The Linux Foundation Issues Press Release On ELISA Project Momentum

By Announcement

The Linux Foundation issued a press release on ELISA Project Momentum today.

The announcement highlights new member support, community growth and engagement, and upcoming events to learn more about ELISA’s work in advancing open source in safety-critical systems.

Community members can learn more about ELISA during the Linux Foundation’s Open Source Summit North America where Kate Stewart, is set to give a keynote speech, “Keynote: Open Source in Safety Critical Applications: The End Game.” For the first time, this event will also include an Open Source Dependability track.

The ELISA technical community is open to all to participate.

Learn more about becoming a member of ELISA.

Lyon Safety Summit Session Slides Now Available

By Announcement

We had a successful and well-attended Open Source Software in Safety-Critical Systems Summit on October 31, 2019 in Lyon. Here is the list of sessions, abstracts, speakers, and their presentation slides (linked from the session titles). 

9:00 – 9:30 Speaker: Lars Kurth
The Road to Safety Certification: How the Xen Project is Making Progress

Abstract: Safety certification is an essential requirement for software that will be used in highly regulated industries. The Xen Project, a stable and secure hypervisor that is used in many different markets, has been exploring the feasibility of building safety-certified products on Xen for the last year, looking at key aspects of its code base and development practices.

In this session, we will lay out the motivation and challenges of making safety certification achievable with open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes, and community challenges. Safety certification for commercial software based on an open-source hypervisor is an exciting and challenging goal.

9:30 – 10:00 Speaker: Anas Nashif
Introduction on Zephyr

Abstract: Open-source software development and how open-source projects are run is often seen as incompatible with functional safety requirements and established processes and standards. Open-source has been used on a regular basis in applications with safety requirements however in most cases the open-source software is forked and developed behind closed doors to comply with safety standards and processes and using existing infrastructure and tools not common or not available in public and in open-source.

This talk will show how the Zephyr project is moving to a new development model and methodology that uses existing and public tools to address many of the requirements and foundations that would help with using Zephyr in applications with functional safety requirements.

10:00 – 10:30 Speaker: Aymeric Rateau
Introduction on ELISA

Abstract: Aymeric will depict the background and challenges of using Linux for safety critical embedded applications : cultural clash of OSS community vs. classical waterfall development, many difficult to access and understand standard specifications, custom and expensive developments, etc.

On this basis, Aymeric will introduce ELISA’s current status, direction and goals. 

11:00-11:30 Speaker: John MacGregor
Walk Before We Run? Nope, Let’s Get Our Heads Up First

Abstract: There is quite a buzz at the moment about safety-certifying open-source software. The initial discussions have centered around which standards to use and which domains/industries/applications should be certified first.  Some of the proposals were for extremely complex state-of-the-art domain applications which have, as yet, not even reached the stage of commercialization.  A pretty common aspect of most of these discussions focus on the end state of the certification approaches and ignore the question of “how do we get there”.  Borrowing from a tired old metaphor, sometimes it’s like we’re talking about climbing Mount Everest when we haven’t even learned to walk.

It’s not like we’re starting from scratch, however.  There are time-honoured principles for going about certifying new products.  Some open source projects have already learned some lessons from their certification efforts while other projects have some good insights about how they want to approach certifying their open source software.  There are possibilities to cooperate and learn from each other.

This talk will present the basic issues facing a project that wants to start a safety-certification initiative and some of the options that they have.  It focuses on incremental and evolutionary approaches that minimize the risk that the initiative will fail.

11:30-12:00 Speaker: Naoto YAMAGUCHI
Functional safety and Quality Management issues in AGL Instrument Cluster Expert Group

Abstract:  AGL Instrument Cluster Expert Group want to create a base platform for Cluster.  There are different system requirements between IVI and Cluster.  Instead of a system based on  the conventional IVI system, it is necessary to consider a new system suitable for Instrument Cluster.

Functional safety and Quality Management is one of the important issues.  Instrument Cluster requires higher quality management than the IVI system.

