The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.
For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.
Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.
This week we highlight two talks from the Safety Critical Summit session:
BASIL – What’s New, What’s Next – Luigi Pellecchia, Red Hat
At the Open Source Summit Amsterdam, during the Safety-Critical track, Luigi Pellecchia, Principal Software Quality Engineer at Red Hat and member of the ELISA Technical Steering Committee, presented the session “BASIL – What’s New, What’s Next.” BASIL is an open source tool designed to build and maintain requirements traceability for safety-critical systems in a collaborative environment. It helps engineers link requirements, test specifications, test cases, justifications, and documents into a unified traceability matrix. The tool features a web interface, a REST API for automation, and supports test execution through both built-in and external infrastructures. It also tracks all changes, manages users with fine-grained permissions, and exports full SPDX-based design SBOMs, ensuring complete traceability from design to verification.
Recent developments in BASIL include support for SPDX traceability export, import of requirements in multiple formats (CSV, JSON, YAML, StrictDoc, SPDX), and the ability to scan and import test repositories using TMT (Test Management Tool). The system now offers enhanced user management, allowing admins to clone permission sets, configure email servers for password resets, and simplify collaboration on shared components. New integrations include LAVA, enabling users to list, map, and trigger test runs from external infrastructures like GitLab CI, GitHub Actions, KernelCI, and Testing Farm. BASIL also introduces AI-assisted authoring, where large language models help draft test specifications and cases directly from selected document sections. Additional improvements include re-enabled end-to-end and API testing, broader browser compatibility, and better usability in shared environments.
In his demo, Luigi showcased how BASIL lets users select a reference document, break it into sections, and map traceable items on top. The system visualizes coverage and gaps, links tests to requirements, and executes or imports test results seamlessly. It can generate a design SBOM capturing the full traceability structure useful for ISO 26262 and similar compliance audits.
Looking ahead, the roadmap includes hierarchical document mapping, multi-reference document support, and baseline snapshots for point-in-time reviews. The team plans to migrate to PostgreSQL for scalability, improve file and folder management, enhance LAVA plugin templates, and align with the SPDX Safety Profile 3.1 specification. A PDF export option for assessors is also under consideration.
BASIL continues to evolve as a cornerstone in open source safety-critical development bringing together transparency, automation, and compliance readiness.
From Chaos to Control: Overcoming C and C++’s Inherent Unsafety – Assaf Tzur-El, Simple. Technology
In this talk, Assaf Tzur-El argues that the languages’ twin hazards are unsafety (buffer overflows, lifetime misuse, races) and unpredictability (undefined/unspecified/implementation-defined behavior). A “simple” line can become a CVE; a runtime divide-by-zero may legally do anything; evaluation order of f(a(), b(), c()) can change between calls; even fundamentals like sizeof(long) and char signedness vary. Calls to “just use Rust” collide with reality: massive legacy codebases, entrenched toolchains, domain constraints (real-time, performance, low-level access), and developer expertise mean wholesale migration isn’t practical.
The pragmatic path is discipline + enforcement. Discipline comes from structured guidelines MISRA C / MISRA C++ which codify dos and don’ts across categories (mandatory/required/advisory), with ~80% decidable by tools. Enforcement comes from wiring those rules into your pipeline: static analysis (e.g., clang-tidy/Sonar/Klocwork), -Wall -Werror, and CI gating.
Assaf illustrates how MISRA’s seemingly vague rules (e.g., “switch shall be appropriately structured”) unpack into precise checks (always have default), and how apparent collisions (e.g., “no unreachable code”) resolve once you read the rationale. Around that core, adopt defensive programming (“trust no input”), Secure-by-Design practices, and standards awareness (ISO 26262 et al.) to make failures rarer and more predictable when they do happen.
What’s Next?
The Safety-Critical track showed how open source is moving from complexity to control. BASIL is helping teams build clear, verifiable links between requirements, tests, and results bringing real traceability to safety-critical development. At the same time, Assaf Tzur-El reminded us that while C and C++ aren’t going away, we can make them safer through guidelines like MISRA, static analysis, and a defensive coding mindset.
Together, these talks highlight a shared goal: making open source software more reliable and trustworthy for safety-critical use. Stay tuned for more session highlights, and consider joining ELISA working groups to help advance safe, open software for all.