestigious magazine for software professionals. Finally, a subset of all papers papers originated under the OPENCOSS Project have been publishedin a book titled Safety and Assurance in Critical Systems, with the following approach:
• the best papers of OPENCOSS • systematically collected • and logically organized
The publisher will be Springer.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 20/74
2.3.2 Participation to Public Workshops and Conferences A number of workshops and conferences have been held. This is a cumulative list from project start. Events within the last reporting period have dates marked in bold.
Type Lead Title Date Place Audience People Country
Symposium INT
OPEES - Open Platform for the Engineering of Embedded Systems The project aims at the exploitation of the Topcased platform to be named Polarsys
22 Sep 2011
Paris Industrial 20 Europe
Workshop
ATG UK, RIN, TEC, SIM
Railway Safety Technology Research Centre (RSTRC) Workshop on Software Assessment and Certification for Railway Applications, held at the University of York
27 Sep 2011
York Industrial 20 Europe
Award INS
Inspearit is awardwed the ”qualification enterprise innovant OSEO” thanks to the participation in OPENCOSS
3 Nov 2011 NA Industral 20 France
Meeting INT
European Union Strategy 2020 on Advanced Systems Engineering, organized by IDC Market Research and European Commission, OPENCOSS was referred
15 Nov 2011
Brussels Industrial and Resaarch
30 Europe
Conference ADA, TEC, INT
Certification Together International Conference
29 Nov – 1 Dec 2011
Toulouse Industrial 300 Europe (mainly France)
Workshop SIM
WOSOCER 2011 International Workshop on Software Certification, Satellite event of ISSRE IEEE International Symposium of Software Reliability Engineering
29 Nov – 2 Dec 2011
Japan Research 100 International
Workshop INT, CRF, RIN
Automotive SPIN - Software Process Improvment Network Workshop
1 Dec 2011 Milan Industrial 90 Italy
Meeting ALS UNIFE WG 6 Dec 2011 Brussels Industrial 20 Europe
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 21/74
Type Lead Title Date Place Audience People Country
Meeting TAV, INT, TEC
CESAR and SAFECER rendez-vous Meeting hosted by CG2E Club des Grande Enerpises de l’Embarque
31 Jan 2012
Tolouse Industrial and Research
40 Europe
Conference INT ERTS 2012 Embedded Real Time Systems Conference
1-3 Feb 2012
Tolouse Industrial 200 Europe (mainly France)
Workshop ATF Solutions Critique: Solutions de Modelisation
2 Mar 2012
Paris Industrial 20 France
Conference
TAV, INT, TEC, PAR,
Embedded Word 2012 Connected with ARTEMIS Days
28,29 Feb - 1 Mar 2012
Nuremberg Industrial 300 International
Conference CRF, IKV ISO 26262 Conference
28-30 Mar 2012
Berlin Industrial 100 Inetrnational
(mainly Germany)
Conference TEC SEPG Europe 2012 5-7 Jun 2012
Madrid Industrial 120 Europe
Conference TEC, INT EuroSPI 2012
25-27 Jun 2012
Vienna Industrial 100 Europe
Conference INT International INCOSE Conference 2012
9-12 Jul 2012
Rome Industrial 500 Inetrnational
Meeting SIM Ad hoc presentation 15 Jul 2012 Valencia Industrial 20 Spain
Conference PAR Automotive testing EXPO 12-14 Jul 2012
Stuttgart Industrial 50 Germany
Workshop TEC SAFECOMP 2012 - SASSUR event 25-28 Sep 2012
Magdeburg Industrial and Research
40 Europe
Conference ATF
ITSLE2012: Industrial Track of Software Language Engineering http://planet-sl.org/itsle2012/ Workshop at SLE 2012
25 Sept 2012
Dresden, Germany Research 50 Germany
Symposium IKV Symposium Achieving Functional Safety in Avionics & Automotive
17 Oct 2012
Berlin Industrial 100 Germany
Seminar ALT Flanders Drive seminar: Functional Safety in the Vehicle Industry
17 Jan 2013
Brussels Industrial 40 Belgium
Symposium TEC, CRF
21st Safety-critical Systems Symposium
5-7 Feb 2013
Bristol Industrial 140 Europe
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 22/74
Type Lead Title Date Place Audience People Country
Conference SIM IEEE International Conference on Software Testing, Verification and Validation
18-22 Mar 2013
Luxembourg Industrial and Research
30 Europe
Meeting RIN
EXCROSS It is a Supporting Action of the European Commission to enhance cross-fertilization and synergies between safety research initiatives in the different transportation modes (e.g. road transportation, aviation, etc.). http://www.excross.eu/index.htm
14 May 2013
Glasgow Industrial and Research
20 Europe
Conference
INT, TUE, TEC, UOY
ICSR International Conference on Software Reuse Safety and Security
18-20 Jun 2013
Pisa Industrial and Research
50 International
Workshop TEC, UOY
ASSURE 2013 The 1st International Workshop on Assurance Cases for Software-intensive Systems in conjunction with ICSE 2013
19 May 2013
San Francisco (US)
Industrial and Research
50 Europe
Conference TEC EUROSPI 2013 25-27 June 2013
Ireland Industrial and Research
80 Europe
Conference IKV 11th IEEE International Conference on Industrial Informatics (INDIN’2013)
29-31 June 2013
Bocuhm (D) Industrial and Research
30 Europe
Workshop SIM EmpiRE 2013 IEEE Workshop http://selab.fbk.eu/empire2013
15 Jul 2013
Rio De Janeiro
Industrial and Research
30 Brasil
Workshop TEC, INT
SASSUR 2013 In conjunction with SAFECEOMP 2013
24 Sept 2013
Toulouse Industrial and Research
40 Europe
Meeting RIN; FIAT
EXCROSS EXCROSS is a Supporting Action of the European Commission to enhance cross-fertilization and synergies between safety research initiatives in the different transportation modes (e.g. road transportation, aviation, etc.).
18 Oct 2013
Turin Industrial 30 Europe
Meeting UOY Transferable Safety SCSC 5 Dec 2013 London Industrial 20 Europe
Symposium UOY, ADA SCSC Safety Critical Symposium
4-6 Feb 2014
Brighton Industrial 150 Europe
Conference INT, ALT, ATE,
ERTS Embedded Real Time Systems Conference
5-7 Feb 2014
Toulouse Industrial 300 Europe
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 23/74
Type Lead Title Date Place Audience People Country
ADA
Conference INT, ADA
Ada Europe, Reliable Software Technologies Combined with De-CPS workshop
23-27 Jun 2014
Paris Industrial and Research
200 Europe
Conference IKV, UOY VDA Conference
9-11 July 2014
Berlin Industrial 150 Gemany
Workshop SIM RELAW 2014 Requirements Engineering
26 Aug 2014
Sweden Industrial and Research
50 Sweden
Workshop TEC, INT
SASSUR Satellite event of SAFECOMP
10-17 Sept 2014
Florence Industrial and Research
40 Europe
Symposium UOY, ADA SCSC Safety Critical Symposium
4-6 Feb 2015
Bristol Industrial 150 Europe
Conference TUE Modelsword 2015 9-11 Feb 2015
Anger (F) Industrial and Research
20 France
Conference TUE ICT Open Conference 24-25 Mar 2015
Amersfoort (NL) Industrial 40 Netherlands
Meeting TUE SmartMobility Research Meet 26 Mar 2015
Eindovhen Industrial 20 Netherlands
Workshop ALT Advanced Embedded Systems Engineering Workshop
31 Mar 2015
Nurenberg Industrial 50 Germany
Two workshops are worth citing separately, as specifically organized by OPENCOSS: SASSUR and ICSR.
The following two diagrams provide a visual and geographical representation of the scope and intensity of dissemination events world-wide with focus in Europe.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 24/74
And a focus on Europe.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 25/74
2.3.3 SASSUR Worhsop 2014
It was organized as satellite event of SAFECOMP 2014, in Florence September, SASSUR stays for:
Next Generation of System Assurance Approaches for Safety-Critical Systems
Chairs:
• Alejandra Ruiz - Tecnalia Research & Innovation, Spain
• Tim Kelly – University of York, UK
• Jose Luis de la Vara – Simula Research Laboratory, Norway Abou 40 people attended with a unique chance to exchange ideas across the best R&D projects all over Europe.
2.3.4 SCSC Symposium 2015 This event has been designed to act as a final presentation event for OPENOCOSS. A boot was dedicate by OPENCOSS and an overall presentation was given. More detailes below.
The System Safety Symposium is an annual meeting of safety specialists organised in the UK by the Safety Critical Systems Club. This year’s meeting was held at the Marriot Royal Hotel, Bristol, UK and attracted an audience of some 150 safety professionals, mainly from the UK, the US and mainland Europe (Germany, Austria and France were particularly well-represented). Although there were a few academic participants, the majority (by a ratio of 9:1) were industrialists, drawn from a wide variety of safety domains, including transportation, energy and defence. OPENCOSS was represented in two distinct events at the Symposium. Katrina Attwood (University of York) gave a presentation to the meeting as a whole. The presentation was entitled ‘Controlled Expression for Assurance Case Development’ and opened with a summary of OPENCOSS as a whole, the consortium and the objectives of the project, before moving on to present work from WPs 4 and 5, centering on the Automotive Case Study. The argumentation and vocabulary metamodels were described and explained, with links to the standardization work the project has been involved in with the OMG. Case study examples from automotive, focusing on the CCL metamodel – standard vocabulary model (ISO 26262) – project model structure were presented, centering on the reuse of assurance information and argumentation associated with a braking subsystem. There was a lively question-and-answer session following the presentation: questions focussed on the desirability and feasibility of defining generic vocabularies for safety-critical domains. In general, feedback on the presentation was very positive – both within the session and in conversations and references from other presentations later in the Symposium. Katrina received feedback from the organiser of the session
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 26/74
(Safety Team Leader from CGI) some days later, in which he said: “I thought OPENOCSS presentation was very interesting and important.” Secondly, the OPENCOSS project had a stand at the Exhibition. The stand was manned by staff from the University of York, and was on display for the two main days of the conference. There was also an evening event held in the exhibition area, in which conference participants were encouraged to visit the display stands and discuss the project with staff. Katrina Attwood and Tim Kelly were on hand to answer participants’ questions about OPENCOSS, and presented the project to interested safety practitioners. Previous newsletters were also available in hard copy for people to take away. Again, the project was well-received – several people asked for links to the website, in order to consult project publications, and one person offered support for tool validation in future iterations, if needed.
2.3.5 OPENCOSS Presentations to External Parties To increase the dissemination outreach to external companies, we mention a small number of examples, like the achievements of Simula, Eindhoven University of Technology, Altreonic, and IKV, which have presented the OPENCOSS goals and ideas to the companies that they have close relationships with. Simula has been in contact with many practitioners because of the surveys in which they have collaborated, on safety evidence management and on change impact analysis of safety evidence. Other partners have done so as well in the light of their main contributions to OPENCOSS. A small excerpt from the list of companies that have received an OPENCOSS presentation:
• FMC Technologies (Norway) • Kongsberg Maritime (Norway) • DNV (Norway) • DAF Trucks (Netherlands) • Toyota (Japan)
Research institutions at which partners have presented OPENCOSS:
• Technical University of Valencia (Spain) • Lund University (Sweden) • Bournemouth University (UK) • Diego Portales University (Chile) • Andres Bello University (Chile)
Other companies with which partners have discussed about OPENCOSS:
• Daimler (Germany) • Autronica (Norway) • Siemens (Germany) • High Tech Automotive Campus Helmond (Netherlands) • AgustaWestland (Italy) (presntation planned) • Continental (Germany) • Astrium (now Airbus) (Toulouse, France) (presentation planned)
Other research institutions with which partners have discussed about OPENCOSS:
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 27/74
• University of Kentucky (USA) • High Tech Automotive Campus Helmond (Netherlands) • DePaul University (USA) • Carnegie Mellon (USA) • University of Trento (Italy) • INRIA (France) • University of Ottawa (Canada) • Paluno - Ruhr Institute for Software Technology (Germany) • Ilmenau Technical University (Germany) • Mälardalens University (Sweden) accepted to use OPENCOSS as part of their new Safety Syllabus. • University of Florence (Italy) accepted to use OPENCOSS as input for their safety courses.
From the publications, it also shows that there are many research institutions with which partners have or have had concrete scientific collaborations related to OPENCOSS:
• University of Luxembourg (Luxembourg) • Fraunhofer CESE (USA) • Lund University (Sweden) • Technical University of Valencia (Spain) • University of Antwerp (Belgium) • Diego Portales University (Chile) • Andres Bello University (Chile) • Bournemouth University (UK)
2.3.6 Media Support As presented in the last deliverable, the basic dissemination infrastructure is in place and is used. This includes:
• Project logo. • Project website: is kept up to date with the newly produced deliverables. • LinkedIn: members keep the discussions alive, though the activity is lower than before (more than
200 members) • Twitter: installed and used. • Facebook: installed. Though LinkedIn, as a professional network seems to be more suitable. • Fact sheets, Brochure, Leaflet • Newsletters: The 5th, 6th and 7th newsletter has been published in this last period, as usual
collating all the relevant project facts in the period, plus a technical insight on a project-related subject.
