Is automotive open source scaremongering real, or just rising bollards?

A survey of the European automotive industry has revealed widespread use of free and open source software (FOSS) but pointed to gaps in the FOSS governance and software asset management processes across software supply chains.

Editorial NOTE: Analysing open source’s “potential vulnerabilities” appears to be something of a trend this year already with code quality, component quality, licensing and governance concerns all being used by application management vendors as a route to easy publicity.

So let’s read forward with care.

Study participants representing 50 percent of the EU automotive ecosystem including auto manufacturers (OEMs) were questioned.

Drivers for adoption of FOSS use include:

· Competitive differentiation

· Reduced development costs

· Increased customisation agility

· Avoidance of software vendor lock-in

The survey, conducted by management and technology consulting firm BearingPoint, a strategic advisor to the automotive industry, was “scientifically guided” by Dr. Dirk Riehle, head of the Open Source Institute and professor at the University of Erlangen/Nuremberg, and sponsored by Black Duck Software.

Although survey respondents indicated increasing reliance on FOSS (59 percent use FOSS in products, with an additional 35 percent evaluating FOSS use), an overwhelming majority had no structured way to ensure compliance and automated control of FOSS deployments.

While many have processes to govern traditional software development and manage requirements, (according to this survey at least) it appears that very few manage the deployment or selection of FOSS components with the same rigour.

Rising Bollards.pngAuto.png

Image: — Know Your Traffic Signs

“This study demonstrates that open source should be an important part of any software strategy in the automotive industry,” said Dr. Riehle. “By publishing the data, companies throughout the automotive ecosystem can learn from each other about the prevalence of open source use, and the need to properly manage open source compliance and governance.”

A summary of study results is available here.