Beyond safety and security: Why automotive open source demands dependability
Jaume Rafols
on 6 July 2026
Tags: Automotive
In the traditional automotive world, teams often work in silos: the cybersecurity experts lock down the ports, the quality assurance teams hunt for bugs, and the functional safety engineers track the ISO 26262 compliance. At Canonical, we believe this fragmented workflow causes friction rather than collaboration. You cannot have a safe vehicle that isn’t secure, and you cannot have a secure vehicle running on poor quality code. This friction results in a slow and rigid development process
Automotive manufacturers are shifting away from proprietary, legacy stacks. To keep pace with consumer expectations, OEMs are relying on open source software (OSS) to drive in-vehicle software, modern cloud development, continuous integration (CI/CD), and virtual ECU (vECU) testing. The “cloud to road” paradigm promises rapid deployment and unprecedented agility.
The “Bazaar” model of open source thrives on rapid innovation and community collaboration, which often collides with the rigid, documentation heavy compliance structures of the automotive world. Standard open source projects do not inherently provide the traceability or 15 year liability that Tier 1 suppliers and OEMs demand.
Bridging the gap between the upstream velocity of Linux and the downstream rigor of automotive standards requires more than just a repository: it requires a new framework capable of bridging open source with the high standards of mission-critical systems.
The three pillars of dependable Ubuntu
To solve this gap, Canonical introduces a unified framework where dependability is not an afterthought, but a native property of the OS. We define dependability as the ability to deliver service that can justifiably be trusted. We do not view security, quality, and safety as isolated tasks; Instead, they form the three integrated pillars of the automotive platform.
- Security: Hardened against intrusion. The ability of the system to protect itself against accidental or deliberate intrusion. We align with ISO/SAE 21434 to ensure the vehicle is hardened against external threats.
- Quality: Predictable over a 15-year lifecycle. The measure of the correctness of the software. This involves internal metrics like maintainability and code complexity. Verification and traceability are crucial to ensure that the system behaves predictably over a 15-year vehicle lifecycle.
- Safety: The absence of unreasonable risk. Guided by ISO 26262, safety ensures that even if a component fails, it does so in a “fail safe” manner. A critical component of this is maintaining freedom from interference (FFI).
Transform open source agility into automotive rigor
Canonical steps in as the player capable of redesigning rigid compliance processes to natively adapt to open source paradigms. We were the first to achieve the ISO/SAE 21434 cybersecurity certification for our security process. We take the raw speed of the open source community and wrap it in the structure, continuous patching, and strict process isolation required for homologation. The result is a dependable foundation that allows you to innovate at the speed of software without ever compromising on compliance.
Join our mission
If you are passionate about bridging the gap between open source agility and automotive rigour, and you want to work on a platform that powers millions of devices from the cloud to the car, we want to hear from you. Join us in our mission to make Ubuntu the dependable global standard for every vehicle on the planet.
Further Reading
Talk to us today
Interested in running Ubuntu in your organisation?
Newsletter signup
Related posts
Cloud-native Android™ infotainment: your CI pipeline shouldn’t depend on hardware
More and more often, infotainment systems are being developed and delivered like software, yet often they are still tested and validated using...
From cloud to dashboard: experience the future of infotainment development at CES 2026
This year, we’re excited to show a demo that combines the strengths of both Anbox Cloud and Rightware’s Kanzi, the industry-leading software for creating...
Using ISO/SAE 21434 to stay ahead of the Cyber Resilience Act
How ISO/SAE 21434 helps you get ready for the Cyber Resilience Act If you work in automotive, you’ve probably already heard of the CRA – the EU’s Cyber...