Zephyr's Readiness for CRA

The Cyber Resilience Act (CRA) will be coming into effect in a few short years. The Zephyr project has been working towards making it easier for product makers to comply with the CRA over the last few years, and will continue to work with the community to refine these capabilities as more details become available.

From automatic "Build SBOM" generation to LTS vulnerability fixes, the project has some useful starting points already in place that will help product makers leveraging Zephyr in their solutions.

This talk will discuss what is available, and where some of the gaps will be for product makers to consider.

Go to Session

Architecting for Safe Embedded Systems that Integrate Open Source Components

Products are no longer created from monolithic code bases, they are composed of components that are integrated over time, and maintained by different entities, some of which are open source communities.  For a system to be dependable (maintainable, safe, secure, etc.) all the components need to be integrated together and tested as updates occur to demonstrate they still adhere to the necessary requirements. Effective system engineering depends on requirements being tested for the system as a whole and for the individual components. However, open source projects frequently don't have requirements expressed in a form that is consumable for this level of analysis.

This talk will discuss a proposed framework for a "system" bill of materials that will enable those components providing requirements to be integrated so that product lines can be managed, and open source components that are able to surface up their requirements can be integrated.

Go to Session

ML on the Edge: Tradeoffs and Requirements

Over the last few years, we're starting to see machine learning be more effectively deployed closer to where data is collected in embedded systems. These end point devices may be resource constrained though, either in terms of power, memory or communication capabilities - sometimes all three. Being able to apply machine learning on these end point devices is possible, and enables system-wide efficiencies to be realized. This talk will explore the requirements and tradeoffs for such systems to be considered when using the Zephyr RTOS and Tensorflow Lite for Embedded Microcontrollers projects.

Go to Session

Live Q&A - ML on the Edge: Tradeoffs and Requirements

Live Q&A with Kate Stewart for the talk titled ML on the Edge: Tradeoffs and Requirements

Go to Session

SBOMs: Essential for Embedded Systems too!

With the recent focus on improving Cybersecurity, the expectation that a Software Bill of Materials (SBOM) can be produced, is becoming the norm. Having a clear understanding of the software running on an embedded system, especially in safety critical applications, like medical devices, energy infrastructure, etc. has become essential. Regulatory authorities have recognized this and are starting to expect it as a condition for engagement. Safety critical certifications require this level of information already, it just needs to be shared in a standard format so others can do better risk management and vulnerability analysis, as well. This talk will provide an overview of the emerging regulatory landscape, as well as examples of how SBOMs are already being generated today for embedded systems by open source projects such as Zephyr, Yocto and others.

Go to Session

The State of the RTOS

An awesome discussion between RTOS experts on where are RTOS is today and where it's going into the future.

An opportunity to ask your questions about RTOS application design.

Go to Session

Zephyr: A Vendor Neutral Secure RTOS Option

5 years ago the Zephyr project was launched at Embedded World, with the vision to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe. Since then, many companies have collaborated together to create a vendor neutral solution to achieve these goals. The project has actively worked to adopt open source best practices, as well as best security practices. This talk will go into details about the practices Zephyr has adopted, and that other open source projects should consider, as we work to make the endpoints devices of the IoT ecosystem secure.

Go to Session

Live Q&A - Zephyr: A Vendor Neutral Secure RTOS Option

Live Q&A with Kate Stewart for the talk titled Zephyr: A Vendor Neutral Secure RTOS Option

Go to Session

POSTPONED - Live Q&A - Architecting for Safe Embedded Systems that Integrate Open Source Components

Live Q&A with Kate Stewart for the talk titled Architecting for Safe Embedded Systems that Integrate Open Source Components

Go to Session