Codethink Unlocks Open Source for Safety-Critical Systems

NUREMBERG, Germany – March 11, 2026 – In a move poised to reshape the development of safety-critical software, UK-based solutions provider Codethink has opened early access to a new mapping that links the open-source Eclipse Trustable Software Framework (TSF) with IEC 61508, the foundational international standard for functional safety. Announced at the Embedded World conference, the initiative aims to provide a transparent, evidence-based pathway for using open-source methodologies in systems where failure is not an option, such as in automotive, medical, and industrial applications.

This early access release invites organizations to review and collaborate on a framework that could significantly lower the barriers to entry for companies looking to leverage the flexibility and innovation of open-source software while meeting the stringent demands of safety certification.

Bridging the Chasm Between Open Source and Functional Safety

For years, a fundamental tension has existed between the collaborative, fast-paced world of open-source development and the meticulous, highly regulated domain of functional safety. While open-source components offer immense benefits in terms of cost, speed, and community support, their use in safety-critical systems has been fraught with challenges. Proving that a component built by a distributed community of volunteers meets the rigorous documentation, traceability, and verification requirements of standards like IEC 61508 has been a monumental task.

Codethink's new mapping directly confronts this challenge. It establishes a clear, auditable relationship between the engineering principles of the Eclipse Trustable Software Framework and the specific objectives laid out in IEC 61508. This standard is a cornerstone of safety engineering, forming the basis for many industry-specific regulations, including the well-known ISO 26262 standard for automotive systems. By creating this bridge, Codethink aims to translate everyday software development practices into a language that regulators and certification bodies can understand and trust.

The goal is to move beyond the traditional, often proprietary "black box" solutions for safety and embrace a more transparent model. “This preview release reflects our belief that trust in software must be engineered in the open," said Paul Sherwood, Codethink’s Chairman, in the company's announcement.

A New Architecture for Engineering Trust

At the heart of this initiative is the Eclipse Trustable Software Framework (TSF). Rather than being a specific tool or product, TSF is an open-source methodology for building and demonstrating trust in software based on verifiable evidence. It is designed to manage the risks inherent in complex software, particularly at the integration level where components from various sources—both open-source and proprietary—come together.

The framework is built upon six core tenets:
* Provenance: Knowing where every piece of code comes from.
* Construction: Ensuring the software is built in a reproducible and verifiable way.
* Changes: Meticulously tracking every modification to the system.
* Expectations: Clearly defining what the software is supposed to do.
* Results: Capturing the evidence that the software meets its expectations.
* Confidence: Aggregating all evidence to form a quantifiable level of trust.

This structure allows development teams to connect their standard practices, like version control with Git, automated testing, and code reviews, directly to high-level safety goals. The TSF systematically stores metadata about the project—including claims, evidence, and dependencies—within the software's own Git repository, creating a transparent and auditable graph of trust that evolves with the code itself.

Validating the Framework in the Real World

Codethink’s announcement is not merely a theoretical proposal. The company has already demonstrated the power of this approach with its own CTRL OS (Codethink Trustable Reproducible Linux), an operating system built from open-source components for use in critical systems.

In 2025, Codethink achieved a major milestone when the global safety certification body exida completed a baseline safety assessment of CTRL OS. The assessment validated that the operating system, developed using the TSF methodology, was suitable for use in systems requiring a high degree of safety, up to Safety Integrity Level (SIL) 3 under IEC 61508 and Automotive Safety Integrity Level (ASIL) D under ISO 26262. This independent validation provided concrete proof that an open-source-based system could meet the highest standards of functional safety when engineered with the right framework for transparency and evidence.

Codethink now plans to contribute its new IEC 61508 mapping to the public Eclipse Trustable Software project, but only after achieving a full functional safety assessment of CTRL OS using the very framework it is promoting. This demonstrates a commitment to proving the methodology's robustness in a production environment before offering it as a finalized open standard.

An Open Invitation to a Broader Vision

The early access release is the first step in a much larger strategic vision for Codethink and its partners in the Eclipse Foundation. The company envisions an open portfolio of mappings, extending the Trustable Software Framework to cover a wide range of regulatory and industry standards for sectors like medical devices, aerospace, and industrial controls.

The ultimate vision is a future where organizations can select the standards relevant to their market and use TSF as a common engineering backbone to demonstrate alignment. This could dramatically simplify compliance, reduce redundant effort, and foster greater interoperability and trust across industries. By making the IEC 61508 mapping available now, Codethink is inviting the entire industry to participate in refining and maturing this new paradigm for safety engineering.

“Our goal is simple," added Sherwood. “By demonstrating compliance with the Trustable Software Framework, organisations should be able to demonstrate alignment with the world’s most important safety and regulatory standards. Open collaboration is the fastest way to get there.”