We want to solve this issue by collaboration with the ELISA project.  In this presentation we share to ELISA members “what we aim” and “our architecture”.

13:30-14:15  Speaker: Chris Temple
SW Safety Elements out of Context – Understanding the Not Understandable

Abstract: The safety element out of context (SEooC) is popular amongst SW developers seeking to develop SW for safety critical systems. The ISO 26262 standard defines a SEooC as a “safety-related element which is not developed in the context of a specific item”. A safety-related SW element is a SW component or SW unit “that has the potential to contribute to the violation of or achievement of a top-level safety requirement”.

According to the Oxford dictionary “context” is “the circumstance that forms the setting for a statement in terms of which it can be fully understood”, and “out of context” as “not fully understandable”.

This presentation looks at the role of context, the implications of developing SW out of context and what this implies when SW is put into context later on by means of an example. It concludes by musing on whether something that is “not fully understandable” can be safe.

14:15-15:15 Speaker: Shaun Mooney
STPA: Developing safety and security requirements of complex systems and STPA Documentation Tooling

Abstract: Systems are becoming increasingly complicated, and current safety techniques which focus on failure rates of individual components are ineffective to handle such complexity. With systems like Linux, it is vital to have a proper tool to derive requirements from which we can build safe software. If the requirements are inadequate, then the software can pass every test while still having fatal flaws. STPA (Systems Theoretic Process Analysis) is a top down, systems approach to safety and security, which allows us to analyse complex systems, identify safety and security issues, and develop requirements.The first part of the talk will give an overview of why we need to incorporate safety and security at a system design level, explain the concepts of STPA, show how to manage complexity using an example of an Autonomous Vehicle and show real world examples of how to develop safety and security requirements.

Codethink have released an open-source tool for documenting STPA, which is hosted on flathub: The tool facilitates the storage of analysis data and automates the production of analysis documentation. It handles all of the analysis data in a tree structure, automatically managing reference numbers for all items, and data items can be linked and cross-referenced in the structure. Having the tool manage all cross referencing and numbering reduces a lot of effort. Everything is saved in plain text, which means the analysis data can be version-controlled easily. The second part of the talk will give a summary of why better tools are needed for STPA, and explain what the tool does with a live demo. The talk will conclude by pointing out improvements that can be made, next steps, and how the community can get involved in the open source project.

Open Source Software in Safety-Critical Systems Summit

By Announcement

We’re excited to announce Open Source Software in Safety-Critical Systems Summit will be happening on October 31, 2019 in Lyon, France.

Registration is open be sure to add this conference as a co-located event when you register for Open Source Summit Europe.
Call for Proposals (CFP) is open now till September 7th if you’re interested in presenting.

This conference is the second summit in the area of open-source software and safety-critical systems, being a further evolution of last year’s Linux in Safety-Critical Systems Summit. In addition to Linux, this year we would like to include presentations from activities and experts around other open-source projects that aim towards use in safety-critical systems. 

The summit will take place alongside Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France. It is scheduled the day after the main conference, Thursday, October 31st, 2019, from 8:00 to 17:00 at the conference venue. If you are planning to attend Open Source Summit + Embedded Linux Conference Europe 2019 in Lyon, France, please extend your travel by one day to be in Lyon on Thursday, 31st to join others in-person to present ideas and discuss how to achieve safety of current and future systems that use open-source software.

Please help us promote/share the conference and the CFP with your networks.

We look forward to seeing you in Lyon!

Three Google Summer of Code students accepted to contribute to Linux kernel verification

By Announcement

The project proposals of three Google Summer of Code students contributing to Linux kernel verification have been accepted. The three students, Isaac Avram (Izzy) , Mark Balantzyan, and Himanshu Jha have proposed the following topics:

  1. Isaac Avram (Izzy) : Extending Coccinelle with Complex Types
  2. Mark Balantzyan: Analysing Race Conditions in the Linux Kernel
  3. Himanshu Jha: Applying Clang Thread Safety Analyser to Linux Kernel

They will be mentored by Julia Lawall, Alexey Khoroshilov and Lukas Bulwahn, respectively. These three Google Summer of Code projects are governed under the umbrella of the Linux Foundation and the projects are contributing to generally relevant activities for the ELISA Project.