• General presentations (5 to 10 minutes and 20 to 30 minutes). • Position paper (OPENCOSS position paper). • Press releases. • A roll-up poster (initial, with goals) • A roll-up poster (final, with results) • A video (see below)
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 28/74
Last, but not the least, a video has been prepared to support high quality, attractive, complete and consistent presentations of OPENCOSS results across industries.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 29/74
2.3.7 R&D Deliverables A number of OPENCOSS deliverables produced in the reporting period are publicly available. Table 6 shows the public deliverables that have been produced cumulative from the start of the project. This also includes deliverables that have been updated and are of use for the next review round. The information is also included in the OPENCOSS project website: http://www.opencoss-project.eu/node/7.
Table 6: Public Deliverables
Deliverable ID Public or
Restricted Downloads Name
WP1: Use Case Specification and Benchmark
D1.1 public
Report
Annex A
Annex B
Annex C
Annex D
Constraints of the certification process
D1.2 public
Report Use Cases:
Automotive (summary)
Avionics
Railways (summary)
Use cases description and business impact (report)
D1.3 public Report
Evaluation framework and quality metrics (report)
D1.4 members Implementation of use cases on top of OPENCOSS platform (report + prototype)
D1.5 public Coming soon OPENCOSS Benchmarking (report)
WP2: Requirements and Architecture Design
D2.1 public Report
Business cases and user needs
D2.2 public Report
High-level requirements (report)
D2.3 public Report
OPENCOSS platform architecture (report)
D2.4 public Report
Detailed specification of usage scenarios (report)
WP3: Platform Integration and Validation
D3.1 members Analysis of safety certification data of industrial use cases (report)
D3.2 public Report
Integration requirements and test plan (report)
D3.3 public Coming soon Integrated OPENCOSS platform (prototype)
D3.4 public Coming soon Test results and recommendations (report)
WP4: Common Certification Language
D4.1 public Report
Baseline for the common certification language
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 30/74
Deliverable ID Public or
Restricted Downloads Name
D4.2 public Report
Detailed requirements for the common certification language (report)
D4.3 members Common Certification Language: Conceptual Domain Model (report)
D4.4 public Report
Common Certification Language: Implementation (report)
D4.5 public Report
Intermediate Editor of the Common Certification Language (prototype)
D4.6 public Report
Editor of the Common Certification Language (prototype)
D4.7 public Report
Common Certification Language: Methodological Guide (report)
WP5: Compositional Certification
D5.1 public Report
Baseline for the compositional certification approach
D5.2 public Report
Detailed requirements for the OPENCOSS compositional certification approach (report)
D5.3 public Report
Compositional certification conceptual framework (report)
D5.4 members Intermediate Tool support for compositional certification (prototype)
D5.5 public Report
Tool support for compositional certification (prototype)
D5.6 public Report
Compositional Certification Framework: Methodological Guide (report)
WP6: Evolutionary Evidential Chain
D6.1 public Report
Baseline for the evidence management needs of the OPENCOSS platform
D6.2 public Report
Detailed requirements for evidence management of the OPENCOSS platform (report)
D6.3 public Report
Specification of the evidence management service infrastructure (report)
D6.4 public Report
Specification of adapters to development and safety assurance tools (report)
D6.5 members Intermediate implementation of the evidence management service infrastructure (prototype)
D6.6 public Report
Implementation of the evidence management service infrastructure (prototype)
D6.7 public Report
Evidence management service infrastructure: Methodological Guide (report)
WP7: Transparent Certification and Compliance-Aware Process
D7.1 public Report
Baseline for the process-specific needs of the OPENCOSS platform
D7.2 public Report
Detailed requirements for the process-specific needs of the OPENCOSS platform (report)
D7.3 public Report
Specification of the compliance-aware service infrastructure (report)
D7.4 public Report
Specification of the transparent certification service infrastructure (report)
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 31/74
Deliverable ID Public or
Restricted Downloads Name
D7.5 public Report
Implementation of the process-specific service infrastructure (prototype)
D7.6 public Report
Process-specific service infrastructure: Methodological Guide (report)
WP8: Standardization and Community Building
D8.1 members Plan for community building, Advisory Board coordination and standardization (report)
D8.2 public Report
Plan for the adoption outreach program (report)
D8.3 public Coming soon Report on adoption of OPENCOSS conceptual and technological platform (report)
D8.4 public Coming soon Report of OPENCOSS follow-up roadmap and standardization activities (report)
WP9: Exploitation, Dissemination, and Training
D9.1 public Report
OPENCOSS website and project collaboration platform (report + prototype)
D9.2 public D9.2A
D9.2B
Dissemination plan Training plan
D9.3 members Exploitation plan (report)
D9.4 public Report
First report of dissemination, training, and exploitation activities (report)
D9.5 public Report
Second report of dissemination, training, and exploitation activities (report)
D9.6 public This same document Final report of dissemination, training and exploitation activities (report)
2.3.8 EAB - External Advisory Board The EAB consists of relevant and influential professionals from the aerospace/avionics, railway, and automotive domains, also including persons from regulatory authorities in these domains. Its members are international experts from industry, regulatory organizations, standardization committees, and open source initiatives. The EAB is the key instrument for the OPENCOSS project for external guidance, discovering strong and weak points, for linking to other research initiatives, and to promote the exposure of OPENCOSS activities to industry. EAB members (see Table 7) have agreed to give OPENCOSS meaningful help on a regular basis in many different areas, including safety critical certification regulations, technological development, European policies, and outreach. EAB advises the OPENCOSS technical coordinator in its strategic technical decision-making process and the standardization & community building activities. It promotes the framework towards certification authorities and other important players in the certification domain. The first plenary EAB Workshop was held on 23 – 24 September 2013, one day before the SAFECOMP 2013 conference, in Toulouse, the second in September in Florence the day before the SAFECOMP 2014 conference. In both cases the project received important input from the EAB. Topics on the agenda were:
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 32/74
• Expectations from Industry (Automotive, Avionics, Railway). • Community building. • Level and nature of safety certification reuse (cross domain, cross country, artefact
classification). • Need for tool support.
More details on EAB relationships are given in the WP8 Report.
Table 7: Persons and Companies included in the EAB
Company Contact Point Role
EADS/Eurocopter, France Ronald Blanrue & Louis Fabre Helicopter Manufacturer
ERA, Europe Christopher Carr Railway Regulatory Agency
Eclipse, Europe Ralph Muller Open Source Ecosystem
EADS/IW, UK & Germany Andreas Keis Aerospace Manufacturer
Flanders Drive, Belgium Bert Dexter Consulting on Automotive Dom.
SafeTrans (Germany) Jurgen Niehaus Cluster on Safety Critical S. Transport
CAF, Spain Eluska Sukia, Head of Signaling
Railway manufacturer
NASA (US) Michael Holloway Aviation Regulatory Agency
Verocel (US) George Romanski Aviation Regulatory Agency
AIST (Japan) Kenji Taguchi Research
BAE Systems Janne Fenn Avionics manufacturer
Airbus, France Herve Delseny Aviation Manuf.
Thalès Railway (Austria) Christoph Scherrer Railway manufacturer
TÜV Rheinland, Germany Jens Wolff Assessment & Certification (Railway)
Deutsche Bahn (DB-Netz) Klaus-Rüdiger Hase Railway Operator & Infrastructure Manager
RFI Attilio Ciancabilla Railway Infrastructure Manager
Ricardo-UK Antonio Priore multi-industry consultancy for engineering, technology, project innovation and strategy
Volvo Cecilia Ekelin Car manufacturer
Renault Javier Ibanez-Guzman Car manufacturer
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 33/74
3 Training Actions Report
3.1 Introduction The main objective of the training activities is to ease the adoption of the OPENCOSS results in standardization bodies, academic, and industrial communities (we call this external training). A secondary objective of training activities is to provide a common knowledge base for internal communication and stimulate the OPENCOSS consortium through the mutual exchange of knowledge experience and working methods (we call this internal training). It is obvious that the internal training should precede the external in most cases. The internal training activities have been performed during the first year of the project. Now that the partners have the same knowledge level on a given subject, they can jointly set up external dissemination, training, and exploitation. In order to achieve both training objectives, two different activities are performed:
• Internal training - to support knowledge exchange within the project (described in Section 3.3) • External training - to support adoption of OPENCOSS results (described in Section 3.4)
Internal and external trainings use various types of electronic documents, such as presentations, tutorials and videos. OPENCOSS is centred on “openness”, for example, open-platform, open-source and open-documentation. To pursue the OPENCOSS strategy towards the “openness”, the training material should be accessible to other communities where possible. In the last period also a video has been prepared to present in a systematic, attractive, complete and consistent way the project results across industries.
3.2 Training Target Groups and Material The following groups, within the consortium, the EU, and worldwide, represent specific targets for training activities:
• Project partners • Industrial community • Prime contractors, OEM • Suppliers • Tool Vendors • Consultancy/Training providers • Scientific community, including students • Academic Institutions, including students • Standardization Bodies and Organizations • Agencies (e.g. ESA, ERA, etc.)
Many different training materials are required to support the OPENCOSS training. The identified training material is listed below:
• Training Presentation • Video • Training Leaflet
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 34/74
• Teacher Profile • Training Satisfaction Survey (one per participant). OPENCOSS Deliverable D9.2B provides details. • Training Participants List • Training Announcement • Training Plan • Training Calendar • Training Reports
3.3 Internal Training Internal training culminated and was completed in June 2014, in York. It was a full week- full immersion training dedicated on the OPENCOSS platform involving most partners. About 20 people attended. It included also a number of hands-on exercises. A unique co-located opportunity for deep discussions and clarifications. This training follows other internal training events in the previous years (cumulative):
• Goal Structuring Notation (University of York) • Model Based Engineering Design (Atego) • DO-178B/C and DO-254 Workshop (Atego) • ISO 26262 Workshop (INTECS) • CENELEC 5012x (RINA and Atego)
3.4 External Training The following target groups have been identified for the external training.
• Industrial organisations including safety critical component suppliers, integrator of safety critical platforms, consultancy providers, assessor companies and standardization and regulation bodies.
• Scientific and Research Community. Different external training modules are availble for each of these target groups.
3.4.1 Industrial Training
Objective
The objective of the training is to present the OPENCOSS concepts, explicitly showing which concepts are fulfilling the previously identified expectations. Technology details shall not be addressed. Rather, focus shall be put on the possibility to demonstrate through prototypes the operational aspects.
What has been done
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 35/74
A video has been chosen to assure a presentation that is systematic, repeatable, attractive, complete and consistent. The following OPENCOSS concepts are presented:
• Reference assurance framework • Evidences and arguments • Composition • Process definition and execution
A strong emphasis is devoted to illustrating these concepts by using real industrial examples to show how: • How an industry standard (such as DO178) or company generic process can be captured. • How a specific project process can be derived and monitored during execution. • What evidences OPENCOSS can handle and how to capture them. • How arguments can be formalized and captured. • How mappings can been identified between project artefacts and standards to justify project
compliance. • How existing assets can be reused from previous projects to optimize compliance demonstration.
To demonstrate the operational aspects of OPENCOSS the following OPENCOSS tools are presented: • Standards, process and mapping editors • Evidence characterization and traceability editor • Argumentation editor
3.4.2 Academic Training
Objective The objective of the training is to promote theoretical concepts formalized through meta-models and related open source tooling to allow scientific community to work with underlying concepts and prototype theoretical extensions.
What has been done The following OPENCOSS concepts are presented:
• Reference assurance framework meta-model • Evidences and arguments meta-models • Manageable assurance asset and project meta-models • Vocabulary, artefact and mapping meta-model
A strong emphasis shall be devoted to the theoretical consistency of the meta-models between them and how they cope with the compliance issues using flexible mappings. Platform access through editors will be demonstrated in order to allow scientific community to operate the platform and possibly extend it towards formal checks or any relevant research-related topic. Of course each university will tailor the training material and we should not expect the same level of standardization (video)a s we have for industrial training. The following initiatives occurred in the period.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 36/74
• Technical University of Eindhoven (in cooperation with TNO) gave OPENOCSS lessons by repeating in 2014 similar lessons given in 2013. The OPENCOSS is becoming integral part of its syllabus.
• Mälardalens University (Sweden) accepted to use OPENCOSS as part of their new Safety Syllabus.
• University of Florence (Italy) accepted to use OPENCOSS as input for their safety courses. • University of York committed to use OPENCOSS as part of its syllabus targeting their
industrial students (seminars, workshops, etc.) • Contacts with other academic organizations are still in progress.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 37/74
4 Exploitation Actions Report One the one hand, exploitation is mainly in charge of each individual partner that should take the maximum advantage of project results from its specific role played in the safety eco-system (tool vendor, user, academic, consultant, etc.). On the other hand, exploitation of individual partner could be more effective, synergetic and fast where some “general/common” strategy is defined at consortium level. Thai is way the consortium has agreed on specific actions as specified in the Exploitation Plan (D9.3)
4.1 Growing reputation of OPENCOSS During this period OPENCOSS has consolidated a suitable background for exploitation, by achieving a more influential position in the safety experts’ domain. In fact the OPENCOSS influence has grown, as measured by a number of indicators:
• Growth in the number of experts that have shown interest in the OPENCOSS results, either via LinkedIn or by subscribing to the RSS feed of the OPENCOSS website.
• Significant growth of the EAB, and their confirmed commitment and interest as shown during the last safety conference in Toulouse (http://conf.laas.fr/SAFECOMP2014).
• The influential position in relevant interest groups that some partners have gained.
