Why you may want to put a SWHID in your next car

In the world of high-stakes automotive engineering, road safety is increasingly a software problem. For Wendi Urribarri, Process and Safety Engineer at Woven by Toyota, the solution lies in the cryptographic DNA of the car’s codebase.
She argues that the SoftWare Hash Identifier (SWHID) could become a critical safety feature: by providing an immutable, verifiable fingerprint for every component in a vehicle’s massive software stack, SWHIDs ensure that the code running on the road is exactly what was vetted in the lab.

Urribarri works on software safety, cybersecurity, tool qualification, and process definition for critical systems, where long-term availability, traceability, and provenance of software artifacts are recurring challenges. 

For years, Urribarri has operated on the conviction that source code requires a permanent, immutable home. That theory turned into a practical roadmap during an ELISA (Enabling Linux in Safety Applications) session led by Agustin Benito Bethencourt and Software Heritage CTO Thomas Aynaud. The presentation bridged the gap between abstract archiving and the brutal realities of the automotive lifecycle, positioning the SWHID as the missing link for traceability, reproducibility, and the long-term survival of the software artifacts that modern vehicles depend on. The Software Hash Identifier, a cryptographically strong tech, ensures the integrity and persistence of software artifacts. In the declaration section of an SBOM, the SWHID can replace unstable metadata such as package names and version numbers. 

Urribarri operates at the intersection of open-source maintenance and high-stakes systems architecture, moving between communities like LLVM, ELISA, and Eclipse SDV. It’s a space where the free-wheeling nature of open-source contributors must align with the rigid demands of engineers working on safety-critical automotive and regulated embedded environments.

This friction led her to launch a working group within the LLVM community dedicated to building confidence in compilers and toolchains for use in safety-critical contexts like ISO 26262. As the facilitator of the LLVM Qualification Working Group, she now coordinates efforts in the LLVM community to enable the use of LLVM’s community-driven code in safety-critical applications like automotive.

The LLVM Qualification Working Group works on documentation, traceability, qualification strategies, and community coordination. And as life’s best surprises often come when you least expect them, this working group results from an encouraging and quite startling – at least, for Urribarri – feedback from the open-source community. In the specialized world of functional safety, an area often sidelined as overly restrictive, Urribarri did not anticipate her talk at AsiaLLVM 2025 to resonate as much as it did. The positive reception and the depth of follow-up discussions showed her that many contributors and users of open-source infrastructure are actively seeking ways to make their software more trustworthy, reusable, and suitable for long-term use, including in regulated and safety-critical contexts.

In the ELISA project, she also actively contributes to the Lighthouse OSS Special Interest Group, which aims to identify, document, and assess open source development best practices related to quality, safety, and security, with a strong emphasis on evidence and transparency.

As an ambassador, Urribarri will focus on three key goals: normalizing the conversation around safety and security in open source, aligning community-driven development with the rigid demands of regulation, and championing lightweight, pragmatic workflows that satisfy industrial standards without stifling open-source innovation.

Urribarri strongly believes SWHID serves as a neutral, technical foundation that helps bridge the gap between teams prioritizing compliance and standards and those focused on rapid development and delivery. Thanks to her active and growing involvement in open-source communities, she is fully aware that promoting SWHID isn’t merely operational: it’s tied to evolving software development practices. The increasing use of artificial intelligence is accelerating software development cycles, making them shorter and more frequent. In this context, maintaining rigorous control over every stage of the process presents a challenge. But she also knows that open-source communities are now deeply receptive to conversations about responsibility, preservation, and long-term impact, values that strongly align with the mission of Software Heritage.

Software Heritage Ambassadors are volunteers who offer expert advice in various sectors and languages on how to use our services. Here’s more information on how to book one for a free consultation.

If you’d like to connect with Wendi Urribarri, you’ll find contact information on her Ambassador profile.

We’re also seeking passionate individuals and organizations to volunteer as ambassadors and help grow the Software Heritage community. If you’re interested in becoming an Ambassador, please share a bit about yourself and your connection to the Software Heritage mission.