I would like to refer to the presentation of Theo Jacobs of Fraunhofer IPA on “SAFETY REQUIREMENTS AND STANDARDISATION FOR ROBOTS: SOFTWARE DO’S AND DON’T” held at ROS-I Conference 2016 in Stuttgart, Germany:
–> on slide 9 onwards ("Safe software: Boundaries of the safety-related control system) you can see different the levels of the control system with a OS and middleware level as part of the "sand box" protected safety-related part and an underlying safety-related part.
–> on slide 13, Theo lists "Possible conflicts between open source software and requirements for safe software" where he concludes: Possibly only works for
-
Self-contained modules maintained by a small group of programmers
-
Verified software versions with change-on-your-own-risk policies
Again, Theo’s presentation is from 2016 – software evolves quickly, and ROS2 and/or other developments might change the conclusions there.
I hope this can answer at least some of your concerns