The current stage of space exploration has brought with it an increase in the complexity of systems deployed, in the number of players involved, and in the need for autonomy. This video describes two efforts taking place at NASA to help on that front. One the one hand, the use of runtime monitoring with Ogma and Copilot makes it possible to assure applications that are otherwise too costly to verify formally or test fully.
On the other hand, the use of Kaiaulu to process information about version control systems and issue trackers facilitates providing evidence of compliance with software engineering requirements, and to minimize deviations from the software plans. We believe that, together, they can enable more complex autonomous systems in space applications and shorten the time to that it takes systems to be put in production.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.
This blog originally ran on the Linux Foundation EU Newsroom. For more content like this, click here.
Linux Foundation Europe proudly hosted its first annual Member Summit! This milestone event marked its inaugural year, bringing together LF Europe participants for an unforgettable gathering. The summit served as a groundbreaking platform for fostering collaboration, open innovation, and strategic partnerships among individuals and organizations in the private and public sectors. All participants worked collectively to advance digital transformation through the lens of open collaboration. This blog recaps the key moments and must-see sessions from the 2023 Member Summit.
The event commenced with an insightful keynote address by Gabriele Columbro, General Manager of Linux Foundation Europe and Executive Director of FINOS. He provided a comprehensive overview of LF Europe’s current state and future prospects, setting the stage for what is to come.
Luka Mustafa, Founder and CEO of IRNAS Institute for Development of Advanced Applied Systems, delved into the vital issue of wildlife protection. He explained how open source technology, particularly Zephyr RTOS, plays a crucial role in creating OpenCollar animal trackers and sensors. These innovative devices are designed to combat poaching and protect endangered species.
A panel discussion featuring Rimma Perelmuter (VP of Strategic Growth of FINOS & Linux Foundation Europe), Mark Lane (Head of Software Engineering Centre of Excellence, Lloyds Banking Group), Lucian Balea (Deputy Director of R&D and Open Source Director, RTE), Philippe Ensarguet (VP of Software Engineering, Orange) and Philipp Ahmann (Product Manager, Bosch) delved into the role of open source collaboration in driving digital transformation across various industries. They discussed how open source initiatives can address common challenges and foster industrial growth and sustainability in Europe and beyond.
Representatives from various projects, including Sylva, OpenNebula, LF Energy, OpenWallet Foundation (OWF), Agstack, Servo, and RISE, provided updates on their respective initiatives. These projects spanned a wide range of fields, from telecommunications to energy systems, agriculture, and web rendering engines, highlighting the diverse impact of open source technologies.
The LF Formation Team and Mirko Boehm (Senior Director, Community Development, Linux Foundation Europe) explored options for project setup and the advantages of hosting projects within Linux Foundation Europe.
Hilary Carter (SVP, Research and Communications, Linux Foundation) discussed two Europe-focused research reports,, highlighting their significance to Europe in terms of sustainability, contribution, and security.
Hilary Carter and Mirko Boehm shared key outcomes from Open Source Congress which took place in Geneva in July. The talk described the origins of the gathering, the issues on the agenda, and the current state of global collaboration across open source organizations.
Mirko Boehm followed with an update on European Union (EU) policies impacting open source and the technology industry. This session shed light on the evolving regulatory landscape and its implications for the open source community.
Robert Reeves (VP of Strategic Partnerships, Linux Foundation) emphasized the importance of strategic partnerships in advancing the goals of the Linux Foundation, and encouraged prospective partners to join us in supporting our mission.
A lively panel discussion tackled the significance of open source AI, its benefits, risks, and role in EU policy. The discussion was led by industry players and policymakers Justin Colannino (Director, Developer Policy and Counsel GitHub), Astor Nummelin Carlberg (Executive Director, OpenForum Europe), Ibrahim Haddad (Executive Director, LF AI & Data and PyTorch Foundation), Sachiko Muto (Chairman, Senior Researcher, OpenForum Europe, RI.SE), and Stefano Mafulli (Executive Director, Open Source Initiative)
The event concluded with Gabriele Columbro providing insights into the future of Linux Foundation Europe, setting the stage for further innovation and collaboration.
https://youtu.be/vjUSkbbCmss?feature=shared
Attendee Reception
LF Europe members were treated to an exclusive reception at the Guggenheim Museum Bilbao, featuring a special celebration for the Linux Foundation Europe’s 1st anniversary. The event included a cake-cutting ceremony, a sumptuous array of foods and drinks, and an opportunity for attendees to explore the museum’s exhibits.