More specifically, one of the building blocks to the safety compliance argumentation in the ELISA Project is the research, investigation, experimentation, use and establishment of verification measures and tools in the Linux kernel development. The ELISA Project embraces the activities in these projects and is looking forward to the projects’ results and the inclusion of new members to the verification activities around the Linux kernel development through the Google Summer of Code student program.

The ELISA Project Participates in Google Summer of Code

By Announcement

The ELISA Project is looking for interested students to contribute to the activities to enable the use of the Linux kernel in safety-critical systems in the Google Summer of Code student mentorship program. The Google Summer of Code program is similar to a paid-internship, via Google and the Linux Foundation, that provides students funding, mentoring by experts, and resources. The Linux Foundation has participated in this summer program for several years as a mentor organization.

Launched last month, the ELISA Project’s mission is to define and maintain a common set of tools and processes that can help companies demonstrate that a Linux-based system meets the necessary safety requirements for certification.

This overall mission requires some work with profound expertise in functional safety. However, students do not need to have this expertise in functional safety to work the Google Summer of Code project proposals.

The students’ contributions are focused on software development projects related to the Linux kernel and dedicated tools that are used in the processes around the Linux kernel development. Students must have some solid programming experience with one of the programming languages in the various projects, i.e., C, python or OCaml.

The students’ contributions to kernel analysis and tools will generate valuable, diverse and objective insights to the kernel development, which will then serve as a general basis for functional safety software experts to put together the arguments for the intended safety case.

On the one hand, some project proposals are new software development projects that currently only exist as project ideas with first feasibility studies. In this case, the students are deeply involved in the initial project-forming design decisions through the discussions with their mentors and take care of all aspects of a typical software development project, e.g., feature definition, design, implementation, testing and quality assurance.

In other cases, project proposals are additions and extensions to pre-existing open-source software projects around the Linux kernel development and process analysis. In this case, the students need to understand the design of the existing projects and improve the projects’ design and functionality to be suitable for some investigation tasks in the ELISA Project.

Students will have the chance to participate in the newly formed group of collaborators in the technical workgroups of the ELISA Project and are mentored by the main developers of the pre-existing tools.

Selected successful Google Summer of Code students will have the chance to participate in the workshops planned in the ELISA Project and can present their work to an international audience on the satellite events to renowned Linux conferences.

Interested students can reach out to their potential mentors now to use the time to discuss and work out a technical solid and credible project proposal and project plan to implement the tasks at hand. The deadline for providing the final project proposals on the official Google Summer of Code Project page is on April 9, 2019.

For more information or to submit a project proposal, visit:

The Linux Foundation Launches ELISA Project Enabling Linux In Safety-Critical Systems

By Announcement

Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota join ELISA project to advance open source functional safety across transportation, manufacturing, healthcare, and energy industries

SAN FRANCISCO, February 21, 2019 – The Linux Foundation today launched the Enabling Linux in Safety Applications (ELISA) open source project to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage or environmental damage. Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

To be trusted, safety-critical systems must meet functional safety objectives for the overall safety of the system, including how it responds to actions such as user errors, hardware failures and environmental changes. Companies must demonstrate that their software meets strict demands for reliability, quality assurance, risk management, development process, and documentation. Because there is no clear method for certifying Linux, it can be difficult for a company to demonstrate that their Linux-based system meets these safety objectives.

“All major industries, including energy, medical and automotive, want to use Linux for safety-critical applications because it can enable them to bring products to market faster and reduce the risk of critical design errors. The challenge has been the lack of the clear documentation and tools needed to demonstrate that a Linux-based system meets the necessary safety requirements for certification,” said Kate Stewart, Senior Director of Strategic Programs at The Linux Foundation. “Past attempts at solving this have lacked the critical mass needed to establish a widely discussed and accepted methodology, but with the formation of ELISA, we will be able to leverage the infrastructure and support of the broader Linux Foundation community that is needed to make this initiative successful.”

