 Right. My name is Stefano. I'm a fellow at AMD and one of the exam maintainers and here with me I have sent you who is a safety manager also at AMD for the project we've discussed today doing this presentation So let me start with a brief intro of what Safety is Second So safety is Is important any time? Software is running in an environment where a malfunction of the software can cause harm to people So safety is a series series of functional safety is a series of practices Good engineering practices to make sure the software is good quality enough high quality enough to be a runnable in these environments where Failure is not an option or at least failure will have serious consequences So Yeah, so safety is really about doing the right Doing rice and using the right practices to write good software to minimize Zerisco failures And so there are we'll discuss two things right in the safety standards cover a length Development practices to write software from scratch that is safe And they in particular they encourage what has been referred to many times as the V model But there are also ways to qualify as safe pre-existing software and by pre-existing software we mean software that has been written Following different coding practices. So here is the famous V model That is being used to you know encouraged to write new software, which is safe But I mean it's not the only way There are other ways and this is what we're gonna really focus on today To demonstrate that and to prove and to make sure that your software that has not been developed using the V model is still safe Okay Now what we're gonna talk about is Zen So this is example of today as an open source project We're gonna use it as a reference But many of the lessons learned here and many of the things I'm gonna talk about today You can draw parallels with other open source project and maybe you can learn from our experience here And what we're gonna discuss today and apply to your open source project by no mean Is limited to to Xen so Xen is no, please go back Xen is Reference open source hypervisor at AMD both AMD x86 and arm So we have a team to develop enance and support Xen and we also Xen is also supported by our premium technical support One thing that I want to highlight that is interesting and in this brief intro about Xen I'm gonna highlight here and there a few details that are important in this open source project because they are relevant to safety and You might think whether you're on open source project You care about Similarities or similar features or characteristics and make it easier to safety Make it safety certifiable and one of them is a real-time Isolation so many of our customers use Xen to separate as you watch Philip talk just before mine To separate Zephyr like a real-time operating system from Linux a non real-time or a larger What is called QM? operating system so So hard real-time Ensuring that that real-time OS is free from interference So you know matter what the Linux environment does the Zephyr environment is not affected This is a very important quality Usually the safety people call it freedom from from interference and this is something that many of our customer already used today in production next slide now Keeping on the theme of highlighting things of the Xen project that interesting for safety so Xen has very diverse community And I know that Funds are small in the pie chart, but the point is each of those different colors of different contributors The community is very diverse and the diversity of the community reflects into the diversity of the maintainers Now why is this important is important because as we all work in the industry? And we know it is you are close to the deadline and you need to meet to meet The deadline otherwise your bonus and your teams bonus is a risk that feature needs to go in It's really hard to you know push back and say you need quality in those that in those times and often Unfortunately, what happens is a code that is subopening suboptimal get committed into the project Which can be a risk for safety now in Xen is I'm not gonna say impossible because you know never say never But that is very hard to make it happen And that's because maintainers come from a very very different background for all different companies from just to name some Amazon are Citrix AMD and Susie some of the top maintainers So it's very hard to influence the key maintainers to take bad quality code because everyone has different interests So this is often referred to as independent panel of expert Independent from your company interests and this is something that is also important for safety and Again, I'm giving you an intro exam I really taking the opportunity to highlight what is important in an open source project for safety now This is a this is an old slide that shows some of the users of Xen and the bottom right is embedded top Right and top left is data center and cloud. What's interesting is bottom left bottom left is Security companies and groups that are using Xen as a foundation for their security product The Xen has been used for instance by QBOS to provide highly secure environments on your laptops to separate Sensitive information, you know the kind of you know journalists and whistleblowers needs to keep safe From your regular, you know, environment where you Google your latest news That's also important good security practices is good is also important for safety next, okay, so as a summary so Xen has a very strong very strong quality Processing place in term of code review from an independent panel of expert Sometimes it's been we have been told several times too strict From new contributors, you know the flip side is then we really spot as many errors as possible We also have a very strong security process incredibly detailed has been used for years and many other open source project used our security process as a base as inspiration Also security and isolation are both key Feature of the project Trishability everything has been done in public for like 20 plus years on the main list all discussions all the data is there There is no Yeah, he told me that he was okay. So I committed it those kind of things never happened in our project Every commit is also tested the validator not on one or don't chew CI loops And there is why the users of Xen across various verticals But what I'm gonna highlight quickly is all of these verticals have different Requirements, but