Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Important and Critical product categories - Operating systems
  • From: Steffen Zimmermann <steffen.zimmermann@xxxxxxxx>
  • Date: Wed, 26 Mar 2025 13:06:25 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 52.17.62.50) smtp.rcpttodomain=eclipse.org smtp.mailfrom=vdma.org; dmarc=pass (p=quarantine sp=reject pct=100) action=none header.from=vdma.org; dkim=pass (signature was verified) header.d=vdma.org; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=vdma.org] dkim=[1,1,header.d=vdma.org] dmarc=[1,1,header.from=vdma.org])
  • Arc-authentication-results: i=2; mx.avanan.net; arc=pass; dkim=none header.d=none
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vdma.org; dmarc=pass action=none header.from=vdma.org; dkim=pass header.d=vdma.org; arc=none
  • Arc-message-signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P8W0hh9OoMy6krjdiqMCSBcFiEOv0ffv50fEYTKZlJg=; b=R/X1b6GmR/mGf7w223QognWx21wQp4SIanOg8Oqyz4u+YKSi+W/g2veO8Mhn8/IinKjOiPlpYXOKepG/2wDG8RaYFRFivrhkmgaX1qPcKeqYZ2dpbOv76RtWGanOw0gKsDPKJzBcHqS9y2N7fDyeEqdwB8pMuGauHxqC6x46GiFqAmQtrlNj3Sg57JxxYYUGKEuY66IxV+3qdAhva/An+BOp2uImbbFCmT0SnP5TF9MlPBjnyNdlC97tVDXB8NwSDSLffK1SAstCPteyLJIR7Aa4iEzFhglstfHyL/ZTUyPz8SkphBrH2PclpiMeaByXIKHQmexk7jhVo1+Kd4xLMw==
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=avanan.net; s=arcselector01; t=1742994398; h=from : to : subject : date : message-id : content-type : mime-version; bh=P8W0hh9OoMy6krjdiqMCSBcFiEOv0ffv50fEYTKZlJg=; b=Io1Xcp7Qb5A4S34mdrA+h6sBjuRfzn+rUaKQhdEmmH1CloMPEMSMQnMQLyy/VhP0oroW6 9L+GTzQQlrVh7Iuxjzrn1gIYBVRf6QJ+K6TUJHD0nbdk9oMsZDDTRPC2nJ1ai5VcC7//HPX ypQjbbjHi2b24pGkmbATqzYlTN6/FhQ=
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P8W0hh9OoMy6krjdiqMCSBcFiEOv0ffv50fEYTKZlJg=; b=aKAVJ10nPVKXjoMxLDJjcWVYLqfa+CkcdhpX3EDRbViKl48MCgCa9ZLR1sRQ2V6puKX7FIYyBunedibGBbP/NpQ85QVo+0EsHOzlq++QsdrcIK3ni4CDKdiV+aC4Uxg2IIpRCljIw/G5EplqUQ8GDWfC2W6OKn35Ay0HoEmPEIvaC6E2EPMieSBp8UiZlPdokIyUyIguu4GF5b9/81pbK8QAaB6EvrFFq/775hdidWfkdPzlEcBXLIm5XTgCdkkC9b6oomgIvcM0EFPYxst593QAwOAVwvmRy3kjIeAHYLPDl54q/u421qmIGl2Wz9jFD+9gTtKD9JDSLsWz1Vd2hg==
  • Arc-seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=tcskRIJ2PJL1oWlylY73neKN+7rTgLrVpRSRzbeOe7fvzfIK80sY20L8qSiyR/V9/fpD4lwvJP298YrH54MIkSHQHuTQZig6VzPmuk0PLq/SqrQTAk5Q+dN2dZZMMUoiacu8Aaf0kAmOGg8tJCPhePTXCTgvfIBzA7ftYYCBg+BrOHe9YRUaRXaeWX2ZYh1lcuEp7jyRQzBWzHesGRFz3INpchFuqGTjelwG6MI8br4XNdZeMfMohoW6Z8AZLnDA6YS9wa82RJTzJkFou9v64WNjzwAZmuBqezc4zkeq6k7mO7pHuCHAmO9/T/SGi7IqwqHvt2oc0rdWlDIKFF4fQw==
  • Arc-seal: i=2; cv=pass; a=rsa-sha256; d=avanan.net; s=arcselector01; t=1742994398; b=LvIV+NNfFMzI7/SCKfkwuslJ23MMkpcU1ZJZRwVTvIxVIFzG9kzyKQy9+O37nixFIsBv6 m11UIak2ERz6tOhmpwOUjaCu4YtRRlWptw5TzFTNX5ZF+kSWFHF1Rc0PYQTVr/Iphc8hdSw wpbpcqGS+UaR9UNn0Li2wTtaPLCEds0=
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b5xTAzVofqRMm6YVuxJcpbmc6BPTPlZexSW1RwCQ5+ncIwFzrQvlA5IZMpmMO0d27/BwcimISZRKaDpXq5yyhc/O/U/Of/sis3eChIODG3RM/56Bl3eBERg683dYkOmUFDS3i9C7qUQ3MkiYeEfp6S6iQqic417+csaQBvj7wsGDjtSVRURTYgYxd99BNyM+oxehgo4FdLjSYVJBS5QbV1S/9fzL4nneYuq7JYCapf8ew6AlT+Nm5gRjq1hKUWPRD0XAkn5xSOem5AeTOZABqXsQXmEgXbkR+/28T7izvB4u4s1dRpMGsyewiD2yx/9dbcH1rXxGNLlnim6wxEJSOA==
  • Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
  • List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHbnaKAqivUdF8PmUicYXzoOQ4iSLOERk2AgADmcoCAACL6cA==
  • Thread-topic: [open-regulatory-compliance] Important and Critical product categories - Operating systems