• The dedicated, special issue of IEEE Software Magazine
• A dedicated book from Springer (with the collection of the best papers)
• 4 Workshops organized by OPENCOSS (SASSUR in Magdeburg, Toulouse, Florence and ICSR in Pisa)
OPENCOSS has also prepared a suitable background for exploitation via external dissemination and training activities. The OPENCOSS Consortium has developed unique cross-domain best practice on the safety of E/E/PE - Electrical, Electronic, and Programmable Electronic systems.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 38/74
4.2 Consortium-level Activities During this last period, the most relevant, long term and strategic consortium exploitation action has been to formally join the Topcased/Polarsys initiative (that, in turn is part, of the Eclipse initiative). Polarsys, originally funded by the French government mainly in support of its aerospace industry, is now a full European (and international) open source initiative driven (and funded) by large customers such as Airbus, Thales, Ericsson, Continental, etc.
Polarsys consists of an open source platform and a set of tools supporting system/software engineering for critical projects covering aerospace (Airbus, Thales, etc.), but also telecom (Ericsson), automotive (Continental) and likely soon also railway (see the confluence of the OpenETCS initiative, led by Deutsche Baan). After a joint event and stand organized in Toulouse at ERTS 2014, Polarsys was glad to accept the OPENCOSS tools integration as they consist of a unique new breed of tools (and methods) in support of safety certification, thus adding value to the entire platform. This alliance with Polarsys is a strategic exploitation action, at the project level, that should provide a foundation and context for the individual partners exploitation activities. It will also secure the OPENCOSS long term impact and visibility and may be the basis for further R&D activities. In addition, the OPENCOSS project has actively contributed to the definition of a safety case standard from OMG (Object Management Group) called SACM - Structured Assurance Case Metamodel. The standard can be freely downloaded from http://www.omg.org/spec/SACM/1.0/ This standard provides and industrial long term foundation to represent assurance cases. Individual partners exploitations are detailed in a dedicated chapter. Collaboration has been pursued with the OpenETCS initiative (http://openetcs.org). Focussed on the railway domain, OpenETCS is member of the OPENCOSS Exploitation Advisory Board. OpenETCS has been invited at the ERTS 2014 event.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 39/74
4.3 Partners Exploitation Apart from the shared contribution to the general consortium-wide activities, below is a summary of partners’ own exploitations.
4.4 AdaCore Participant Exploitation Strategy ADA AdaCore intends to be active on the toolset from the OPENCOSS Platform integrated into
Polarsys. Such toolset will be aimed at current and future AdaCore customers following standards such as DO-178, ECSS-ST-E40 and ISO-26262. The toolset will be proposed following the usual AdaCore business model for commercial open-source software. In this context, AdaCore aims at cooperating with project partners to consolidate a technological ecosystem around the OPENCOSS technology.
AdaCore intends to extend and adapt the notions developed in the CCL to its own internal product managing evidences and traceability, the Qualifying Machine. 4.4.1 Company profile AdaCore provides Open Source tools and expertise for developers building mission-critical, safety-critical, and security-critical software. The company’s flagship products are the GNAT Pro and SPARK Pro development environments and the CodePeer automatic code reviewer and validator. AdaCore development and verification tools are targeted to applications with high reliability and maintainability requirements. The core language supported to back up such development is the Ada language that has been specifically designed to answer these particular needs. AdaCore is at the forefront of the Ada language evolution by actively participating in the definition of the new language versions and by supporting the latest revision Ada 2012 in its toolset. AdaCore’s customers include major actors in the domains of commercial aircraft avionics, military systems, air traffic management/control, railroad systems, medical devices, and financial services. 4.4.2 OPENCOSS exploitation plans As an initial step, the use of some of the OPENCOSS results will be only internal, as a mean to lower the costs of our qualification/certification efforts. If the tooling infrastructure proves useful for other institutions, AdaCore will in a second step release it as a product. 4.4.3 OPENCOSS related risks As of now, the OPENCOSS tool itself is not really fit for AdaCore's internal tool certification efforts. Only the concept of CCL can really be re-used. The risk is that we need adaptation of the language, then would dismiss the initial goal of standardizing it.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 40/74
4.5 Alstom Participant Exploitation Strategy ALS The results of OPENCOSS will be integrated in the development environment which already
includes results of several research projects (including EU project VERDE) and also in Polarsys. The OPENCOSS platform fully complements the Alstom environment by addressing the link between industrial development and certification bodies.
4.5.1 Company profile ALSTOM is a global specialist in energy and transport infrastructure. The company serves the energy market through its activities in the fields of power generation, power transmission and distribution, and the transport market through its activities in rail and marine. In the Railway Sector, ALSTOM Transport is a leading solutions provider to the rail industry world-wide, with 27 900 employees (16 000 in Europe) and annual net sales over 5 billion €. It offers a complete range of products and services from integrated transport systems, rolling stock of all types, through signaling and train control systems, to complete customer service packages. ALSTOM is the leader in high-speed rail systems. Alstom locomotives are in use throughout the world. In the urban and suburban mass transit sectors, they have supplied single- and double-deck electric multiple units and coaches, metros and light rail systems to many major cities around the world. ALSTOM is also a leading specialist in railway automation, signaling and control systems. 4.5.2 Business Idea/Product & Services The systems developed by Alstom Transport already reach a high safety level and fulfill the safe development standards for Railway (i.e., they are certified by Independent Safety Assessors and observe regulation by national authorities). Nowadays, competitiveness is provided not only by technical solutions but also by development process automation. With OPENCOSS, the main interest for Alstom is to improve the safety engineering environment used to deliver the demonstration of system safety. The challenge today is the ability of an organization to manage a large set of interconnected documentation. An evolutionary evidential chain will support Alstom to reduce this effort. Reusability and compositional certification will improve the certification process to deliver a higher level of safety with controlled costs. 4.5.3 Markets/Customers Results will improve the cooperation between solutions providers, ISA and authorities. The ability to present evidence with regard to any concern of an end-user (operators or ISA) is a mark of professionalism and quality and finally safety of a system. OPENCOSS partners represent the ideal eco-system by the involvement of ISA and safety bodies like ERA. The products (e.g. the signalling systems) developed by Alstom are commercialised worldwide and Alstom intends to benefit from and promote the results of OPENCOSS. 4.5.4 Competitors As previously introduced, process automation is now fully considered in the improvement of the competitiveness of the companies. Due to OPENCOSS, a new step will be possible in this direction. By its worldwide market, Alstom will benefit from such projects involving, directly or indirectly, the different actors of the business model.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 41/74
4.5.5 Identified exploitable results The results of OPENCOSS will be integrated in the development environment which already includes results of several research projects (Polarsys). OPENCOSS fully complements the Alstom environment by addressing the link between industrial development and certification bodies. 4.5.6 Commercial value OPENCOSS provides an environment that automates the delivery of evidence during the safety assessment phase. Generally it is considered that automation improves the confidence for a customer in the system that he plans to put into service. This point on automation is even more valuable for the development of large complex systems like driverless mass transit (e.g. the one in Riyadh, Saudi Arabia). The quality of the process is a topic Alstom is promoting during the discussions with customers. In this context, and taking advantage of the OPENCOSS eco-system, Alstom plans to highlight the project results and their implementation into the company development process. 4.5.7 Risk Analysis The main risk is that the solution proposed by OPENCOSS will be not accepted by all the stakeholders of the Railway certification process. The mitigation of this risk will be found in a progressive and incremental adoption.
4.6 Altreonic Participant Exploitation Strategy ALT - Integration with the existing GoedelWorks environment of Altreonic
- Certification support services - Training and seminars
4.6.1 Company profile Altreonic focuses on a formalised and unified systems engineering methodology with a focus on trustworthy embedded systems. This methodology is supported by two major tools. For project support the GoedelWorks portal based environment is provided. Based on a formalised meta-model it covers support for projects from early requirements capturing till defining the systems architecture and work plan. It allows an organisation to define their own process flow in addition to an optional ASIL functional safety engineering process that combines elements from IEC-61508, ISO-26262, ISO-13849, ISO-25119, ISO-15998, IEC-62061, CMMI and automotive SPICE. This process flow is mainly intended for the automotive market but can be used across other safety critical markets as well. For the software runtime environment a formally developed network-centric RTOS (OpenComRTOS Designer) is provided. GoedelWorks and OpenComRTOS are being linked to provide full traceability.
4.6.2 OPENCOSS exploitation strategy Altreonic aims to contribute to and use the results of OPENCOSS to strengthen its product offering in the domain of safety certification across the vertical domains of automotive, avionics and railway. 1. Integration with the existing GoedelWorks environment of Altreonic: Potential integration concerns: • Use of the OPENCOSS CCL language to specify certification related artefacts and specifications • Interfaces to OPENCOSS standardised tools and environments. 2. Certification support services
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 42/74
Use of the acquired knowledge to offer certification related support to customers. 3. Training and seminars Related to the certification processes and requirements.
4.6.3 OPENCOSS related risks An underlying assumption behind OPENCOSS is that a cross domain certification approach is possible. This is certainly true in the engineering sense but not necessarily so in the certification sense as these are related to historically grown standards (and practices) reflecting different approaches and maturity levels. Related to this risk is the uncertainty on the CCL concept whose semantics might not necessarily map well enough with GoedelWorks meta-model.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 43/74
4.7 Atego Participant Exploitation Strategy ATG Atego (now acquired by PTC) intends to industrially support the OPENCOSS results. In
addition, intends to extend the application and adoption of its Process management and MBE tools and services to new markets and users within its installed base.
4.7.1 Partner profile & Category Atego is the leading independent supplier of industrial-grade, collaborative development tools, services and runtime environments for engineering complex, high reliability, mission- and safety-critical architectures, systems, software and hardware. Atego delivers stable, robust and scalable tools, services and working environments to thousands of users across an extensive range of complex applications in demanding engineering sectors such as aerospace, automotive, avionics, defence, electronics, medical, telecommunications and transportation. Atego’s market leading products include; Aonix Perc– a real-time embedded Java virtual machine, Artisan Studio – a standards-based (OMG UML, SysML & UPDM) modelling tool suite, Atego Exerpt – an independent, Requirements data synchronization tool and Atego Process Director – a tool for authoring, measuring, managing & improving your organizations engineering and development processes. Founded in 2010 in a merger between Artisan Software Tools and Aonix, Atego is headquartered in San Diego, CA, USA and Cheltenham, UK with offices in France, Germany and Italy, and is supported by a global distributor network. Atego has focused on providing only standards-based capabilities for its customers. Atego is a long time member of the OMG, having been a part of the submission teams for UML, SysML and UPDM. In addition to serving on the board of directors of the OMG, Atego is an active participant in OMG’s MDA initiatives, is the co-chair of the OMG UPDM (Unified Profile for DoDAF and MODAF) and the co-chair of the OMG MARTE profile, In addition, Atego works closely with other industry organizations, including the INCOSE MBSE Focus Group and a number of European Union systems and software initiatives Atego has been acquired by the PTC Company in 2014, the integration being effective in 2015. PTC enables manufacturers to achieve sustained product and service advantage. PTC's technology solutions help customers transform the way they create, operate, and service products for a smart, connected world. Founded in 1985, PTC employs approximately 6,000 professionals serving more than 28,000 businesses in rapidly-evolving, globally-distributed manufacturing industries worldwide. Atego’s products enhance PTC portfolio for its application lifecycle management and product lifecycle management tool suite and strengthens PTC’s commitment to supporting its customers’ systems engineering initiatives with powerful modeling capabilities.
4.7.2 Markets/Customers Atego promotes the OPENCOSS results in its own industrial networking, focusing on railway, automotive and avionic application domains. This action started since January 2011, by a talk, related to OPENCOSS project, in the workshop “Critical Systems: modeling solution”, in Paris.
4.7.3 Risk Analysis Atego identifies the following main risks: the maturity level of the OPENCOSS language and methodology; the scarce feedback from OPENCOSS end-user; the time it may take for OPENCOSS language to be approved by an external standardization body like the OMG. The mentioned risks can directly prevent further industrialization of results.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 44/74
4.8 INSPEARIT Participant Exploitation Staretgy inspearit inspearit aims to exploit the OPENCOSS results in two ways. First, in consulting with its
clients in all three target domains in the field of (software intensive) system quality. Second, in teaching programmes such as its master classes on (software) quality, architecture and IT risk management. Special attention goes to the small to medium suppliers to access the OPENCOSS technology and certification language.
4.8.1 Partner profile and category inspearit is an international IT consultancy and training company of about 170 people, with offices in France, The Netherlands, Italy and China. It has over twenty years of experience in product quality, process improvement, security and architecture. inspearit consultancy services focus on helping clients establish better processes in various IT-related fields, such as software and system development, IT management, requirements management, architecture, agile and lean development. inspearit audits and assesses processes and products regarding their quality and effectiveness. Moreover, consultants of inspearit work at clients in various roles, such as IT architect, requirements engineer, quality manager, and information manager. The educational services are delivered by inspearit academy. Currently, most of the training sessions take place in The Netherlands. The academy offers a variety of master classes in architecture, IT management, risk management and security, as well as two Master of Science programmes that lead to a Master of Science degree in IT management or IT architecture.
4.8.2 Business Idea/Products & Services inspearit plans to integrate the results from OPENCOSS in its existing portfolio of training programmes. For consultancy on safety and risk management the OPENCOSS platform will be a building block for new approach, following the demand from the market. To clients that have a need for more in-depth knowledge concerning safety and quality, inspearit will deliver ‘in-company’ programmes that deal with these subjects in greater detail, translating the (generic) results to the client’s practical situation and needs. M.Sc. students will be able to do further applied research that exploits the OPENCOSS results for the benefit of their employers and extends the knowledge base that is established within the project.