some of them are interesting to safety in different ways like Xen in the data center That's multi-tenancy. So you really need to make sure one VM cannot steal the data on another VM. This is also important for safety Desktop QS security you might want to make sure you through a virus in your windows environment You don't get you know, the sensitive data doesn't get out and embedded. We talked about the real-time isolation okay, so I MD is Working on making then safety certifiable for MD platforms both MD x86 and arm We are targeting IE 661508 seal 3 and we are also targeting ISO 26262 SOD This certification is Bay. I mean the safety certifiability is based on the upstream project. So Meaning that we are not, you know, taking a fork and doing a lot of work behind the scene and then taking that snapshot Safety certifying it and you know, no We are actually Based in the safety certifiability on the upstream work by the community and the upstream releases And that's gonna also make it a lot easier is first of all to give back to the community and Upstreaming many of these things aligned in the community with their efforts But also it's gonna make it a lot easier for us to update in the future the safety Certifiability of the project when there is a future release or a future update Now many of I'm not gonna promise that everything is gonna be fully open source But man most of the things that we're good. We are doing as part of this effort are gonna be so we are gonna make as a code Based means to see compliant and we are gonna upstream that we are gonna improve the documentation and we are gonna upstream that and We are gonna improve the testing. So there's gonna be a significant impact and positive impact to the community Thanks to this effort absolutely Stefano he talked about certifying pre-existing software So I'm going to discuss about What are the pathways we are taking to certify as in as open source hypervisor. So we So as we as we as he mentioned that the target is ic6158 and ISO 26262 For a cld and that's for nasil 3 that's a systematic capability 3 and what we are doing is we are Segregating the core components of gen hypervisor which is which is for the Isolating a safe and non-safe workload and we have identified the core components for both x86 and arm and we are certifying it We are we we are certifying it for x86 and arm For the target standards, it's not specific to particular board, but it's a kind of hardware board in specific Certification it will be So this is this is a pathway I think he mentioned about the quality process Jen is already in a very in a good following good software development quality and the security practices and as the safety standards like ic6158 and 26262 they allow to Qualify a pre-existing Software and that's what we call us tailored software safety life cycle. So we take this I mean we are these are the pillars right established open source development process which is available for Jane and we have a very strong security practices and and and we Identify what are the minor gaps in the context of for the safety standards and we fill those gaps and and and some organizational supporting process which I can discuss a little bit later and With all these we go for some independent functional safety assessment by third-party and we prepare a safety case and that would be suitable for claim or to a cell D for ISO 262 and Still three are systematic capability three for ic6158 So the people that are not familiar. These are the highest corresponding for the strictest in both ISO and as well as the IEC So the assessment I think We are in alignment with the different safety certification authorities the assessment can happen in a two phases the first phase is a Concept approval where we present our organizational process and the safety management and the overall the safety concept The target use case of that is in hypervisor where it can be used to isolate the safety workload and non-safety workload That safety concept and architecture will be assessed by the third-party Company and that's one phase and the second phase will be the detailed test Means that whatever we presented in the first phase that will be assessed all the verification and traceability and everything will be Assessed in the second phase and we will we will complete we hope to kind of finish that In the two phases in the typical Safety certification project of the software. So this is a kind of an alignment. We have with the different Third-party authorities. So the concept approval. It's a safety concept as I mentioned that is an architecture and how it's the target In the target system like in this trail or automotive how that's a hypervisor is going to be used to isolate the safety from non-safety That's a concept review and then second is that functional safety management whether that people and that organization who is performing these activities is Have enough capability in a functional safety management and Related safety related activities that part will be assessed by a third-party assessor and these are The activities and the plans associated with each phase like a concept review we have Safety requirements in the morning sessions. I think there was a lot talk about the requirements the quality of the requirements and and we have the architecture and we have a verification plan on validation plan and under the tools are used in that development life cycle of the pre-existing software will be classified and Qualified based on the classification criteria And then we have all the functional safety management related work products like assessment plan safety plan and how we are complained with Configuration management and change management to how the document control works. So these kind of things are coming under that safety management activities so when the concept approval phase we expect these two Categories and these are the possible work products that can be submitted to the auditor and Get on the concept approval So once you finish your concept safety concept approval that shows that you have enough capability and your safety concept is Was reviewed and approved by the auditor and then you move to the second phase where you provide more verification activities like a safety analysis Software FMEA software failure mode analysis can be performed and tools qualification So for example, you have a compiler used in your safety development life cycle That's a GCC