One major problem with Internet of Things devices is that they may never be updated, making them vulnerable to security threats that can accumulate over time. Many devices may not even have the ability to be updated automatically, requiring companies to install fixes for everything from the application software to the operating system manually. That could mean a product recall.
“Companies will build a new product, ship it and forget it,” explained Tyler Baker, chief technology officer of Foundries.io, a startup founded by former executives and senior engineers from open-source software organization Linaro. The company is building tools based on the Linux and Zephyr operating systems and updated constantly to prevent bugs from worming to everything from connected traffic lights to autonomous cars.
The Linux platform is based on Yocto’s OpenEmbedded and targets the controllers inside driverless cars and servers installed on factory floors. The company’s Zephyr software fits inside microcontrollers used in wearables and other compact devices. Foundries said it will offer customers updates several times per month to avoid the costs of testing and maintaining their own software for every product.
“This is a huge and fragmented market,” said chief executive Gregory Grey, adding that the company is trying to give embedded devices the ability to be updated the same way as smartphone using Apple’s iOS and Google’s Android. The company is trying to get its software running on any processor and connected to any cloud so that customers are not locked into a specific type of hardware or cloud computing vendor.
“It’s choose your own adventure with embedded products today,” said Baker. Since it was founded last year, the company has raised $1.5 million in funding from investors including Linaro, which makes software tools for Arm-based product development. It is trying to raise additional venture capital before the end of the year to compete with companies ranging from Wind River and Mona Vista to Greenhills Software and Mentor Graphics, which offer real-time operating systems that have better reliability and timing than general-purpose software.
Foundries said it would update its software more frequently than rivals. Customers can choose whether to send them to the Docker containers inside the Linux distribution, which has been reduced to use less than 200Mb of memory. These companies can use any device management platform and many of the same tools used in manage software running inside large data centers, including Kubernetes.
The company also has high hopes for the Zephyr real-time operating system, which it enhanced with a secure bootloader and support for over-the-air updates. The software was developed inside Wind River as the Rocket operating system before the source code was opened in early 2016. Foundries is focused on giving it the same stature in the embedded market as Linux holds in the data centers of major corporations.
“That’s going to take a long time,” said VDC Research’s Roy Murdock. “Linux has been around so long, has so many contributors and runs so many systems, it will be difficult to replicate its success in the embedded space.” He added: “It’s hard to have an operating system that runs across all these different embedded platforms, and that’s why the market for embedded operating systems is so fragmented.”
The competition has overflowed in recent years. Many companies are muscling into the market as open-source operating systems continue to replace more traditional, commercial code. Last year, Amazon announced it would take over FreeRTOS, while Google introduced Android Things to compete with other embedded operating systems such as Contiki, Mynewt and Arm Mbed. Microsoft has thrown its weight behind Azure Sphere, its custom software for the billions of microcontrollers sold around the world every year.
To expand its potential customer base, Foundries is focused on getting as many hardware vendors as possible to build support for Zephyr into products. The Linux software supports chips based on the Arm, x86 and RISC-V architectures—and a number of development boards. The Zephyr distribution works with products from Nordic Semiconductor, NXP and STMicroelectronics, among others.
“They offer very quickly updated support for these operating systems, but there are lots of companies doing that around Linux. You just pay to have premium support,” Murdock said. “But no one has done that with the Zephyr operating system yet. That’s a big vote of confidence that Zephyr is ready and original equipment manufacturers are going to pay to have it updated instead of doing it themselves.”
But it is still unclear whether many original equipment manufacturers will pay for the company’s software unless it can support safety critical applications in cars and factories, said Murdock. Without the ability to withstand faults, these systems are vulnerable to potentially dangerous shutdowns. Foundries said that it had early customers including system-on-module supplier Toradex and healthcare company Vitalacy.
Foundries may win over customers with its unconventional pricing model. The Linux distribution costs $2,500 per month or $25,000 per year, while the Zephyr software costs $1,000 per month or $10,000 per year regardless of the number of devices. That seems like a bargain for companies shipping many thousands or millions of a single product. And when customers cancel a subscription, they can keep using the software. They just have to maintain it themselves.