4.8.3 Markets/Customers inspearit consults with clients in all three target domains. Moreover, clients in related – but different – domains that also deal with safety critical systems may be interested in the experience and knowledge gained within the project as well. To reach potential clients, inspearit regularly organizes awareness sessions and other events to raise attention to new technology and trends that are important to certain domains or market segments. A more efficient certification method is an interesting topic for such a session.
4.8.4 Competitors inspearit’s competitors are other consulting firms that offer services in the same field and markets, and other (commercial) educators. Being part of the OPENCOSS community gives inspearit an advantage in both knowledge and experience regarding the efficient certification of safety-critical systems in the three target domains, and others such as healthcare systems and energy.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 45/74
4.8.5 Identified exploitable results The certification language is a result that can be applied directly in education on (safety) risk management. Furthermore, it is useful in auditing safety critical products and architectures for a variety of (industrial) clients. The same is true for a method to reuse safety arguments. This is especially interesting in the architecting of integrated systems and in the assessment, review or auditing of such architectures and their resulting products for inspearit clients, since integration of (sub)systems into an overarching system is getting more and more common.
4.8.6 Commercial value Working with partners, gaining experience and knowledge and having early access to the concepts of the project gives inspearit significant advantages over competitors that aim to reach similar results outside of the OPENCOSS community. The value of this knowledge and experience in inspearit educational programmes is obvious: it enables students to learn state-of-the-art methods and techniques that they can apply in their own working environments. In consultancy, it enables inspearit to help clients to deal with safety issues in a more efficient way while enhancing the (proven) safety of their products at the same time, which makes for an appealing consultancy offer.
4.8.7 Risk Analysis The identified risks lie mainly in the area of exploiting OPENCOSS results in consultancy. For incorporating the results in educational services, the risks are smaller: it is highly likely that interesting knowledge and experience is achieved in the OPENCOSS project that can be used in (existing) master classes. For in-company programmes, the main risk is a lack of possible time dedicated to a new approach of safety certification from clients . This may happen with performance achieved by a prototype version not yet optimized, with a rather poor support of concepts and vocabulary definition for complex matters and are not proven early in actual industrial environments. The same holds true for consultancy based on OPENCOSS outcomes. It might be quite difficult to convince potential clients of the value of such services if there are no real life success stories to point them to. Pragmatic case studies are vital to mitigate this risk.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 46/74
4.9 CRF Participant Exploitation Strategy CRF Special focus will be on how the safety aspects are implemented during the application of
the ISO26262 safety cycle in a use case for an electric vehicle. Experience from the work on the ISO 26262 as automotive reference standard will be applied to the project results: the aim is to implement the work flow of this reference standard within the OPENCOSS platform, making it available for improving the safety assessment of the products on the shelf, especially for electric vehicles and, in general, for new technologies.
4.9.1 Partner profile and category Centro Ricerche FIAT (CRF) was established in 1978 as the Group’s centre of expertise for innovation, research and development. Now an internationally recognized centre of excellence, CRF’s work constitutes a strategic lever for the Group’s businesses, enhancing performance through the development and transfer of innovative content which makes the Group’s products both competitive and distinctive. CRF draws on a broad array of technical skills, in addition to a series of state-of-the-art laboratories for testing power-train systems and electromagnetic compatibility, conducting NVH analyses and driving simulations, and developing materials and processes, optoelectronics and micro-technologies. Its status as a well-recognised European research centre together with its recognised expertise in systems and extensive presence throughout Italy have also led to its participation in many public-private partnerships set up to focus public and private research on areas of common interest such as industrial applications both at the national level and European level.
4.9.2 Business Idea/Products & Services In the automotive domain there is not certification procedure, but only a safety conformity assessment and the homologation procedure. There is not yet the interest to reach a certification stage, but a well structured safety conformity assessment could guarantee a quick and lean homologation procedure and the OEMs liability for their products, within the constraints of reducing the costs and the time to market. By this point of view the results of the projects could be used to make actual a well structured conformity procedure for the integration on vehicle of different safety critical components developed on the shelf, aiming to use similar components in different vehicles, reducing also the time and cost of the envisaged process. The application of a reliable safety conformity assessment could avoid the hazards on the vehicles, their possible recall for these and a more confident approach to the new cars by the customers. This approach now is derived from ISO 26262 standard and OPENCOSS could act as the way to implement it in an integrated and multi-domain platform.
4.9.3 Markets/Customers The market of the application is the automotive domain and its related components and vehicles. The customers are the drivers of the vehicles, using the cars and the devices installed on them, for which a well defined safety level must be guarantee, together with the technical characteristics and performances defined by law (homologation) and quality/marketing strategies and policies.
4.9.4 Competitors All the car makers have their own internal references, rules and use cases for the application of the functional safety criteria in products development, but now the standard ISO 26262 is the common reference for such development. By this point of view there is there is not a competition with respect to
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 47/74
the application of a common safety standard framework, but the completeness and the effectiveness of its results can lead to a potential added value, in function of the level of the safety goals reached in the products development, that can play a significant role in the overall automotive market competition.
4.9.5 Identified exploitable results The electric vehicle new technology is a field of application of the OPENCOSS framework results, where the traditional engineering bets practice has to be supported by a rigorous approach to the safety issues, due to the novelty of the components and their potential risk and increasing cost for their the application. The OPENCOSS results can help this effort, leading to a self awareness of the safety process and to a potential added value in particular to the components on the shelf, especially for electric vehicles and new technologies, for which the OEM liability is more critical, due to the lacking of previous stories and data on the market.
4.9.6 Commercial value The commercial value is consequent to the completeness and effectiveness of the application of the results to the envisaged products, mainly in relation to the reduction of their safety assessment costs, from the point of view of the production and of the customer acceptance.
4.9.7 Risk Analysis The risks, again as the commercial value, are consequent to the completeness and effectiveness of the application of the results to the envisaged products, in particular with respect to their acceptance by the customers. As a matter of fact, the ISO 26262 standard represents the state-of-art regarding the safety processes with the related methods and the safety requirements for the development, production, maintenance and decommissioning of systems installed in series production passenger cars. But, currently, this standard has been published only at the end of last year, therefore it is quite new and, at present, are not yet available: • Conformity Assessment schema, • Rules to select the assessor, • Structures of Conformity Assessment admitted by the different countries. The subjects of the first two points are still work in progress and the achievement of them should be consequent to the application, now started, of the standard by the OEMs. In this perspective OPENCOSS results could shorten the time for creating the conformity assessment schemas by the car makers and the rules and competencies related to the management of it. In relation to the subject of the third point, nevertheless, it is still difficult to achieve a result in the short term. A real structure for conformity/certification could be envisaged only in the medium/long term, considering also the necessary involvement of third external parties and of the public authorities in relation to the homologation procedures and the relationship to the laws and rules for each country. Anyway, OPENCOSS can contribute to the diffusion of the awareness of such kind of structure and open the way for the industrialization of it also in the automotive domain, with reference to ISO 262626 standard. The OPENCOSS results exploitation, moreover, could be the starting point for making effective the application of the ISO 26262 standard itself, in particular through the: • Incremental approach of certification applied to systems on the shelf • Structured application of the safety case These achievements could lead to a wide application of the standard, assuring a more well established relationship between new systems on vehicles and their acceptance by the customers.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 48/74
4.10 IKV
Participant Exploitation Plan
IKV ikv will work to transform OpenCoss results (mainly prototypes and demonstrators) to commercial software that extends the current medini analyze tool.
ikv will provide an integration between its functional safety product medini analyze and the OPENCOSS platform. This is part of the commercial software components mentioned above.
ikv will use the OPENCOSS results in its functional safety consultancy unit which will provide independent reviews and assessments to ikv’s customers.
ikv will also start an in-house dissemination/exploitation within its mother company KPIT Technologies GmBH, to apply OpenCoss results for internal projects that require safety certification/assessments (e.g. in the area of AUTOSAR or ADAS).
4.10.1 Partner profile and category
ikv++ technologies ag is a German technology corporation (SME) based in Berlin. ikv has more than 10 years experience in offering system analysis, design and development products and solutions to the embedded software market. ikv’s international team of highly skilled software architects, quality experts and experienced safety and reliability specialists supports our customers in these areas:
• Functional safety and reliability, • Configuration and change management, • Engineering process automation.
To fulfil its commitment of a high customer satisfaction and to increase its local presence ikv has build up a network of technology and sales partners in the key markets in Asia, Europe and The Americas. Moreover, ikv has strong partnerships with leading tool vendor companies such as IBM Rational and The Mathworks to provide well integrated solutions to its customers. ikv is since 2013 part of the KPIT family which offers worldwide presence on all relevant markets.
4.10.2 Business Idea/Products & Services
ikv addresses market needs by offering products, solutions and consultancy services. The table below gives an overview on ikv’s business fields, the purpose of each, and the expected value for the customer and the business model in each field.
business field
purpose customer value business model
medini products
products for common safety and quality analysis and design tasks in embedded and automotive domains
products enable customers to improve consistency, productivity and efficiency in development processes for embedded software
products are enablers for legally necessary successful process assessment by certification
• self-containing end-user tool boxes based on fee per license and maintenance fee model
• corporate licenses independent from the number of users within the licensed company
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 49/74
business field
purpose customer value business model
authorities and quality/safety audits • product customization, training and support services
medini solutions
ikv provides both process support concepts and integrated tool chains for customer specific analysis and design processes using its modular set of medini™ technology components
customers have the need to introduce end-to-end tool chains for their individual analysis, design and development processes
customers profit from high flexibility, extensibility and adaptability of their medini™ based development environments, customized to their individual processes and are not forced to purchase all their development tools from just one vendor in order to fulfil the need for end-to-end chains
• ikv’s implementation services to realize the solution are charged with actual person month rate
• ikv requires customers to sign a maintenance agreement for the solution itself and for the medini™ base technology components, maintenance contract volume depends on the number of solution installations
Consultancy and training
ikv provides consulting in the area of functional safety and reliability to its customers, mainly in the Automotive domain. The consulting includes process as well as engineering consulting, mostly related to the medini analyze product application.
Customers that have to apply ISO 26262 in their projects can order ikv services to improve or setup their appropriate processes, to install and operate a tool chain and to execute the functional safety related parts of their projects with the help of experienced ikv consultants.
• Hourly rates for consulting services
• Packaged prices for training courses
• Fix price offerings for typical packages related to functional safety (like gap analysis).
As of January 2015 ikv has the following licensable products in its medini products portfolio:
medini™ analyze
The integrated solution for the analysis of functional safety and reliability aspects according to standards such as IEC 61508, ISO 26262 and DO 178B
medini™ unite
The tool for change and configuration management support for model-based software engineering
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 50/74
4.10.3 Markets/Customers
ikv is active in the automotive, avionics, defence, railway and energy domains with more than 200 customers world wide. With its products and services ikv targets major OEM’s, leading suppliers and engineering service providers all over the world.
4.10.4 Competitors
For medini products, ikv’s main competitors are tool vendors that have tools with a similar profile in their portfolio.
medini™ analyze
There is a direct competitor company called EnCo. According to current customer evaluations, medini analyze is more mature and has more features than EnCo product. However, ikv has to strengthen its R&D activities to add new innovative functions to medini analyze to keep its leading market position in the future.
medini™ unite
There are a number of companies that have similar tools in their product portfolio. These include dSpace, The Mathworks, Ensoft and Expert Control.
For medini solutions and ikv’s consultancy services there are a number of competing companies like KMC, Berner&Mattner etc. ikv’s main selling argument is its tool box. Usually, medini solutions and other consultancy services are offered in conjunction with medini products, which makes the offer unique.
4.10.5 Identified exploitable results
ikv has continued the activities along the IKV-own part of the Exploitation Plan. With selected customers of ikv’s flagship product medini analyze (www.ikv.de/index.php/en/products/functional-safety), ikv has held workshops to discuss on the potential usage of OPENCOSS results, as extension of medini analyze itself. Such results are especially in the area of structured argumentation of safety case, safety case modelling in general, as well as composition of safety cases and exchange of data across the supply chain and with other tools used in the engineering and safety processes.
ikv will work further to transform OpenCoss results (mainly prototypes and demonstrators) to commercial software that extends the current medini analyze tool. It is possible to market these additional components individually, that means via own, component specific licenses, to customers. In that case, the existing license and price model of medini analyze will be extended by further licensable components. At the same time, services around the licenses will be offered, like tool introduction, trainings and consulting projects in the area of functional safety with the usage of tools.
Besides of the introduction of new licensable components, ikv introduces OpenCoss results into existing components of medini analyze to maintain and enhance its competitive advantages. One first exploitation step already happened with the introduction of a tool API that was based on OpenCoss investigations towards tool integration strategies. This API has been introduced in the version 3.0 (autumn 2014) of medini analyze as experimental feature, and ikv will work further to transform it to production status.
ikv plans for the time being to stick to the automotive domain, as here the most domain knowledge is available. However, OpenCoss results in the area of cross domain certification could contribute to explore
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 51/74
other domains as well. Frist targeted domains would be also in the area of transportation, e.g. aerospace, railway or commercial road vehicles.
Being part of the larger organization KPIT Technologies GmbH, ikv also exploits the OpenCoss results internally to the services branch of KPIT to enhance the capabilities in the area of functional safety consulting.
The OPENCOSS Framework itself will be open source and ikv may decide to offer commercial maintenance/customization services for it.
4.10.6 Commercial value
The commercial value will be obtained by the licenses fees for the components identified before and the fees obtained for services and consultancy that is offered together with these components.
The license price and expected revenues will be planned after the components are fully commercialized.