compiler. We need to make sure the GCC compiler or any It's not introducing any new faults in the software. So we need to make sure the compiler is classified and Accordingly and if there is any fault in the particular version of the compiler we need to put some mitigations at a software level and Then coding is a the thing that the safety standards recommend a strong good coding practices the misrasees It's a very good coding practice used in more automotive and industrial segment industries so Following misrasee and complain to misrasees mandatory and required guidelines Will make the code very blood proof for any safety certification activities so and the verification specification validation specification as The gen is already doing a lot of tests. So I'm not saying that we are not doing any test now We are already doing say a lot of test But what we are trying to do is here is that perform some additional test so that you can fill all the gaps From the context of the safety standards like IEC 6158 and ISO 262 so that that can be reviewed Auditored and certified by the third party authority. So that gives more bulletproof and You provide a user guide and a safety manual safety manual is the one that very important once We certify or any software for any or hardware for the safety certification that has to be accompanied by a safety manual that Explains how that particular hardware element or software element should be used in the target system So the customer or the user who is going to use a certified hardware or software element in this context is in so they need to follow the safety manual where We provide a lot of assumption of use cases and what are the restrictions and what are the configurations? You need to use in order to use in a safety critical context And that safety case is the one that which the safety manager prepares for the auditor to claim that particular piece of software is SIL-3 or a SIL-D for whatever target we are deciding for the intended safety critical use cases So if I can list out the table all the required activities You see that for products and evidence safety requirements We need to have a very clear requirements Which is verifiable requirement and architectural specification Which maps that requirement and then Implementation part and then the verification you have to cover the performance test and the regression test Additionally in software safety Have an fault injection test simulate some faults To see how the system responds. So that kind of test we can actually can be added It's all good quality. I mean rather than safety it increases the reliability of the software and the quality of the software So that that's the whole argument of safety In an industrial and automotive context then perform the tool analysis Which we list out the tools and classify according to the safety standard and And make sure that mitigations are in place and software failure analysis is This approach that you list out possible failure modes and What are the effects that can have those failures in the system then mitigations the possible mitigations? The process control which we'll talk about or the safety management related activities like document control change control process on the safety plan The training training for the people who are involved in the safety related activities and the safety manual and the safety case so Approximately these kind of work products and evidence will convince the auditor to certify a particular piece of software for Target safety integrity level Yeah, so this one is so The pre-existing software so the question is I mean if you ask whether a software which is already developed which is already in use Can it be safety certified that the answer is yes provided that the software has followed Good software development practices and good testing if it is already in place Then we can find out the minimal gaps By performing gap analysis and then fulfilling those gaps or a software safety Can be achieved for an open source or any peer-to-peer existing software I mean approximately I can say that based on my experience if you have on a 50,000 lines of Code which is pre-existing software are already developed the software with a good quality process in place with some 60 percentage of testing and 30 percentage of documentation efforts that can be safety certified by another party Authority I mean approximate second 50 50,000 lines of code and within 24 to 30 months of approximate time period But depending on how many test cases you already have In place and etc. So anyway that I mean if you're taking any open source code and Adding more tests so that increases the overall quality and reliability of the software. That's good for the software overall That's good for the project. So irrespective of the safety If we add more tests that improves the quality and reliability. So in either way that that's good for the project This is Expected deliverables Deliverables when you go for a third-party audit like a concept report I mentioned about the audit can happen in two phases the first phase you finish Safety concept review audit then you get in a concept report Then once you complete your volume of two phases final assessment will provide you Safety certificate and the report and the technical reports and that can be that can be packaged to any interesting customers of anyone who's performing Periodic audits. Yeah, so once that is certified I think there is an regulatory requirement There is a requirement of the standard that that has to be periodically audited to make sure that A third-party assessor certified software They need to make sure that we already we will be still having that process in place once in a 12 to 18 months gap period that there will be periodic audit and if there's any new feature is added and That future we need to make an impact analysis. Yeah, add a new feature Makes any significant impact on the overall safety or not then based on that the recertification of the new feature Is decided Okay, so I give it to Stefano so Thank you. Send you so what I'm trying to now answer is What is really the alignment needed between an open source project in these examples then but it really I think this lesson Learn applied to many others. What is the alignment needed between your open source project and safety safety requirement safety? people working in safety Or to say to rephrase the same question What can the open source project