The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.
For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.
Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.
This week we highlight two talks from the Safety Critical Summit session:
As safety-critical systems grow ever more complex, the traditional deterministic mindset that has long guided safety engineering is reaching its limits. In their Open Source Summit Europe 2025 talk, “Shifting Safety Techniques to a Statistical World,” Imanol Allende (Codethink) and Nicholas Mc Guire (OpenTech) challenge conventional assumptions about how we design and assure safety in modern systems.
Today’s high-performance, interconnected platforms from autonomous vehicles to adaptive software systems exhibit inherent non-determinism. Their behavior cannot always be broken down and analyzed piece by piece, as Descartes’ reductionist approach once suggested. Instead, these systems display emergent properties that arise from complex interactions, requiring a more holistic lens.
Imanol and Nicholas argue that the next evolution in safety engineering lies in statistical system analysis. Approaches such as Probabilistic Worst Case Execution Time (pWCET) and Statistical Path Coverage offer promising ways to quantify and manage uncertainty in highly dynamic environments. These methods shift assurance from absolute determinism toward probabilistic confidence, reflecting the true behavior of modern computing platforms.
The talk outlines both the limitations of traditional safety techniques and the opportunities of statistical methods, emphasizing what will be needed methodologically, technically, and culturally for such approaches to gain acceptance within the functional safety domain.
In conclusion, this session invites the safety community to embrace uncertainty not as a flaw, but as a measurable feature of complex systems and to evolve its tools and thinking accordingly.
Engineering Trust: Formulating Continuous Compliance for Open Source – Paul Albertella & Kaspar Matas, Codethink
In this session, “Engineering Trust: Formulating Continuous Compliance for Open Source,” Paul Albertella and Kaspar Matas (Codethink) argue that software requirements, as commonly practiced, are broken. High-level requirements often collapse into feature wish lists; low-level requirements drift into after-the-fact narratives. Formal process models tend to treat the dynamism of FOSS as a defect—yet that very fluidity is a core strength and the result is that project intent and expectations get lost in the noise.
Enter the Eclipse Trustable Software Framework (TSF): a lightweight, continuous compliance framework built by and for open source. TSF lets projects organize and evidence their own objectives not only those imposed by standards while remaining workflow-agnostic and requiring only git. By managing objectives, reasoning, and artifacts alongside code, TSF closes the gap between paper processes and real engineering practice.
TSF’s distinctive outcome is an automated, transparent, traceable body of evidence quantified by a confidence score. That score helps teams decide where to focus next and gives consumers a concrete way to evaluate their trust in the software. Evidence can reference code, tests, results, and validators; hashes and links keep the graph consistent as projects evolve and CI runs.
The talk walks through TSF’s model and usage, then shows how its statements, evidence, and objectives can be mapped to functional safety standards (e.g., IEC 61508 or ISO 26262) to support certification and ongoing assessment. The message is pragmatic: keep the agility of open source, but capture intent and proof continuously so compliance becomes a living activity, not a one-off paperwork sprint.
MISRA C and C++ in OSS: Yes, We Can! – Roberto Bagnara, BUGSENG / University of Parma
In his presentation, “MISRA C and C++ in OSS: Yes, We Can!”, Roberto Bagnara (BUGSENG / University of Parma) challenged a long-standing assumption: that safety- and security-critical software written in C or C++ is fundamentally incompatible with open source development.
C and C++ have powered decades of system software efficient, portable, and close to the hardware but their origins in the 1970s also carry forward deep weaknesses. Undefined and unspecified behaviors, lack of runtime checks, and a “trust the programmer” philosophy make them risky foundations for modern critical systems. When open source software becomes part of automotive, aerospace, or industrial platforms, these risks demand a structured mitigation and that’s where MISRA C and MISRA C++ come in.
MISRA defines safe subsets of C and C++, guiding developers away from dangerous constructs and toward predictable, reviewable code. These rules are not about finding bugs, but about preventing entire classes of failures by design. Mandatory rules prevent undefined behavior; advisory rules promote clarity and verifiability. Importantly, deviations are allowed if they are justified, documented, and demonstrably safe.
Roberto highlighted real-world experience applying MISRA to major open source projects such as Xen, Zephyr, and Trusted Firmware, where compliance was achieved through a combination of training, tailoring, and tooling the “three T’s.” His team’s static analysis tool ECLAIR integrates MISRA checking into continuous integration, helping projects track compliance as they evolve.
The results are encouraging: projects once reporting millions of rule violations now maintain near-complete compliance, with violations justified or eliminated and regressions automatically detected.
The key insight: safety and openness are not mutually exclusive. With collaboration, tailored guidelines, and the right tools, even complex open source ecosystems can move toward MISRA-aligned development building a foundation of trustable, verifiable software for the systems that matter most.
What’s Next?
Together, these perspectives point to a pragmatic future: combine statistical assurance, continuous evidence, and disciplined coding subsets to make safety an ongoing, collaborative property of open source.
If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.