4.10.7 Risk Analysis
The following risks have been identified so far:
• Unavailability of pilot customers/success stories. The introduction of new tools or tool components based on a license fee in the automotive domain is a long lasting task. To be successful, success stories with major OEMs or leading suppliers are essential. If such companies could not be convinced, it might become hard to market the OPENCOSS components. This risk is mitigated by the early promotion of OPENCOSS results, the establishment of a community and the strong industrial partners in the consortium that can serve as pilot customers or promoting partners.
• Inadequacy of use cases. Use cases are very essential to demonstrate the business value of OPENCOSS approach and tools. That means the use cases must meet business demands and shall not be artificial. On the other hand, they should not be too advanced in order to be able to show results and success within the scope of the project. The strong industrial partners which are also end users for the OPENCOSS platform should prevent this risk.
• Inadequacy of the requirements. Requirements are derived form the identified business needs. Any failure in this process lead to wrong requirements or missing requirements. This should be avoided by strong reviews and iterative cycles as well as by collection of feedback from external (outside OPENCOSS) at early stages.
4.11 Intecs Participant Exploitation Strategy INT INTECS will profit of the OPENCOSS project results mainly to increase its competitiveness in
the area of safety training, consulting, coaching, and certification support. The benefit will mainly derive by the adoption of common conceptual framework and tool infrastructures to the many domains INTECS is operating (automotive, railway, avionics, space). INTECS aims at becoming the Italian centre of excellence for software safety. Process improvement coaching for SPICE and CMMI will be complemented by safety maturity based on common conceptual framework irrespective of the specific application
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 52/74
Participant Exploitation Strategy domain. INTECS will also support penetration of Polarsys within the Italian industry (e.g. Finmeccanica) acting as a service provider.
4.11.1 Partner profile and category INTECS, founded in 1974, is an Italian private Company at the forefront in the development of high-tech electronic systems for the Aerospace, Defence, Transportation and Telecom markets, where safety, reliability, innovation, and quality are key ingredients for success. INTECS designs, develops and verifies applications, tools and software components for complex electronic systems in cooperation with major European and Italian Industries, Organizations, Universities and Research Centres. INTECS’ capacity in the field of safety-critical developments and safety consultancy represents one of its main competitive assets. Intecs has considerable industrial experience in the development, verification and assessment of safety-critical systems, in particular in the railway, avionics and automotive domains of interest for OPENCOSS, and develops and markets both methodologies and toolsets, such as HRT-UML, to support the development of real-time, dependable and safety related software. Intecs has also certified assessors for safety-critical railway applications (mainly cooperating with Italcertifer and BureauVeritas). Intecs has a specialised Safety Engineering Team with a large experience in Safety and Functional Software and System Validation and Assessment, in the space, avionic, railways signalling, automotive, application domains, according to Customer’s applicable standards, such as ECSS, DO-178C, MIL-STD-498, CENELEC, MISRA, SPICE, Automotive SPICE (ISO 15504), EN 61508, ISO/DIS 26262. Therefore, Intecs belongs to the category of Consultancy organizations.
4.11.2 Business Idea/Products & Services The principal exploitation interests of Intecs is to use the OPENCOSS results to increase its competitive edge in its core domains: automotive, railway and aerospace, as well as to enter new domains where certification needs are increasing (e.g. medical devices, motorcycles). Equally, Intecs considers also the opportunity to bring OPENCOSS results onto the Space domain (for ESA). OPENCOSS enables INTECS to combine and exalt its cross-domain expertise in embedded systems development, safety certification, and consultancy. The Intecs main business idea matches with the OPENCOSS results: a cross-domain open methodology and an open source toolset (now integrated with Polarysy). For both it is advised an Intecs-own business opportunity. In fact, during the last years of Intecs consultancy work, for the interpretation of process requirements of a given safety standard, it happened that relevance was indeed given to other safety standards in similar domains, and actually recognized. It is not by chance that, for instance, safety-related requirements in ESA ECSS E-40C standard have re-used concepts of DO-178B. Now that a conceptual mapping is possible among those standards, as result of OPENCOSS, the consultancy work will result strengthened. Any specific subject or item might be related to others in different domains, with resulting less ambiguity. Equally, for the open source platform, where it is all too common to have each time the necessity of arranging a project-specific certification infrastructure with recurring costs for re-inventing the wheel rather than re-using something that could be factorized instead. In addition, Intecs is recognized as training Italian leader for the automotive (ISO 26262), railways (CEBELEC) and avionic standards (DO178B/C). The teaching capability will also result enhanced if concepts, requirements, and practices of a given domain might “leverage” on equivalent ones from other domains. Moreover, it must also be considered that Intecs has CMMI and SPICE process improvement models in its training and coaching portfolio. These standards are safety-neutral, safety been seen as any other non
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 53/74
functional requirement. However it is all too common to perform gap analyses and comparisons, in order to assess what is missing in a customer organization being compliant to a safety standard and/or an improvement process model, to achieve the other compliance. OPENCOSS, with its unified conceptual schema for the three safety domains, can help by letting cross assessments and gap analyses become more effective. Lastly, it’s worth noticing that INTECS is a member of several Standardisation Committees, including the Automotive Open System Architecture (AUTOSAR) and in particular the Safety WP, the E-40 Space Software WG of the European Cooperation for Space Standardisation (ECSS), and the SAVOIR-FAIRE On-Board Space Software Architecture and Interfaces WG established by the European Space Agency. INTECS is a permanent member of the Program Committee of the International Software and System Engineering Conference “DASIA”, organised annually by EUROSPACE. INTECS representatives are also members of the Italian Railway Engineer Committee (CIFI – Collegio degli Ingegneri Ferroviari Italiani) and this contributes to the evolution of CENELEC standards. Intecs will promote OPENCOSS results within said contexts, and this will serve as further element of promotion of own consultancy expertise, and of the Company in general.
4.11.3 Markets/Customers Identified markets are all those addressed by the respective domains, i.e. Automotive, Railways and Avionic. Intecs addresses both the top-level system integrators and OEM’s suppliers, in said domains, and the lower-level suppliers of equipment or devices. Each domain is in fact organized as a tree, with the consumer at the root, the prime organizations/system integrators/OEM’s suppliers immediately below, and then a large tree of equipment or device suppliers. Consumers are not part of Intecs business, but all the rest does. Intecs considers that especially the tree of OEM’s suppliers represents the most promising market segment for own consultancy support.
4.11.4 Competitors Due to the large spectrum of possible consultancy threads, it is not possible to provide a list of equivalent competitors. Although Intecs is leading in consultancy services, it can’t be said that is a unique company in Europe to span across so many different domains, with reference to names such as Inspearit, Kugler & Maag, Exida. In addition, competition might especially come from a number of free professionals and free lancers.
4.11.5 Identified exploitable results There is full match between OPENCOSS results and what Intecs judges exploitable. In fact the methodology, the conceptual mapping, the certification framework, and the open source certification infrastructure are themselves consultancy elements (i.e. sellable items), and also promotional elements, i.e. capable of exalting the expertise and authoritativeness of Intecs. • INTECS become founding member of Eclispe/Polarsys (the new name for the Topcased initiative) with
the purpose to propomte the OPENCOSS platform as part of Polarsys platform within the italiani industry communitay (mainly Finmeccanica).
• The partnership with IKV within the OPENCOSS and SAFECER projects have matured into a commercial partnership for the Medini Tools suite, generating already some sales with Magneti Marelli in 2014.
• The cross-domain “competence” of INTECS has convinced an important customer Sistemi Dinamici (owned by AgustaWetsland) to contract 3 INTECS railway safety engineer to become and act as avionic safety engineer. The contract awarded in 2014 has a volume of about 150K (about 100K in 2013).
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 54/74
• The cross-domain “competence” of INTECS was used to establish a partnership with ITALCERTIFER (Railway certification body) to propose an Automotive assessment to the customer Metasystem. Negotiations are still in progress. Estimated value is about 80K.
• The safety competence developed by INTECS during the 3 years project period was supporting a growing penetration into safety consultancies including Magneti Marelli, IVECO, Vimercati, FACEA, Metasystem, MTA, Bitron, etc.) for a total value estimated in 3 years as more than 400K.
• INTECS has been selected by Magneti Marelli in its strategic Software Quality Initiative launched in 2014.
• The OPENCOSS project positively influenced and was influenced by the other parallel projects SESAMO (Safety and Security Modelling) and SAFECER were INTECS was also involved.
• INTECS has strengthened its reputation as cross domain safety experts. • INTECS (and CRF) is participating to the Italian group for ISO 26262 for motorcycles and is influencing
the new standards with concepts and know how developed within OPENCOSS.
4.11.6 Commercial value The commercial value will be obtained by the services and consultancy effort that is offered. It is generally recognized that these services, being highly specialist, Europe-wide can range between 600 and 1200 EURO’s per day. A big challenge and opportunity is to act as sponsor of Polarsys (with OPENCOSS integrated) to the ialian Industry (e.g. Finmeccanica).
4.11.7 Risk Analysis The following represents the Intecs currently identified top risks related to OPENCOSS: 1. The three domains (avionics, automotive, railway) are very conservative and closed community and we
observe a resistance to accept cross-domain expertise and tools. 2. The OPENCOSS platform (integrated with Polarsys), though very attractive, may suffer of the fierce
opposition and competition of strong commercial suppliers of integrated platforms, mainly IBM Rational Team Concert and Polarion. At the same time there is at some level resistance to trust on open source solutions.
4.12 Parasoft Participant Exploitation Strategy PSF Certification is becoming a driver of increasing importance for Parasoft products sales with
regards to tools like Development Testing Platform and its engines for C++, Java and .NET. Although it is a company policy not to reveal numbers, one can notice that sheer number of competitors is a good market indicator. For C++test alone these are: LDRA, Polyspace, QAC, Coverity, Klocwork, VectorCast and Hitex – to name just few more important players. Market size for their tools is not big, probably around 100 mln USD, but expectations are that it would grow. Being a part of OPENCOSS can give Parasoft product valuable competitive advantage and improve our offer either: • Implementation services for the customers who want to embrace the framework together
with Parasoft product. • Leveraging OPENCOSS framework compatibility for marketing Parasoft products • Leveraging OPENCOSS framework compatibility for improving commercial products
capabilities. • Extending resulting framework with commercial products.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 55/74
4.12.1 Partner profile and category For 25 years, Parasoft has researched and developed software solutions that help organizations deliver defect-free software efficiently. By integrating end-to-end testing, dev/test environment management, and software development management, we reduce the time, effort, and cost of delivering secure, reliable, and compliant software. Parasoft provides a centralized, comprehensive solution to achieve functional safety goal recommended by ISO 26262&ASIL—including static code analysis, automated unit testing, coverage analysis, traceability, component and regression testing. Parasoft is recognized by software development professionals as the leader in software development lifecycle automation. Since 1987, over 10,000 companies—including 58% of the Fortune 500—have turned to Parasoft to ensure that quality software can be produced consistently and efficiently.
4.12.2 Business Idea/Products & Services Solutions Parasoft Solutions significantly increase development productivity while reducing the risks inherent in developing applications and overall cost of your business. • Parasoft Development Testing Platform engines address prevention and detection across the SDLC • Automation ingrains critical tasks—monitoring compliance to established policies • Application Lifecycle Management • Security + Reliability + Performance = Quality • Robust regression test suites set baseline for process and productivity
Products Parasoft Development Testing Platform (DTP) is a complete Software Development Management platform that ensures quality software can be produced consistently and efficiently—in any language. For ISO 26262 ,DO-178B, JSF, MISRA and other safety-critical software compliance guidelines—Parasoft DTP helps organizations reduce the time, effort, and cost of satisfying the strict quality demands for safety-critical software development. Parasoft DTP seamlessly integrates project & task management into any development environment and toolset providing the comprehensive process visibility & control needed to effectively satisfy quality and compliance requirements. It is part of a broader ground-breaking technology suite that can include Parasoft Test's Automated Defect Prevention and end-to-end software verification & validation—as well as Parasoft Virtualize's dev/test environment management. Parasoft Virtualize's service virtualization provides comprehensive access to traditionally difficult or expensive to access development and test environments by eliminating the system constraints associated with today's heterogeneous component-based applications. Core Capabilities
• Static Analysis • Unit Testing • Code Review • Coverage Analysis • Software Development Management • Runtime Error Detection • Memory Error Detection • Web/RIA Functional Testing • SOA/Cloud Functional Testing • Load Testing • ManualTesting
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 56/74
• Service Virtualization Parasoft Quality Solution for Embedded is the industry's most comprehensive testing and quality management solution for embedded development. By integrating software development language tools, quality lifecycle management, and dev/test environment management, it helps teams to achieve greater productivity, software quality and standards compliance. Parasoft helps teams deliver better software faster. This integrated toolkit features:
• Static analysis - static code analysis, data flow static analysis, and metrics analysis • Peer code review process automation - preparation, notification, and tracking • Unit/component testing - test generation & execution on the host, simulator, or target • Code coverage analysis - supporting multiple levels of DO-178B • Runtime error detection - memory access errors, leaks, corruptions, and more
4.12.3 Markets/Customers
From start-ups to Fortune 500 companies, Parasoft has more than 10,000 customers worldwide among which there are well known companies from automotive, avionics, railway and medical industries. Major customers include Bank of America, Boeing, Cisco, HP, IBM, Toyota, Lockheed Martin, Mitsubishi, Daimler, ThyssenKrupp, HELLA, Magneti Marelli , General Dynamics, AVL and more. Parasoft services 58% of the Fortune 500.