do for safety and what can the safety do for the open source project, right? so Let me start by saying that in the example of Xen by making sense safety certifiable as part You know a customer could take Xen as part of their software stack and use it in the environment that it was not possible to use It before like anywhere where human life are a risk lay automotive certain industrial environments and and more right So you're gonna get a lot more users users mean more development more development Developers and more developers mean a richer better more healthy healthier community, so That certainly is better for the project, but there are actually more concrete Benefit to the open source project that I want to highlight and one of them You know is coding guidelines. The other one is documentation and the third one is testing and Next slide and so let me start by talking about the coding guidelines So in order for your software to be high-quality enough It only makes sense that it has very strict and you know and good coding guidelines and Misra C is one or maybe the best of the safe coding guidelines out there For the C language and it really allows you to write safe C code avoiding many of the common mistakes and really makes your programming better and Insecurity you will call this defensive programming maybe but here we just we call it misery See and trying to avoid common mistakes and define behavior and things like that. So One of the things that I want to highlight for misery C But it's really true for all of these things is I have the impression that in the open source community And I am an open source guy first, right? So I definitely I mean I Myself included there is a kind of impression the safety is bore about bureaucracy and paperwork than anything else And I want to stress that this is not true, right? So safety is really about safety is really about making your code safer making every feature that you use Tested and the any interfaces that you have well Documented which are normal same principle that you know normal good coding practices And is this is really important good to get your your community on board I mean to understand this and also on board with making these changes is also okay I mean not all open source community and open source project are necessarily meant for this You know because writing good software takes longer than writing bad software, right? I mean this is a bit of an extreme example, but let me make a better example Write a lot of tests take more time than writing zero tests right, so It will be a reasonable choice to write faster software with far less testing and this can be a good choice for some communities but if your community is a community that cares about quality of the code as Security-sensitive deployments safety-sensitive deployments really care about isolation Freedom for interference like the extent community does then it makes sense. There is alignment, right? There is really already is maybe we are talking different languages for sure Like sometimes there's a lot about choosing the word that you use when you speak about people that have a security background Instead of a safety background But the values are really the same right you can there's a lot of common ground to be had so the first step in my opinion is really to find this common ground and Align your community behind your efforts to improve the quality of the code base with things like misery and documentation and testing and in the specific case the misery is really not enough to say we are gonna do misery Right. That's not practical. It's not even actionable So what you need to do is one by one with your community Evaluate the misery guidelines find out with the one that makes sense for your project adopt them in your own Guidelines for your project and make sure they are respected by both contributors maintainers of As to meet as they keep submitting new patches So Yes, so in the extent community we have been following this process for While is to help for second So in the extent community we have been following this process for a while and we are in the process of adopting misery rules We have already adopted actually that number is a bit all think about 45 out of 100 something rules and we're going through them one by one and the more we go through them more than we find alignment because the people realize that these are actually If not always good rules for certain they always highlight real problems, right? And maybe the suggested solution is also always the best one, but it is really value in talking about every one of these things We are also adding so When you have a rule sometimes you don't want to follow it at 100% of the times So, you know in some cases you might want to have a deviation that you are you are sure you are sure that the code is safe Even so technically is violating the rule So we have a framework to do via to do deviations by in code comments which are these tags are tagging the deviations and We can link them with the explanation for the deviation and we can also have generic tagging that work with multiple tools Now tools next slide This brings me to one of the most important benefits of using misery C and that is about using static analysis So there's a lot of focus nowadays about, you know safe coding safe languages So for what regard C is the best tool we have in our toolbox by far a static analysis There are very very smart powerful Capable static analyzers that can scan your patches scan your code base and find any problem With it misery C or not misery C even like they can detect Any sort of issues including I was gonna go with the classic example or missing free of buffers But you know in Zen is not that we are located that much memory So it's not a good example, but any kind of any kind of bad software and and bugs So one of the key things that we're doing is integrating the static analysis tools as part of our github CI Process this way we can automatically scan any new patch from any contributor for Problems for violations now these is I cannot stress is enough This is a fantastic amazing benefit to the community So instead of having the maintainer by hand, you know review and say ah this basic thing You did it wrong these are the silly thing you did it wrong all of this basic stuff It's gonna be done automatically for you things also the benefit for the contributor instead of having to argue with a human It has to argue with