The Linux Foundation Europe Member Summit 2023 was an informative and inspiring event that brought together leaders, innovators, and enthusiasts from the open source community. It highlighted the pivotal role of open collaboration in driving digital transformation and sustainability across various industries in Europe and beyond. We thank all who joined us, and look forward to reconvening again in the future.
For information about becoming a member of LF Europe, please get in touch with us at info@linuxfoundation.eu.
There is a lot of misunderstanding about how the Linux kernel deals with security vulnerabilities. Greg Kroah-Hartman, Kernel Maintainer & Fellow at the Linux Foundation, presented a complimentary Mentorship Session exploring Demystifying the Linux Kernel Security Process on October 3. Watch the video below, which will go into how the Linux kernel security team works, how changes are propagated out to the public, and how users must take advantage of these changes in order to have a secure system.
Check out other upcoming webinars in the LF Live Mentorship Series here.
When Norbert De Langen inherited the maintainership of Storybook.js, he thought the best approach was to actively design himself out of his role. This would mean bringing in as many good contributors as possible. So he undertook heroic measures. De Langen sent a meeting scheduling link requesting to speak in person to anyone who emailed him with a suggestion or question about the project code. De Langen met with over 200 people using this method during the project’s first year. He estimates that nearly 20% of those he met with later became repeat contributors to Storybook, including many core contributors. With this effort, De Langen boosted his contributor pool and significantly reduced his coding burdens, making his maintainership more manageable.
A broad representation of open source
Open source software (OSS) provides the foundation for much of our global technology infrastructure, from operating systems to databases to developer tools. While the whole world benefits from using OSS, a relatively small number of developers are responsible for maintaining the code and nurturing the projects that are linchpins for the complex and critical open source ecosystem.
De Langen’s story is just one of the numerous smart tactics we learned in interviewing 32 “Super Maintainers” — people working on critical projects as identified by the Linux Foundation’s surveys of the broad open source software ecosystem. The projects in question ranged from databases like PostgreSQL to frameworks like JavaScript and Storybook to lower-level languages like Julia and Rust to ML infrastructure like PyTorch. The maintainers came from a wide variety of backgrounds.
Most maintainers interviewed work full-time maintaining OSS projects, often as an explicit part of their job at a company that relies on the project. Maintainers tend to start as contributors, then become core contributors, and eventually, maintainers as they gain experience. Many began contributing to OSS in school or at their first job.
Maintainers derive intrinsic satisfaction from working on cutting-edge technology and being part of an open source community. As one Julia maintainer recounted, “When I first met some of the people in person in the community, I was giving everybody hugs. It was a very emotional moment because we had been so invested and committed for so many years working on things together.” Extrinsically, their OSS work helps their career by making them more attractive hires. However, most companies do not always sufficiently recognize their OSS contributions.
Summary of the learnings of super maintainers
Every interviewee for this project had their own distinct views. They generously shared their hard-won lessons and their favorite tips and tricks for what is always a challenging balancing act. Here is a quick summary of their recommendations, which are addressed in much greater detail in the full report.
Growing contributions
Image: Shuah Khan, Linux Foundation Fellow, kernel maintainer, and founder of the LFX Mentorship program, working to cultivate a new generation of open source software maintainers.
Maintainers shared best practices to cultivate communities: personal engagement, inclusive communication, diverse channels of communication, and straightforward onboarding processes. Successful projects guide newcomers by pinpointing suitable tasks. Maintainers are advised to spot and nurture potential successors. Swift triage and team handling of submissions enhance the contributor experience.