Certification is becoming a driver of increasing importance for Parasoft products sales. Products like Development Testing Platform and its engines for C++, Java and .NET are the key Parasoft products for this market. Although it is a company policy not to reveal numbers, one can notice that sheer number of competitors is a good market indicator. Market size for their tools is not big, probably around 100 mln USD, but expectations are that it would grow.
4.12.4 Competitors For Parasoft DTP C++test engine: LDRA, Polyspace, QAC, Coverity, Klocwork, VectorCast and Hitex – to name just few more important players.
For Parasoft DTP dotTEST engine: Coverity, Microsoft Visual Studio Ultimate, JetBrains ReSharper For Parasoft DTP server there are several products however none of them covers the same areas of Application Lifecycle Management functionality. Examples: Rational Team Concert, HP ALM, VersionOne, OnTime, Rally, MKS Integrity.
4.12.5 Identified exploitable results OPENCOSS platform should lower the entry barrier for 3rd party tool vendors (like Parasoft) to reach the end-user, creating new business opportunities - the platform will generate demand for specialized 3rd party tools required to feed the evidence chain, manage safety processes etc. They can be code analysers, test execution engines, requirements management tools, version control systems, interfaces between the OPENCOSS and other 3rd party tools etc. OPENCOSS framework will allow tool vendors to focus on providing added-value within their area of expertise, while preserving the tool's "adoption level". Being a part of OPENCOSS can give Parasoft products valuable competitive advantage and improve our offer with:
• Implementation services for the customers who want to embrace the framework together with Parasoft product.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 57/74
• Using analysis and test results from Parasoft products as an evidence data in OPENCOSS tool platform
• Leveraging OPENCOSS framework compatibility for improving commercial products capabilities. • Extending resulting framework with commercial products.
Additionally some of past releases of Parasoft products were subject of certification or audit. Compliance Estimation report of OPENCOSS platform can be used in future internally in Parasoft in order to facilitate standards enforcement preparing for certification or audit process.
4.12.6 Commercial value Commercial value will be the license fees obtained by:
• Parasoft commercial tools • Consultancy services regarding OPENCOSS and Parasoft tools integration
4.12.7 Risk Analysis The main assumption for OPENCOSS exploitation by 3rd party commercial tool vendors is that OPENCOSS becomes recognized and widely accepted platform for safety-related development.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 58/74
4.13 RINA Participant Exploitation Strategy RIN RINA will apply the Assessment Strategy and Process, taking advantage of reusability of work
and possible synergies in many certification sectors in the scope of its own activity. RINA will propose this Assessment Strategy and Process to providers of components liable to be used in different business sectors.
4.13.1 Partner profile and category RINA Services is one of the oldest classification and certification body in the world. It is part of the RINA Group. Established in Genoa in 1861, now it has over 163 exclusive offices in 57 countries with approximately 2500 staff and 1400 exclusive personnel for RINA Group, and 1500 of which for RINA Services. RINA Services is notified by the Italian Ministry of Infrastructures and Transport as a Notified Body both in the high-speed rail sector and in the conventional rail sector (according to Directive 2008/57/EC), for the following subsystems: Infrastructure, Energy, Control-command and signalling, Operation, Rolling stock, Maintenance, Telematic applications for passenger and freight services. RINA Services is accredited by the Italian National Safety Authority as an Independent Safety Assessor. Consequently RINA Services can perform functional and safety assessments consisting of Project Examination, Laboratory and Field Tests according to national and international regulations. RINA Services is also accredited by the accreditation body ACCREDIA for certification of products according to UNI CEI EN-45011:1999.
4.13.2 Business Idea/Products & Services In the Railway and Mass Transit field, RINA relies on the competencies of experts for the main transport network subsystems and components (Rolling Stock and Vehicles, Signalling and Traffic Control, Telecommunications, Power Supply, Infrastructure) as well as for issues related to Operations, Safety and Maintenance. In particular, RINA Services can deliver various types of certificates and assessments, attesting compliance with the requirements laid down in the relevant regulations and contractual documents. For these purposes, RINA has a network of qualified laboratories through which tests on the different subsystems can be carried out. EC Verification as Notified Body EC Verification assessments consisting of Type Examination, Production Quality Management System and Full Quality Management System related to the relevant TSIs (Technical Specifications for Interoperability) requirements, following the provisions laid down in the Directive 2008/57/EC (interoperability of the high-speed and conventional rail systems within the European Community). Functional and safety assessments as Independent Safety Assessor Assessments consist of Project Examinations, Laboratory and Field Tests according to national and international regulations. Test for Control-command and signalling, such as ETCS constituents (Eurobalises, Encoders, etc.), Eurobalise programming and diagnostic tools, GSM - R networks and mobile terminals and test related to Rolling Stock: static and on track tests (dynamic behaviour, braking performances, harmonics). Inspection Technical and expediting support during construction of transportation systems, vehicles and railway equipment. Technical Workshop ERMTS specification, safety architectures, V&V processes and CENELEC Norms EN50126/EN50128/EN50129, assessment and functional tests procedures.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 59/74
4.13.3 Markets/Customers Acting as international Ship Classification and Industrial Certification Body since 1861, RINA provides professional services dedicated to: 1) railway and infrastructure managers 2) rolling stock and equipment suppliers 3) maintenance entities.
4.13.4 Competitors Due to the wide variety of professional services described in the previous section, it is not possible to provide a list of equivalent competitors; it is just possible to consider specific competitors in some of the different roles played by RINA Services, such as other Notified Bodies, other Independent Safety Assessors, specific competitors for testing specific ETCS components etc.
4.13.5 Identified exploitable results OPENCOSS project tackles several challenges in certification of safety-critical embedded systems, such as different levels of detail in the definition of certification requirements, lack of composable/system view for certification, high and non measured costs for (re)certification… Many of these challenges are strictly related to RINA Services business. In particular, RINA Services is notified by the Italian Ministry of Infrastructures and Transport as a Notified Body both in the high-speed rail sector and in the conventional rail sector (according to Directive 2008/57/EC) and is accredited by the Italian National Safety Authority as an Independent Safety Assessor. As a consequence, RINA Services can perform functional and safety assessments. The reference standards for these activities in the railway domain are CENELEC standards 50126, 50128 and 50129. The CENELEC 50126 provides Railway Authorities with a process enabling the implementation of a consistent approach to the management of reliability, availability, maintainability and safety, CENELEC 50128 defines methods that need to be used in order to provide software which meets the demands for safety integrity, while CENELEC 50129 defines the requirements for the acceptance and approval of safety-related electronic systems in the railway signalling field. In the light of this brief and not exhaustive description of these CENELEC standards, it becomes evident the necessity for RINA Services to have a tool for the management of certification information and the standardization of the safety assessment process. Moreover OPENCOSS should be considered as a reference guideline for the automatic/semi-automatic indication of the activities that need to be performed for the safety assessment process. In addition to this, OPENCOSS will be exploited by RINA Services to have certification evidence readily available and up-to-date; this fact is extremely important for the so-called “delta-certification” and for the consequent identification of the procedures/processes/tests that are necessary for the re-certification of a modified product as fit for service. What above is about expectations for immediate use of the OPENCOSS platform by RINA. Considering also opportunities, OPENCOSS could provide a relevant support for evidence based cross-acceptance. Delta-assessment is often requested, starting from a product assessed by another Independent Safety Assessor (ISA). In such cases, cross-acceptance of the achieved results is sometimes applied but there are neither legal rules nor a common certification language as a basis. Once OPENCOSS is ready, fabricants may/should prefer to provide safety evidence and have safety assessments performed under the OPENCOSS platform for having a more reusable safety certification. That should make OPENCOSS expert ISAs preferable to others. Cross-acceptance or delta-assessment may also become relevant between different domains. There have been examples of devices reused from other domains (e.g.: smoke sensors, telecom devices, etc.) and the presence of a common certification platform should increase the demand of inter-domain cross-acceptance. This should also give an advantage to OPENCOSS expert ISAs . Finally use cases will benchmark OPENCOSS platform and will offer railway certification bodies the opportunity to find references to be used for the definition of proposals for evolution of CENELEC
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 60/74
standards (to be aligned with the strategy of the European Railway Agency). It may also be noted that in the Railway domain there is an increasing interest in other possible safety management and assessment strategies and normative. OPENCOSS may be a good platform for assessing compliance and also for highlighting commonalities and differences between standards. It is valuable for RINA to be part of this process and it will be profitable to be in front of other ISAs if OPENCOSS will become a reference in this context.
4.13.6 Commercial value At present, the commercial value can be evaluated only on a qualitative basis. A reasonable expectation could be an increase of about 30% of the business. All three goals of OPENCOSS (see DoW: G1, G2 and G3) support increasing improvement of the business in terms of efficiency. In particular, G1 supports reduction of re-work and therefore increase of efficiency; G3 directly addresses innovation and upgrading, which increase directly reflects on safety assessment demand. The reduction of efficiency should reduce the safety management and assessment cost and support many potential customers in the voluntary area (where ISA is not mandatory but still appreciated and sometimes declined as too expensive) applying for ISA.
4.13.7 Risk analysis The following list describes the main risks related to OPENCOSS: • The functional requirements of the OPENCOSS platform can be insufficient to face the needs of the
stakeholders. • The approach to be defined in the project may turn out to be extremely time-consuming or too complex
for an industrial setting, thus implying a long set-up period. • The OPENCOSS platform could be difficult to integrate with the already available tools and practices used
within companies, thus forcing them to spend time to import their know-how within this new platform and reducing its probabilities to be adopted.
4.14 Simula Participant Exploitation Strategy
SIM Simula is a research partner with the goal of conducting high quality research that is driven by industry needs and to help ensure that the results penetrate industrial practice. As part of the project, Simula will recruit and train highly talented Postdoctoral Fellows and PhD Students. Simula will further consider commercializing the research results with particular emphasis on the maritime and energy domains through the creation of spin-offs.
4.14.1 Partner profile and category Simula is a Norwegian research institution based in Oslo. Its main objective is to create knowledge about fundamental scientific challenges that are of genuine value for society. Important research with long-term impact in the fields of networks and distributed systems, scientific computing and software engineering constitutes the basis of Simula. The strong focus on basic research is combined with both teaching of postgraduate students and development of commercial applications. Simula has been repeatedly ranked as one of the top research institutions in the world on systems and software engineering (e.g., by Journal of Systems and Software).
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 61/74
Within Simula’s Software Engineering Department, the Certus Centre on Software Verification and Verification (a large Centre of Excellence for Research-based Innovation in Norway) aims to reduce the costs and improve the effectiveness of the verification, validation and evolution of large-scale, complex software-based systems. Our approach is largely based on model-driven engineering principles. That is, the use of models of the system to drive activities such as requirements engineering, architecture analysis, automated testing, or safety analysis. In summary, Certus’ vision is “model-driven software verification made industry best practice”. OPENCOSS will help broaden the scientific mandate of Certus in the area of safety certification.
4.14.2 Business Idea/Products & Services Since Simula is a research institution, we will not directly commercialise OPENCOSS results. Nonetheless, Simula has a history of creating and sponsoring spin-off companies through its Innovation Department. In relation to this, Simula will consider commercializing the outcomes of OPENCOSS via spin-offs, with an emphasis on the maritime and energy sectors. These sectors are of particular importance in Norway.
4.14.3 Markets/Customers In addition to the explanation in the previous section, and given that Simula is a research institution, we will aim for publications at high quality journals such as IEEE Transactions on Software Engineering and Information and Software Technology, and premier conferences related to the topics in OPENCOSS such as the IEEE International Symposium on Software Reliability Engineering (ISSRE), IEEE International High Assurance Systems Engineering Symposium (HASE), The International Conference on Computer Safety, Reliability and Security (SAFECOMP), and the IEEE International Conference on Software Testing, Verification, and Validation (ICST). We expect to publish in international magazines with a large readership of practitioners, such as IEEE Software, as well. The publications resulting from OPENCOSS will contribute to enhancing Simula's strength and impact in applied research.
4.14.4 Competitors At this project stage, the only competitors for Simula we can think of are other institutions researching on safety certification. Some examples of such institutions and that do not participate in OPENCOSS are:
• University of Virginia (US) • University of Gdansk (Poland) • City University London (UK) • SINTEF (Norway) • Fondazione Bruno Kessler (Italy)
4.14.5 Identified exploitable results Simula is a research institution, thus we do not aim to directly exploit products based on OPENCOSS. Nonetheless, we plan to exploit knowledge-based assets:
• Inclusion of results of the project in courses at graduate and post-graduate university level • Preparation of courses for Simula’s industry partners based on our research in OPENCOSS • Research publications (as indicated above) • Development of at least a PhD thesis
4.14.6 Commercial value The only possible, real commercial value of OPENCOSS for Simula would be through the creation of a spin-off. At this moment, we cannot certainly know if that will happen.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 62/74
4.14.7 Risk Analysis For Simula, and in relation to the information provided in the previous sections of our exploitation plan, the following risks have been identified so far:
• Gap between OPENCOSS results and needs in the maritime and energy sectors We might have difficulties when trying to communicate or apply OPENCOSS results with Simula’s industry partners. They might arise because of the differences between the safety certification needs in the transport sector (addressed in OPENCOSS) and those in the maritime and energy sectors (to which most of Simula’s industry partners belong). In essence, it might be a challenge to deploy OPENCOSS results in different domains and sectors.