ELISA will work with certification authorities and standardization bodies in multiple industries to establish how Linux can be used as a component in safety-critical systems. The project will also define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification.

Additional project goals include:

  • Develop reference documentation and use cases.
  • Educate the open source community on safety engineering best practices and educate the safety community on open source concepts.
  • Enable continuous feedback with the open source community to improve processes, and to automate quality assessment and assurance.
  • Support members with incident and hazard monitoring of critical components relevant to their systems and establish best practices for member response teams.

For more information about ELISA, visit

Industry Support for ELISA

“The safe and effective performance of safety-related software is essential as we increasingly rely on programmable devices in our homes, workplaces and communities at-large. UL looks forward to the launch of ELISA and the opportunity it presents to more rapidly assess and validate – with confidence – the Linux component of safety systems.”
– Tom Blewitt, VP & CTO, UL

“The Open Source Automation Development Lab (OSADL) was founded more than 13 years ago to advance the use of GNU/Linux in industrial products by addressing the need for real-time capabilities and safety certification. Shortly after, we here at OSADL created the OSADL Safety  Critical Linux Working Group for functional safety, which culminated in the SIL2LinuxMP project that laid some groundwork for using GNU/Linux in safety-related systems. We subsequently added legal support and many other services that are needed to successfully use Open Source software in industry to our portfolio. We still continue to foster real-time Linux, among other, as a Gold member of the Linux Foundation’s Real-Time Linux project, and we are proud to see some of the efforts of the SIL2LinuxMP project continued at a larger scale in the ELISA project.”
– Dr. Carsten Emde, General Manager, OSADL

“At Automotive Grade Linux, we are working closely with the Real-Time Linux project and the ELISA project in order to achieve functional safety certifications for automotive applications such as our instrument cluster, heads-up-display and ADAS solutions. By working closely with ELISA, this will help us provide automotive manufacturers with all of the testing artifacts and documentation they need to achieve safety certification for their AGL-based systems.”
– Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation

“Civil Infrastructure Platform (CIP) Project is committed to improving implementation of Linux-based civil infrastructure systems through industrial grade software and a universal operating system that is maintained for more than ten years. We work closely with several open source project such as Real-Time Linux, Linux Kernel LTS and KernelCI to achieve Long Term Support (LTS) and safety and security certifications. We support the ELISA Project and its efforts to build and certify Linux-based safety-critical applications on a broader scale.”
– Urs Gleim, Governing Board Chair of the Civil Infrastructure Platform, hosted at the Linux Foundation

ELISA Founding Members
Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

“Safety and trust are the highest priorities for the automotive industry as vehicles become more autonomous and Arm’s Automotive Enhanced technologies are at the heart of systems powering these vehicles. The work the Linux Foundation is undertaking with the ELISA project complements Arm’s functional safety leadership and continued commitment to software enablement.”
– Lakshmi Mandyam, VP automotive, Automotive and IoT Line of Business, Arm

“KUKA is looking forward to working with other Linux experts in order to define a series of methods and processes, with the goal of certifying Linux-based safety-critical systems.”
– David Fuller, CTO, KUKA AG

“We are happy to see that the SIL2Linux work will continue and advance with the launch of ELISA and provide a clear focus for the use of Linux in safety critical applications. ELISA will help to establish Linux in the industrial control world deeper than ever before.”
– Heinz Egger, CEO, Linutronix

“Open source software has become a significant part of our technology strategy, and we want to help make it easier to use Linux-based applications. Toyota believes the ELISA project will support CASE use cases in an innovative way for the automotive industry.”
– Mr. Masato Hashimoto, General Manager of E/E Architecture Development Div., Advanced R&D and Engineering Company, Toyota

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: Linux is a registered trademark of Linus Torvalds.

Media Inquiries
Emily Olin
The Linux Foundation