Governance and control
All interviewees agreed on the essential nature of community governance for a project’s longevity. Early incorporation of best practices like a code of conduct, promoting civility, decentralizing power, and ensuring neutral community management are vital.
Documentation
Maintainers unanimously felt the need for better documentation. Recommended best practices include elevating the importance of documentation, hiring dedicated coordinators, and streamlining the contribution process.
Funding
While only one maintainer was primarily concerned about living expenses, many expressed frustrations over the inadequate funding of critical OSS projects. Some pursued employment at supportive organizations due to this funding gap. Independently operating maintainers voiced concerns about sustaining OSS projects without major backers.
Diversity
Most maintainers found it challenging to ensure diverse participation. While some lacked clear diversity initiatives, others actively engaged in programs like Outreachy. However, the general consensus is that OSS needs significant strides in diversity.
Preventing burnout
Maintainers recommended several strategies to avoid burnout: understanding OSS is an ongoing task, balancing personal and professional lives, limiting unpaid administrative tasks, implementing automated processes, setting clear boundaries, and taking necessary breaks. The emphasis is on self-awareness and recognizing personal boundaries.
Conclusion: Building on the shoulders of Successful maintainers
The open source movement is a vibrant and dynamic ecosystem. But building successful open source projects does illuminate common patterns and anti-patterns which may not necessarily be apparent to a first-time maintainer. Every interviewee said they viewed their time maintaining as fulfilling and worthwhile and often spoke as if they were advising a younger self. By capturing some of their wisdom, we hope to package it in a digestible format and preserve it for the next generation of maintainers. The most valuable resource any maintainer can ever attain, or share is the institutional knowledge built up in their project and their experience. This will improve the next project and enable the movement to continue to thrive.
Basil is a tool developed to support Software Specification analysis, testable requirements definition and coverage. It comes with a web user interface and also a simplified view of work item relationships. As per the complexity and non uniformity of toolchains used in the automotive field, and in general to support functional safety effort, Basil will also provide a rest web api and SPDX data import/export.
As part of the ELISA Seminar series, Luigi Pellecchia, Senior Software Quality Engineer at Red Hat, introduces “Basil: an open source tool for tracing requirements, code & tests.”
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.
The Xen Projectis a static partitioning hypervisor for embedded, from aerospace to industrial and automotive. Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments?
The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the hypervisor core is critical and needs to go through the certification process.
As part of the ELISA Seminar Series, Stefano Stabellini, Fellow at AMD and Xen Hypervisor & Linux Kernel Maintainer, presented a video that describes the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will highlight the most significant improvements introduced in the last 12 months to align Xen with safety standards such as DO-178C and ISO 26262. It will go into detail on MISRA C compliance, its latest status, and the next steps to close all the outstanding MISRA C gaps. It will discuss the role of Gitlab-CI and how to keep the Xen codebase MISRA C compliant without major efforts.
The Xen community has a clear path ahead to achieve the safety certification of the hypervisor. This talk will discuss it focusing on the most impactful changes to the Xen codebase and X en community processes.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.
The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe.
These days, open source software can be found in almost every reasonably complex product running software. It runs in medical devices, robots, vehicles, and even outer space. In the underlying industry sectors, certification and safety integrity standards play an important role which at first glance seem at odds with the use of pre-existing open source software, not developed strictly in accordance with industry standards.
In this video, recent ELISA project deliverables in the field of elements, processes, and tools are highlighted. These include system theoretic process analysis, workload tracing, call-tree visualization on kernel level, and reproducible example use-cases from the field of medical devices and automotive. Their role in reducing the burden for companies to build and certify open source based safety-critical applications is shown. Additionally, an overview of upcoming ELISA activities in 2023 is provide and how cross project collaboration is established, as the ELISA work streams include interaction with e.g. the Zephyr, Xen, AGL, yocto, and SPDX community. A few statements on the overall challenges of safety-critical use cases using free open-source software will help to pick up those audience which is new to safety-critical or open source development.
Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.