• Little research value of the work performed in OPENCOSS An aspect of OPENCOSS on which Simula will focus is the development of work that will not only impact and improve safety certification practice, but will also be highly valuable and novel from a research perspective. Otherwise, we might not be able to publish OPENCOSS results at the venues and in the journals we intend to, nor develop PhD thesis from them.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 63/74
4.15 Tecnalia Participant Exploitation Strategy TEC New business: Tecnalia will develop consultancy services for the exploitation of OPENCOSS
knowledge and results. Industry cooperation: participation in seminars/workgroups shall be a channel for a broad communication (LSIS, EADS workgroups, INCOSE, certification together) of OPENCOSS results as a mean for sharing experience and data.
4.15.1 Partner profile and category TECNALIA-ESI competencies are focused on embedded systems development processes and tools, model-driven design and reuse through software product-line approach, dynamic reconfiguration and interoperability, open systems interoperability and standards, COTS integration management and integrated quality, quality of service, certification of products and processes, built-in security, risk and vulnerability analysis and trustability models.
4.15.2 Business Idea/Products & Services The direct exploitation of the results of OPENCOSS are faced at two levels: an internal level to improve the internal organisation development facilities for model-based development of embedded systems, security and validation & verification, and external level to provide better solutions for our customers in terms of cost, innovation and excellence. TECNALIA-ESI’s work is closely related with the embedded system market, regarding the identification of current needs and the detection of future needs of this evolving and changeable sector. One of the main strong points is the fact that TECNALIA-ESI has a strong collaboration and cooperation network, which is formed by leading European companies. Moreover, the development of innovative products and services is another key point in the company policy. Product and service development emphasises the validation of the approaches by performing experimental trials that ensure its effectiveness. The result is a portfolio of packaged products and services such as consultancy packages, start-up services (short, focussed services, requiring a reduced effort and with practical, hands-on activities), collaborative R&D projects, classroom-based training courses, internet-based training courses, publications (state-of-the-art surveys, models, methods), etc. In this sense, the outcome of OPENCOSS will be presented and spread among all the sectors involved and directly related with TECNALIA-ESI. The results will also reinforce the capacity of TECNALIA-ESI in order to produce better solutions, since the outcome will probably be defined to be applied for several problems in this area. TECNALIA-ESI will also provide direct solutions for our clients, through the portfolio offer. More concretely, the OPENCOSS results are applied in the following ways to improve our business: • TECNALIA-ESI already runs a significant business in both Product and Process certification, supported by
the ESI@net and ESICenter networks is a world reference in Software Process Evaluation based on models such as CMMI, ISO15504-SPICE and ITmark in four continents. This business amounts to 20 M€ in 2010. The results of OPENCOSS will help our technology transfer activities in this domain by means of improved services and new products.
• Participation in seminars/workgroups shall be a channel for a broad communication (OMG, Artemisia workgroups, EICOSE, INCOSE, we are chair of the Spanish Prometeo platform for embedded systems) of OPENCOSS results as a mean for sharing experience and data.
• Use and adjust project results (methods and tools) to improve existing and new products from TECNALIA-ESI, in order to be capable for developing safety-critical systems. For instance, our tools described below will be supported on the proposed open-source evolutionary and modular certification framework, which will have more impact in industry and new domains and kind of systems addressed.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 64/74
• Opencoss platform will be delivered in Polarsys as a new project and Tecnalia will support to some extent its development and improvement.
4.15.3 Markets/Customers The targeted markets are the automotive, railway and avionics domains. These markets are characterized by the following specific trends related to OPENCOSS project objectives: • A cross-domain convergence of the industrial practice for pre-certified/qualified safety-critical systems
architectures, so as to share methods, tools and knowledge across different domains. • The inclusion of more and more advanced practices like model-based development, formal methods,
object-oriented design and simulation techniques. Such practices require a revision of the certification approach usually employed.
• The increase of a reuse-geared development and certification process as a major mean to decrease costs (WP4 & WP5). OPENCOSS supports this trend with its emphasis on modular certification; it also promotes the development of re-usable certifiable architectural components (RTOS, etc.).
• Automation (instead of off-shoring) of labour-intensive activities so as to allow more investment for high-added value features like energy efficiency.
• Need of assuring technology availability and support for the entire life cycle of a product, which can reach 50 years in the aerospace domain. OPENCOSS supports this trend promoting the use of pre-certified architectures. The alliance with Polarsys is key in this respect.
4.15.4 Competitors The analysis of competitors and product positioning (number, capabilities, market position; products characteristics and evolution trends; strengths/weaknesses) will be performed in the Task 9.3 work (OPENCOSS) and will be described in the release of the exploitation plan. It will also include marketing & sales strategy (structure of the product offer, pricing policy, definition of the sales process, development and targeting of sales messages, definition of specific targets and priorities for TECNALIA-ESI). Identified exploitable results TECNALIA plans to be supported on the OPENCOSS open-source infrastructure to get larger impact of their tools, methods and consulting services: • Methods and tools for model-based safety and timing analysis of embedded systems. This includes the
improvement of our tool GEMDE. GEMDE is a model-based workbench that provides methods and open tools to assist the correct-by-construction development of embedded systems by integrating validation and verification (V&V) techniques during early and implementation phases of the development lifecycle. The targeted kind of embedded systems are software-intensive systems with critical requirements of real-time response and dependability. OPENCOSS will allow us to expand its functionalities to target safety assessment.
• Methods and tools for safety-assurance and certification of embedded systems. The primary goal of this tool (PROSSURANCE) is to develop a set of methods and tools to certify the “conformance” of development activities/artefacts to standards (with special focus on safety standards such as IEC 61508, ISO 26262, or DO-178B) or to internal company rules, without worrying on the confidence of the evidence. These methods and tools aim at reducing certification and re-certification efforts and times.
• Process engineering tool support. Our tool Process Factory Studio support process specification (based on the standard SPEM), enactment and execution. It includes process-related measurement and metrics management. In OPENCOSS, we will connect this tool to the OPENCOSS infrastructure to enable connection with evidence repositories as well as with the safety assurance and certification support.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 65/74
4.15.5 Commercial value The main outcome of the OPENCOSS project will enhance the current safety-critical systems R&D by safety assurance and certification capabilities to our offering. The return is expected to be materialised as new co-operations and collaborations in order to apply and define new areas were the evolutionary and compositional certification approach as proposed in OPENCOSS can be adopted. It is expected to increase our consultancy services in 1 to 2. We expect to increase this number thanks to the results of OPENCOSS up to 2 consultancy services summing up to 50.000€. This represents an increase of 50% per year over 2010. This will enable TECNALIA-ESI to recover the investment on the Project in 2015 after the Project ends. The events, results and dissemination strategy proposed in the project definition, will provide an increment in the social and work networking of TECNALIA-ESI. This will provide an excellent value over the company research lines towards the definition of new services for new customers, enhancing the offer in model-based development of safety-critical systems, safety assurance and certification.
4.15.6 Risks Analysis • Too generic problems to be tackled as use cases in the project with few common points. The risk is that
the applicability of our methods and tools could be reduced or the effort to apply any technique for safety assurance would be too disperse.
• Immature or complex approach for modular certification. Modular certification is recognised as a demanding challenge, and the approach to be defined in the project may turn out to be immature or too complex for an industrial setting. A proper treatment of the capability and limitation of the techniques, in terms of modularity, must be performed. The OPENCOSS approach must show under what conditions, contexts and regulatory constraints the techniques can be applied, safely, i.e. they do not give misleading results.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 66/74
4.16 Thales Avionics Participant Exploitation Plan
TAV The results of OPENCOSS could be integrated in the development environment of THALES avionics. OPENCOSS fully complements the Thales avionics strategy by addressing the link between several industrial domains and the certification regulations, offering opportunities of reuse of certified products between industrial domains within Thales group.
4.16.1 Partner profile and category Thales Avionics is an entity of Thales Group, focused on civil avionics, military avionics, helicopter avionics and part of the Avionics Global Business Unit that also comprises In-Flight Entertainement, Electrical Systems, Training and Simulation and Microwave and Imaging subsystems. The Avionics Global Business Unit employs 11,000 persons. The involvement of Thales in all aspects of aerospace, air traffic management, satellite technology, defence and cyber security gives it the greatest possible insight to the critical factors faced by aircraft manufacturers, airlines, commercial and military operators, and their pilots and crews. Consequently Thales is uniquely positioned to bring together the latest robust technologies to design world-class smart avionics systems and equipment for all types of civilian and military platforms, backed up by a global services and support operation. Thales is an international powerhouse of talent and human endeavour, encompassing a rich variety of professional backgrounds and national cultures.
4.16.2 Business Idea/Products & Services World-class technology, the combined expertise of 61,000 employees and operations in 56 countries have made Thales a key player in keeping the public safe and secure, guarding vital infrastructure and protecting the national security interests of countries around the globe. Merging referential from several engineering domains such as transports, aerospace, civil and military into a single, comprehensive group referential is a key business activity. OPENCOSS study follows this idea to help in defining a common certification language between domains in which Thales acts.
4.16.3 Markets/Customers Security is a prerequisite for sustainable development, and all of our key markets – aerospace, space, ground transportation, security and defence – play a vital role in our societies and economies. Thales solutions are deployed in critical environments where safety and security are of the utmost importance. They need to be reliable, adaptable and resilient. Thales solutions help to address the major security issues of today and tomorrow, from cyber security to the growth in air traffic volumes, from urbanisation to environmental protection. The solutions – from the smallest component to the most complex systems – are deployed in all environments (air, land, maritime, space, cyberspace) to meet the needs of both civil and military users.
4.16.4 Competitors Main competitors for the civil avionics branch of Thales are companies that also develop equipment for aircraft manufacturers and air companies. Defining products transverse to engineering domains gives opportunities for reducing product costs, pending approval of those products across the domains
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 67/74
regulations and standards. OPENCOSS offers the possibility to merge product compliance with cross-domain regulations and standards.
4.16.5 Identified exploitable results Communalizing industrial guidelines between Thales entities may prove to be a source of cost savings, increasing efficiency in developing items from one industrial domain to another. The OPENCOSS common certification language is an opportunity for improving the Thales global referential across the group entities.
4.16.6 Commercial value Using a common certification language saves time and workload when developing and reusing equipment and/or items from an industrial domain to another. The OPENCOSS results are used to motivate the improvement of the group referential in reaching common practices across domains. Lower costs for certification programs helps in attracting new customers.
4.16.7 Risk Analysis
• The OPENCOSS tools that implements the common certification language needs to be light and intuitive in order to be used in an effective way by members of certification departments in Thales entities. The current versions tested during the Opencoss study required several hours to create a new project artefacts compliance, without taking into account the hours spent to develop a model for aeronautics or railways standard.
• Recognition of the tool by authorities (i.e. airworthiness authorities for avionics domain) is needed to be selected as a referential tool in the Thales Group. Since model accuracy on one end and compliance set in the tool on second hand have to be proven with no error. Any error in model or project compliance might result in a catastrophic situation in the final product and support from authorities may be lost.
• Support for such a tool needs also to be a long-term one. Other tools to check the database content and potential corruption of project or models compliance may be needed to ensure that results given in the tool are exploitable by external auditors.
• Regarding internal Thales referential, the tool should be integrated in place of the multiple practices already in place in certification projects and quality activities that assess compliance of projects life cycle data with the applicable standards. The tool should incorporate many automated facilities that would ease certification teams in creating certification projects from already created in the current system. Guidelines and multiple certification standards should be available within the tool and be modifiable with regular updates without altering the already imported projects.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 68/74
4.17 Eindhoven University of Technology/LaQuSo
Software Engineering and Technology (SET) at Eindhoven University of Technology, Dept. of Mathematics and Computer Science
4.17.1 Partner profile and category Software Engineering and Technology (SET) is a research group within the Department of Mathematics and Computer Science of Eindhoven University of Technology. The overall objective of SET is to develop methods and tools for time- and cost-efficient evolution of high-quality software systems: from inception, through development and maintenance, to phase-out. SET recognizes the importance of both legacy systems and state-of-the-art development methodologies such as model-driven software development driven by formal models, domain-specific modeling and generic tooling, especially in the context of safety-critical systems and certification of these systems. SET does not limit its investigations to recent software development phenomena, but will also focus on a variety of other topics dealing with software migration, re-engineering and reuse. SET believes that it is of the utmost importance to integrate the daily software development practice with cutting-edge research and high-profile education. In collaboration with industrial and academic partners, SET has been able to foster a better understanding of the nature of software and software-related processes and continues to do so in the future. The research of SET is on software engineering in general, but with a strong focus on theory, methods and tools for demonstrating and maintaining consistency between models and code. SET has good external connections with research laboratories of the Netherlands Institute for Research on ICT (NIRICT), and the EIT KIC ICT Labs, European Institute for Innovation and Technology, Knowledge and Innovation Community on ICT. SET’s competences are focused on Software Model Design and Analysis, Code Mining and Analysis, and Software Product Certification. It has strong ties and extensive collaboration with the research groups within the department of Mathematics and Computer Science focusing on Process Mining and Visualization of Analysis Results. SET supports the strategic research goals of the Eindhoven University; strengthening its research in Strategic Areas around key societal issues: Energy, Health, and in particular, Smart Mobility. SET focuses on research of generic aspects of models and analysis of software systems. Software systems are ideally designed and implemented in such a way that they provide the desired functionality in a reliable manner. Today's systems, however, often have problems related to their quality, reliability, performance, and usability. Therefore, analysis and development techniques are needed to improve the quality of tomorrow's software systems. Data and process mining techniques can be used to analyse systems in their natural habitat. Moreover, visualization of models, code, and system behaviour can be used to identify problems and solutions. Given the importance of software systems in today's society, it is of the utmost importance to better support their analysis and development.