Dear all,

 

please keep in mind that the technical description is used to differentiate, not to describe ALL features of the products categorized.

The descriptions should be seen as sufficient to find out if a certain product falls within the category.

 

If you consider features, ask yourself if the feature is unique (enough) for the product category, otherwise it will not be helpful.

Ideally, it should fit into a decision tree.

 

Mit den besten Grüßen,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 

Von: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> Im Auftrag von Tobias Frech via open-regulatory-compliance
Gesendet: Mittwoch, 26. März 2025 10:47
An: open-regulatory-compliance@xxxxxxxxxxx
Cc: Tobias Frech <tobias@xxxxxxxxxx>
Betreff: Re: [open-regulatory-compliance] Important and Critical product categories - Operating systems

 

Hi,

I agree. With the current definition it's very close to something that does task scheduling, even if it is completely in user space.

If I try to parse the sentence "Software products with digital elements that control the execution of programs and that may provide services such as resource allocation, scheduling, input-output control, and data management." it sounds like "control the execution of programs" is the only hard criteria given. The parts after may are just additional hints at what an operating system may additionally do. Is that correct?

From a security point of view I would say the separation of execution between kernel space and user space or more generally different levels of hardware security boundaries (rings?) is a key part of modern operation systems. I am not sure if this holds true in the embedded space though.

Best,

Tobias

 

Am 25.03.25 um 21:02 schrieb Marta Rybczynska via open-regulatory-compliance:

Hello,

I think that this definition requires some work. It does not mention hardware support and access control (including access control to hardware) and those are related to security. The definition "as-is" could be interpreted to include things like task scheduling systems (in CI, job scheduling in scientific systems and the like). It also gives no boundary between the OS and included tools. In the case of a Linux distribution, does it apply to the kernel, or to the whole distribution?

 

I propose the following:

Software products with digital elements that control the execution of programs and manage hardware access. They may provide services such as resource allocation, scheduling, input-output control, and data management, and might run directly on hardware or use a hypervisor.

 

What do you think?

Marta

 

 

On Tue, Mar 25, 2025 at 5:25PM Tobie Langel via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hi folks,

 

This is the definition of operating systems in the draft implementing act:

 

Software products with digital elements that control the execution of programs and that may provide services such as resource allocation, scheduling, input-output control, and data management.

 

This category includes but is not limited to real-time operating systems, operating systems for servers, mainframes and mobile devices, network operating systems and general-purpose operating systems.

 

Are you all comfortable with this definition or do you have concerns with it? If so, what are those concerns and how would you modify the definition to address them?

 

Thanks.

 

--tobie

---
Tobie Langel
Tech Lead ORC WG, Eclipse Foundation
Principal, UnlockOpen

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org



_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
-- 
Frech IT GmbH / Am Brünnele 7 / 71642 Ludwigsburg
phone : +49-(0)7141-9113037 / HR B 744851 / AG Stuttgart
Geschäftsführer: Tobias Frech
mobile: +49-(0)172-7112352 / email: tobias@xxxxxxxxxx

Back to the top