a computer and we are all in software because we don't like to talk to people right We like to talk to computer most and now you get to talk to computer all the time So so this is is a great benefit all around Documentation and testing I mean starting from Docs. I mean we all know the the old joke is The open source software type terrible at documentation. That's the old cliche I think it's not true anymore. We are actually doing decently well a documentation not just Zen But other project as well that said the documentation and required by safety the level of correctness is you know 100% is higher than most project offer so and one thing I can recommend is to use Doxygen and RST to keep the documentation close to the code that makes it easier to keep in sync so that you can have Maintainers make sure that the documentation is updated together with the interface and we are already doing a thing then So not everything is the doxygen RST yet. We need some rework But definitely we have been keeping documentation up to date with the code for a while now and The last thing I want to talk about is testing And again the other cliche is in open source in many projects are not quite well tested right that cliche is not true anymore either right we have a lot of testing we have GitLab CI and other infrastructure and in Zen project alone We have two CI loops and one of them is GitLab CI and has been grown a lot in the last few years So we now have 118 GitLab tests as of last week among them Many are runtime tests and some of them even on real hardware I'm saying this because usually GitLab CI the way of testing a hypervisor or something low-level is to spin out QM Or a run in emulation inside the core the core no low-light provides We even have real hardware test based on GitLab runner contributed from the community So people like us axiolings are contributing at GitLab runner They're running tests on our favorite hardware of choice so we can make sure the Xen does not break on a specific target There are other in the community that also contributed GitLab runners like cubes is contributing a GitLab runner to make sure Suspend resume does not break on certain classes of laptops. They care about So one thing that you know it would be good to have good going forward is to make sure that every new feature get tested Otherwise does not get introduced and if that makes sense otherwise, you know It can break at any time and I want to conclude this presentation Basically with this message so your open source project as long as has been developed with good saying coding practices processes and strong reviews can probably be made safety certifiable right and To get there I think the key is first of all to align the community behind it You cannot really force the community to do safety you need to convince them and and that is the right thing for the project And it might not be that I think for every project because writing documentation and writing test doesn't have a zero cost, right? And it's fair to take that into account And the other thing to want to highlight is safety is not about the paperwork And I mean as you saw from the details all the details from central there is certainly sent certain documentation to be provided But if your project is really good at the quality of documentation the quality of the code base and the quality of testing I can promise you that the paperwork is not the issue, right? So as an open source project in an open source community apps in focus on that, right? Yeah, I think this is the end of the presentation and if you have any questions I Open in the floor for anything you might want to ask So I guess you make a very good point with get the community buy in because otherwise Well, you can just simply it doesn't work in a community doesn't work in a normal Company if you just say follow the rules, especially if you have no control about the people It has to be a win-win, right? It has to be a win for the community because they improve the code They improve the testing prove the quality of the release improve the documentation that is great for new contributor It's good. It's even better for the maintainer when they need to maintain the Interfaces and this of course is good for the people that care about safety Of course if the community doesn't want to increase quality, which is we have to be honest It's a decent choice, right? It's always a compromise. So then it doesn't work and For this part if you follow miss Rossi guides and you have community Maybe how do you treat it because maybe not everybody in the community has access to the miss Rossi? So that's a very good question So miss Rossi you for the so the one of you that don't know miss Rossi is not open So there's a coding guidelines the document it costs But the cost is very moderate. I'm not gonna name the numbers because I remember that it's a Res is reasonably affordable. So what we did is the following we Then exam project as a small budget as an open source project And we use that budget to buy miss Rossi copy for every one of the key maintenance and contributors in addition You know, you don't need to have the full miss Rossi copy in order to Read the result of a scan and say you have a violations here and and think that's good enough for the Passed by contributions of people that are not regular and submit a patch to spot something They usually just highlighting that is something there is good enough Thank you. It was a really good talk So I'm an aerospace and we do have hypervisors. We use an aerospace There are closed source now to say one of the bridges to get Xen into aerospace would be We we need Documented service history like where it's being used and then when we put it into a high criticality Use case we can actually point to the F tell the FAA point to it and say it's used here And here's the fault history and this is how it's been managed those kinds of things So that would that would be help. I know obviously it's an open-source project. Anybody can download it and do it But that would be like one big thing That's missing from this to be able to point to service history that would make it easier to get it into aerospace applications So we actually talked about that because it also might not be a strict requirement for ISO or for IC Certainly what you just described services story helps so my solution to that is To reach out so the thing about open-source is anyone can download and