4.17.2 Business Idea/Products & Services OPENCOSS provides SET tangible (documentation, software) and intangible (experience, expertise) project results. SET will benefit by expanding knowledge on application of model driven software engineering, certification, the certification process, in embedded systems and within the domains targeted by OPENCOSS. Also by deepening the knowledge on system safety, system validation and verification, certification, and process mining in safety assessments, SET’s excellence is expanded. SET supports research and companies in their innovations and to achieve cutting edge technology. SET aims to improve its education, support innovations by its research, and demonstrate its research results in applications of innovations. The OPENCOSS platform as a reference system and architecture and an open source system will demonstrate a number of innovations of the OPENCOSS project.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 69/74
4.17.3 Markets/Customers The targeted markets include but are not limited to research and innovation in the automotive, railway, and avionics domains. The trends in these domains are related to OPENCOSS project research objectives: • Increased demand for reliable and safe reuse of components in model driven software development. • Increased demand for insight in software product quality, and safety properties specifically, in increasingly complex application landscapes. • Increased need for control over quality of (outsourced) software product development also by automating parts of the software development cycle. • Decrease time to market and using the enabling power of model driven software development for product innovation across domains.
4.17.4 Identified exploitable results In detail SET wants to improve and expand its research and innovation potential by: • Deepen its insights by adopting new theories and cooperation with new partners related to the OPENCOSS project. Especially in the area of safety assessments and certification we will utilize the gained expertise in projects with universities, industry, and government:
◦ It is expected that insights in the assessment of safety critical systems can be expanded to the information system domain, ◦ The insight will improve SET’s insights, methods, and techniques in model driven software engineering; • Develop and facilitate better lectures and training material for education, industry, and government on the subject of standardization and certification, like on standards as ISO 25000, ISO 26262, IEEE 1471, etc.; • New RTD/Innovation (co-operation-) projects based on the newly acquired expertise in the field of regional, national, and international (e.g. Horizon 2020, in particular, JTI ECSEL, and Eureka ITEA) programs. • Based on the OPENCOSS project results SET is now involved in various research projects of TNO where functional safety and platooning is being investigated.
4.17.5 Risk Analysis The risks that can be identified in the exploitation of the OPENCOSS results for SET in scientific publications:
• OPENCOSS’ results, innovations, and insights cannot be expanded to the domains outside the ones of OPENCOSS.
• OPENCOSS’ results, innovations, and insights cannot be expanded from the safety critical system domain to the information system domain.
• OPENCOSS’ results, innovations, and insights are specific to the partners of OPENCOSS and cannot be expanded to generic applications.
• OPENCOSS’ results, innovations, and insights must be confidentially treated and cannot be used for publication.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 70/74
4.18 University of York Participant Exploitation Strategy UOY UoY are a research partner within the consortium, and aim to produce
high quality research in close collaboration with industrial partners. This helps ensure practicality and relevance of the research. We also have a long-track record in training safety engineers through our MSc in Safety Critical Systems Engineering and associated Continuing Professional Development (CPD) activities (since 1995). This provides us with a means of disseminating best practice as it has emerged from the results of OPENCOSS. In addition, as we are members of various relevant standards committees (such as development of DO-178C , OMG SACM, and the GSN Community Standard) are able to ensure results of OPENCOSS will reach a wider audience.
4.18.1 Partner profile and category The University of York (UoY) is an independent corporation with charitable status established by the Charter of Incorporation granted by Her Majesty the Queen Elizabeth II in 1963. As well as being considered one of the top 100 universities worldwide, UoY is continuously ranked by league tables as one of the top British universities for both teaching and research. In 2012 UoY has joined Russell Group – an association of 20 leading research universities in the UK. Within UoY, OPENCOSS project is supported by High Integrity Systems Engineering (HISE) group of the Department of Computer Science. The group’s research interests span over a wide spectrum of issues and technologies in Safety Engineering and Assurance and, more broadly, engineering of complex software-intensive dependable systems. Research activities of the group are underpinned by a wide network of collaborators including industrial, governmental, regulatory and academic stakeholders from variety of domains (ranging from medical devices to information infrastructures and from various modes of [civil] transportation to military systems) and domiciles (including European Union, Canada, China, Brazil and the United States). The research of the HISE group is supplemented by a consultancy services and a comprehensive education and training portfolio including a Master of Science programs as well as a range of Continuous Professional Development (CPD) services provided predominantly to the industrial clients on a commercial basis. Finally, HISE group actively participates in a number of industrial standardization activities. Members of the group have directly contributed to standards such as ARP4754a, ARP4761a (ongoing), DO-178C, ISO26262, DO-297, OMG ARM and SACM, Def Stan 00-56, Def Stan 00-55, the and GSN Community Standard among others.
4.18.2 Products & Services As a public body, UoY objectives are not concerned with commercial provision of products and services but rather with fulfilment of the ‘public good’ objectives mandated by the Charter and concerned with the advancement and dissemination of knowledge. However, key activities of the HISE group can be divided into the following four broad categories.
• Research: HISE groups participates in a number of research initiatives funded by diverse sources including EU programs, UK Research Councils, various Governmental Agencies, Industry and Charitable organizations. Our activities provide full coverage of research ‘pipeline’ and maturity
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 71/74
levels from concept development and blue sky research to industrialization. Most of the HISE research is undertaken in collaboration with industrial stake holders and is of high industrial relevance.
• Consultancy: The above research activities are underpinned by occasional consultancy activities undertaken by members of the group. This allows the group to support industrial and governmental stakeholders in adoption and adaptation of concepts, techniques and technologies that have matured past the level of initial industrial adoption.
• Postgraduate education: HISE group staff support a dedicated MSc program in Safety Critical Systems Engineering. The programme has Certificate and Diploma ‘stepping off’ points and is delivered in both full-time and part-time mode. The MSc programme primarily attracts experienced practicing engineers who are sponsored by their employer throughout their study. The background of students is highly diverse in terms of their position and seniority within the organization, role of their employer in a supply chain and the primary industry/market of the employer.
• Continuous Professional Development: In addition to the academic courses above, HISE group offers a range of Continuous Professional Development (CPD) courses in various issues of System and Safety Engineering and Management. Group’s CPD clients span across all domains addressed by OPENCOSS project (among others) and include BAE Systems (UK, Australia and Saudi Arabia), Airbus Operations, Augusta Westland Helicopters, Rolls Royce, General Dynamics, Jaguar-Land Rover, Alcatel Lucent Shanghai Bell and SYNTELL.
As previously mentioned, the above activities are further supported by- and feed into- HISE group involvement in a number of standardization and professional bodies.
4.18.3 Markets/Customers HISE group research, training, education and consultancy activities are characterized by a high degree of industrial engagement and cover, among others, all three vertical domains directly addressed by OPENCOSS. Overall, group’s collaborations span across: • Wide range of ‘vertical’ markets: from medical devices and large-scale IT infrastructures to transportation (aviation, automotive, rail and maritime) and aerospace systems (military and civil). • Wide range of ‘horizontal’ markets / types of stakeholders: component manufacturers, systems and platform integrators, safety critical system operators as well as regulators, assessors and standardization bodies. • Wide range of geographical locations: from UK and Europe to North America, China and Brazil. Whilst the group’s research and training portfolio is reasonably well balanced, higher proportion of activities have taken place in the context of aviation/aerospace and military industries. Also, whilst HISE activities span across a wide range of system safety issues and technologies, a large proportion of the group’s research initiatives have focused on design-time engineering and management issues on the one hand and complex software-intensive systems on the other.
4.18.4 Competitors Given the diversity of the activities undertaken by HISE group and difficulty in characterization of those activities it is impossible to provide a credible list of UoY “competitors” relevant to the OPENCOSS scope. There are a number of research centers throughout the Europe and the World that undertake research in the area of System Safety Engineering. Similarly, a number of Higher Education and consultancy organization provide training, education and consultancy services. However, it is relatively unusual for HISE “competitors” to be active in both research and training arenas on the one hand whilst not being tied closely to a particular industrial domain (e.g. aerospace) on the other. Furthermore, strengths of many of such “competitors” are complementary to those of HISE group and often result in collaborative relations
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 72/74
rather than commercial competition per se.
4.18.5 Identified exploitable results Unlike industrial partners of OPENCOSS projects, the University of York is primarily interested in less ‘tangible’ results of the project – i.e. the advancement of knowledge and understanding of the issues surrounding systems assurance (e.g. the subject of compositional certification and safety case development.) In particular, and amongst other outcomes, UoY is planning to exploit: Refinement and extension of approaches for effective compositional, incremental and modular safety case development (including approaches for effective modularization of the safety cases and patterns of composable safety case architectures)
• Improved understanding of interrelationships between and management of risk, confidence and compliance aspects of safety cases.
• Common Certification Language that relates key concepts of safety engineering and assurance of various industrial domains, permits clear characterization of safety case evidence and provides uniform and structured framework for expressing key elements of the safety case (claims, assumptions/justifications, safety case contracts and module interfaces, evidence characterization, etc.)
• Industrial feedback from the pilot application of the above methodologies, concepts and techniques (including identification of research challenges that should be addressed in further research)
In the first instance the above will be used in publishing high quality research papers on the state-of-the-art in modular and incremental certification processes. In the longer term, the outcomes of OPENCOSS will be incorporated into UoY teaching material (where tools developed by OPENCOSS may also be used for demonstration and practical exercises) and will enrich and extend the foundations for future research within HISE group.
4.18.6 Commercial value UoY is a research partner within the consortium and, through participating in OPENCOSS, will be publishing high quality research papers on the state-of-the-art in modular and incremental certification processes. By working closely with industry we can ensure this is of both theoretical and practical value. We will aim for high quality publications in respected journals (such as Reliability Engineering & System Safety) and also attend known conferences in the field (such as SAFECOMP and Dependable Systems and Network). This will improve our academic standing in the community. We will continue to participate in relevant standards committees (e.g. the OMG work on the Structured Assurance Case Metamodel standard) and ensure the results of OPENCOSS will not only reach a wider audience, but will also be put into practice. Through teaching at workshops and on courses held at UoY, we can disseminate OPENCOSS results to students and industrial practitioners (via our continued professional development courses). Via our participation we can hope to attract new students to examine the state of the art. We are unable to put meaningful financial figures on these activities. Whilst they will improve and enhance our reputation, and hence improve our ability to attract further funding and students, the correlation between these events and figures is too inexact to be useful. For example, a future funding bid might be
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 73/74
successful based partially on reputation gained through our OPENCOSS participation but also due to other areas of research partaken at the university. We can only speculate on the amount received and percentage due to OPENCOSS.
4.18.7 Risk Analysis The key risk for UoY exploitation of OPENCOSS outcomes related to the risk of project not advancing the state of knowledge in the area of safety assurance. However, now that we approach the end of the project it is clear that this risk has not materialised. As discussed in Deliverable D8.4 there are a number of areas where the state of knowledge has been advanced by OPENCOSS – e.g. in the areas of representing and managing modular assurance cases, controlled natural language within assurance cases, standardising the modeling of assurance standards and assurance projects, and demonstrating what can be achieved by integrated tool support in these areas. Ongoing risks for the future exploitation of OPENCOSS outputs by the UoY relate to the ability to secure future research funding to continue to develop and mature the OPENCOSS approach. For example, whilst the ITEA programme provides an opportunity for such work, as a UK academic partner the UoY is not eligible for funding under this scheme. We are dependent on the call priorities and funding mechanisms of UK national and European research programmes to provide suitable opportunities for further exploiting OPENCOSS outputs. Given the infrastructural and fundamental nature of the OPENCOSS results (e.g. in providing a standardized modeling framework for assurance assets) whilst it may not always be possible to make the OPENCOSS results a primary focus of future bids, they will be exploitable as a background contribution in a variety of other research programmes where an assurance dimension is present.
Second Report of Dissemination, Training, and Exploitation Activities D9.5
FP7 project # 289011 74/74
5 Concluding Remarks Dissemination, training, and exploitation play a crucial role in creating awareness of OPENCOSS project results and their benefits, and for paving the way to faster and widespread adoption of the OPENCOSS results. This report of dissemination, training, and exploitation activities (for the period and cumulative for the entire project) shows a significant and successful effort, capable to create a “momentum” around the project that should be exploited both industrially and through other supporting R&D activities, such as covering other domains (e.g. nuclear, medical devices, industrial plants) and/or other “related” disciplines, such as security. The project has started in 2011 just in the middle of the worst economic recession Europe has ever experienced in the last decades. During the all project duration, recession gave no hope, and many partners have suffered of personnel reduction, hurting spending reviews, assignment to other tasks, etc. Despite that, commitment and enthusiasm of the team has never declined and even “continuity” of the initial team was assured (with really few exception) and has been impressive, thus creating a solid OPENCOSS “core” community around the partners themselves. Now, once the project is going to terminate, we observe, for the first time, slow but tangible signs of economic recovery. The automotive market, a good trend predictor, is showing a remarkable +10%, with dozen of new vehicle features impacting safety). Exploitation of OPENOCSS results now seems really at reach.
![Communication, Dissemination and Exploitation of results · [for monitoring D&E]… participants shall provide any information on their exploitation and dissemination related activities,](https://img.pdfslide.us/doc/110x75/5edc9468ad6a402d66674dcb/communication-dissemination-and-exploitation-of-results-for-monitoring-de.jpg)
