By Hirotaka Motai, Cybertrust Japan.
We develop and provide “EMLinux,” an industrial-grade commercial Embedded Linux, for the Japanese manufacturing industry and critical infrastructure (such as industrial controllers, professional communication equipment, and medical devices). EMLinux is based on the achievements of CIP. To maintain a robust common foundation for industrial Linux, we participate in the CIP project and engage in collaborative development. On the occasion of the 10th anniversary of the CIP project, we would like to share the background of our participation, our gratitude to CIP, and our next 10 years together.
Why We Joined CIP
At that time, while expanding our embedded Linux customization business, we strongly felt the seeds of need for “long-term security support” in the critical infrastructure sector.
Japanese embedded products are characterized by high quality and extremely long product lifespans. On the other hand, because stable operation was the top priority, companies previously hesitated not only to install disruptive OS major version upgrades but also to apply security patches after shipment. However, as security breaches targeting embedded systems and OT systems became real threats around the world, many Japanese companies found it necessary to apply security patches continuously. Especially for critical systems, “Linux that can be securely and continuously used for a long time” was indispensable, rather than Linux that focuses on bleeding-edge technology.
In the face of these realistic challenges in the manufacturing industry, CIP’s activities, which advocate 10 years of super-long-term support, were exactly the answer we were looking for. Supporting the strength of Japanese manufacturing—”high quality and long lifespan”—from the open-source layer was the primary reason why we decided to join CIP.
Gratitude to CIP
CIP realizes the “super-long-term safety and reliability” essential for critical infrastructure in a sustainable way. For us, CIP’s activities for the “super-long term,” such as the Linux kernel and Debian LTS, sustainably supports the Linux ecosystem and its software supply chain. Therefore, these efforts constitute an indispensable core of our products.
In the manufacturing and critical infrastructure sectors, where device lifecycles are long, it is essential to continue cooperating with the open-source community to keep responding to security threats. By participating and working within CIP, we can sustainably provide 10-year-scale vulnerability response and technical support, which would be difficult on our own.
In addition, CIP’s “Upstream First” policy is also important. By minimizing custom changes and returning fixes to the Linux community, our achievements can be widely adapted as global standards. As a result, it helps build a positive cycle that improves the stability and quality of our own products. It is of great value for us to work under the policy of emphasizing continuity with the upstream community. This allows us to reflect our own needs and knowledge back into the upstream.
The Next 10 Years with CIP
Beyond providing the SLTS kernel, we expect CIP to drive a robust software supply chain that ensures Linux can be used stably over the long term.
CIP’s “Upstream First” policy plays an important role in enhancing the sustainability of the entire ecosystem. This is achieved not only through code contributions, but also through checking quality via automated testing and supporting related OSS communities. As part of this role, we have been strongly committed to activities such as participating in the “cip-kernel-sec” activity as a maintainer, which collects and analyzes vulnerability information, and building a test environment linked with “KernelCI”, which is an open automated testing foundation for the Linux kernel. These efforts, which support long-term support from both security and quality perspectives, make the community’s achievements even stronger. In the coming years, it will be important for CIP members’ activities to encompass the entire software supply chain and to build and maintain a framework that continuously ensures long-term reliability.
Even 10 years from now, we will continue to develop “Linux that can be used with peace of mind over the long term,” just as we do today. This journey with CIP toward that goal is the very mission of Cybertrust, supporting the foundation of Japan’s digital infrastructure.