deploy right and doesn't need to necessarily to tell you about so for sure I'm only analyzing the tip of the iceberg But the tip of the iceberg is huge for a project like Xen like it's usually way Bigger than proprietary I provider can claim and I bet is the same for many other open-source projects so my approach to that is To go to Xen summit a conference pick with the people that are in these other companies and get users data from them And in the case of Xen it could be Amazon it could be Rackspace it could be like any of Xilin's customers or you know, et cetera, et cetera But the fact that these open-source should not stop you necessarily from gather the service data In if nothing you have more together, right? Yeah, I in fairness we have not started this activity So I'll let you know next year when I give you an update how far we came along with that Service history or definitely it's a it's an added argument in the safety case. Yeah, definitely I mean the space of process safety, right? We follow the 650 a Addition three of six 15 away will come out of the route can be 27 it will put additional requirements on the process and Especially about the classification of each requirement It's a plan to Bring Xen to that level For years from now Let's send to take this one So, so I think the question is about that on the software safety requirements, so When we certify the pre-existing software and the requirements of All those components are considered as safety requirements So what we perform is for the pre-existing software based on that already available interfaces The retrospectively we can backtrack the requirements and we can pull requirements from the implementation Interfaces and we can manage those requirements in a systematic way So in that way that requirements and the architecture and the implementation are sink and it can be It can be traceable from our requirements to the implementation. I Don't think that will work because we are doing right now, right? We are preparing for addition three in tomorrow documentation the process Each requirement will have to be classified as safety functional security packaging whatever Right and one more additional Requirement that for the addition three which will come out for years from now, right? Would be that on the user manual we need to be linked to Product system requirements, right? So there are a lot more work to be done for that to be a product another question would be that Does Zen have? Dynamic memory allocation So yeah, so that's a good question At the moment there is still dynamic memory allocation, however I Really plan to remove it entirely and the reason is especially and on even today at least on the on the arms side the amount of Memory allocation around time is tiny and even today without any code changes in the right configuration. You could probably take it completely away Boot memory allocation. Yes, right with that but after boot I think even today it will not be too difficult to get close to zero memory allocation without any changes And for sure as part of this project We are going to look at this closely and ideally take it completely out No, just for arm but also on the MD x86 side The reason why we can do that is because you know something that sent him mentioned But we didn't go into details for time reason the configuration that we are looking to make safety Certifiable is what we call them zero less and what he means is Xen starts and creates the VMs directly a boot So and then he doesn't create any VMs anymore So all the location is done once a boot time and not again So thanks to this model. This is different for the traditional model We should know the traditional model is then start a VM the VMs and asked for more VMs to be created So in this new model then there is really no need for any new resource allocation after the boot phase Yeah, so we should be able to achieve it Yeah, as long as you do not have dynamic memory outpatient. I don't time you're fine Sorry if my question is silly. It's not my world. What when you when you talk about safety certification? Who decides what the requirements are is it? Is it the standards? Is it the state regulations? Who writes rules on what save it what is not safe to be certified? So that's inter at you side of this question one is from central I mean the authority this is a safety assessor of a clear idea what this requirement needs to be now Who writes it is of course needs to people that are familiar enough with the iPervisor to know all the details And to know exactly the expected behavior in all cases of the iPervisor Can it be different from one country to another for instance can be Satisfiable in states but not not in Mexico because they have different set of requirements That's based my question who writes the rules and is it is it a worldwide standard or is it Iso is sent for international standard organization. So you answer my question the standards rise the rules the rules are in the standard, right? the standard and the external or third-party Certification authority were authorized to audit and to certify the product. They make sure that The requirements are in alignment with the standards then they certifies. There's the solid proof that we are following the particular standard But this is valid for for instance, they say that one day we were looking at the 0178 This is the avionics one. It might be slightly different, right? And they might be as likely were different wording and expectation. I thought usually they're roughly aligned all those these certification standards But there are differences between them. Yeah, any last question if you don't mind I can It's not the standard that matters. It's if you're the OEM and you're trying to Create a device either an airplane or a car anything you tell the regulator what standards you plan to comply with So then the regulator will hold you to that standard and if it's a good standard like an ISO standard Then the regulator is not going to give you much trouble But if it's something really obscure something that only partially complies then it's gonna make your job a lot more complicated The OEM will tell the regulator what they're gonna comply with and they will tell the reg the OEM That's not good enough. You need to do better than that. It's a negotiation Well, thank you everybody for the good questions. I hope you enjoy my talk and I'll be in the hallway if you have any more questions Thank you