The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.
For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.
Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.
This week we highlight two talks from the Safety Critical Summit session:
Looking at Linux as a SEooC – Kate Stewart, The Linux Foundation; Nicole Pappler, AlektoMetis & Chuck Wolber, The Boeing Company
Linux is increasingly deployed in safety-critical systems as a Safety Element out of Context (SEooC), yet its scale and rapid evolution, thousands of contributors and near-continuous upstream change pose unique assurance challenges. This talk explains what SEooC means in practice, why it should be understood as a “safety element with assumed context,” and the implications for integrators: a SEooC is not plug-and-play. System developers remain responsible for confirming compatibility, reviewing the safety manual and assumptions of use, ensuring traceability to their own requirements, configuring the element correctly, and validating it within their specific hazard and timing constraints. We frame the work through design assurance hazard identification, design mitigation via requirements-based engineering, and implementation assurance highlighting current gaps between kernel behavior and requirements-derived tests.
The session outlines community efforts to close those gaps: defining low-level Linux kernel requirements with maintainer sign-off; advancing coverage (statement, decision, MC/DC) using LLVM-based kernel coverage and object-code mapping; and packaging evidence with an SPDX functional-safety profile. Speakers also address non-determinism (focusing on deterministic outcomes, minimal configurations) and introduce knaf for call-tree analysis from specific entry points.
Overall, these efforts show how scaling requirements, testing, and coverage within open collaboration can yield reusable evidence, strengthen kernel reliability, and align with a substantial portion of DO-178C DAL A objectives across industries.
Identifying Safety Weaknesses and Fault Propagation in the Linux Kernel – Igor Stoppa, NVIDIA
With growing interest in using Linux in safety-critical domains such as automotive, traditional functional safety practices need to be applied to an open source environment. One such practice is fault injection, where failures are deliberately introduced to study how the system reacts.
This talk by Igor Stoppa, NVIDIA, introduced a tool and methodology for injecting controlled faults into Linux kernel data structures. The goal is to uncover subtle forms of degradation that may not trigger a crash but can compromise safety goals, such as delayed system responses. By running repeatable experiments, the approach makes it possible to check whether safety mechanisms detect and report problems consistently and within required timing constraints.
The work highlights both the challenges of applying safety analysis to a large, fast-moving project like the Linux kernel and the opportunities to integrate such testing into the regular release process. Over time, this could provide valuable data on fault propagation, improve kernel reliability, and strengthen Linux’s role in safety-critical applications.
What’s Next?
The Safety-Critical Software track at Open Source Summit Europe 2025 highlighted the important progress being made toward making Linux a reliable choice in regulated and safety-sensitive domains. From exploring Linux as a Safety Element out of Context to fault injection techniques that expose hidden weaknesses, these discussions show how the community is tackling complex challenges with rigor and collaboration.
To learn more, be sure to check our upcoming blogs where we will cover more sessions from the track. If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.