Assurance and certification of cyber–physical systems: The AMASS open source ecosystem

Many cyber–physical systems (CPS) are subject to rigorous assurance and certification processes to provide confidence that undue risks are not posed and thus the systems are trustworthy. These processes are complex and time-consuming and tool support can greatly aid in their execution. In line with other trends for systems and software engineering, the need for and interest in open source tools for assurance and certification is growing and different initiatives have been launched. As a concrete example, we report on our experience in developing the AMASS open source ecosystem. This ecosystem includes (1) an open source tool platform that supports the main CPS assurance and certification activities, (2) external tools with added-value features, and (3) an open community of developers and users. The platform integrates existing solutions for system modelling, process engineering, and compliance and argumentation management. We also present the application of the AMASS tool platform in 11 industrial case studies from five different application domains. The results show that the platform is a feasible means for CPS assurance and certification and that practitioners find benefits in assurance-oriented system modelling and in integrated system assurance information, among other areas. Nonetheless, improvement opportunities also exist, most notably regarding tool interoperability and usability. •We report our experience in developing the AMASS open source ecosystem.•Its underlying open source tool platform is the result of the integration and extension of several existing solutions.•We present lessons learned from the development of the ecosystem within Eclipse.•We also present the application of the tool platform in 11 industrial case studies.•The application allows us to show and discuss feasibility, benefits, and improvement opportunities.