Creating a critical safe or secure system generally comes down to two aspects. The system has to be able to meet the technical expectations to handle its criticality and there needs to be evidence these expectations are actually met. With today’s software systems being built by integrating various software components, more often using open source than custom proprietary solutions, it’s obvious that having complete and reliable evidence that the software is created with criticality considerations, such as safety profiles, in mind is key.
Demonstrating the technical capabilities of a system to achieve the safety and security qualities can be done by established analysis methods. However, proving that its process provides the systematic evidence that all has been implemented, tested, built and configured as required, needs evidence of traceability from requirement to tests and release. Typically this evidence is locked within proprietary tools, never 100%, needing manual tasks to prove traceability between items. With continuous changes due to security updates or continuous deploys, managing this systematic evidence gets impossible.
As part of the ELISA Project Seminar Series, Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation, and Nicole Pappler, CTO and Founder of AlectoMetis, presented a webinar titled, “Automating Adherence to Safety Profiles After Fixing Vulnerabilities.” This video will present a model using SPDX, that allows for automated checks for integrity and availability of evidence to prove the systematic capability of software consumed by critical systems. Watch the full video below.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.
The Linux Foundation hosted the Embedded Open Source Summit (EOSS), a new umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration and education, in Prague, Czech Republic, on June 27-30. More than 1,300 people registered for the conference – representing 375 organizations across 56 countries around the globe.
EOSS hosted the Safety-Critical Software Summit, which was sponsored by the ELISA Project, that gathered safety experts and open source developers to enable and advance the use of open source in safety-critical applications. As part of the Summit, Nicole Pappler, CTO and Founder of AlektoMetis, and Philipp Ahmann, Technical Business Development Manager at Robert Bosch GmbHand Chair of the ELISA Project TSC, presented a session titled, “Coding Guidelines – to Comply or Not Comply – Some Myth Busting.”
While adhering to certain coding styles is a good practice in software projects, adhering to coding guidelines for safety critical applications is still something rather exotic in open source projects. As open source projects now more and more start to address the needs of functional safety applications, considering coding guidelines preferred by existing functional safety projects seems to become necessary. The most used rules for coding guidelines in the safety critical context are MISRA rules. While applying these can be quite beneficial for most applications, there is a significant number of exceptions where blindly following these rules causes more problems than it solves.
In this video, Nicole and Philipp discuss the most common coding guidelines, best practices and arguments when following the MISRA rules conflicts with the expectations of the project. Acceptance criteria for non-compliance cases along with examples of acceptable deviations will be presented. This is not contra coding guidelines, but illustrates how coding guidelines are beneficial for a project, what to consider when designing a project’s coding guidelines and how the lessons learned by the application of MISRA rule sets can be applied to languages that are not (yet?) covered by widely accepted rule sets.
Click here for the presentation slides. Click here to view the other videos from the Safety-Critical Software Summit.
Written by Philipp Ahmann, Chair of the ELISA Project TSC and Technical Business Development Manager at Robert Bosch GmbH
In June, the ELISA Project’s core contributors and affiliates came together for three days at the Bosch IoT Campus in Berlin, Germany. We discussed recent achievements, project branding and perception, upcoming goals and next steps.
From left to right: (MBition), Gabriele Paoloni (Red Hat), (Red Hat), Olivier Charrier (Windriver), Dongni Fan (MBition), Leonard Moritz Hübner (NXP), Alex Fomichev (MBition), Christof Petig (Aptiv), Philipp Ahmann (Bosch), Kai Hudalla (Bosch Digital), Johannes Kristan (Bosch Digital), Christopher Temple (ARM), Kate Stewart (Linux Foundation) & Sven Erik Jeroschewski (Bosch Digital)
Quick recap on the three days
The workshop kicked off with a discussion about ELISA’s big picture document. The document serves as an entry point for new contributors to find their path through the ELISA deliverables and approach. It will be a living document which gets updated and enhanced when major achievements are reached. It is structured into 3 major parts and complements the project charter and mission.
The project objective
The ELISA approach (ongoing work to meet the project objective)
Using and putting ELISA results into practice
The second session focused on the creation of a pragmatic guide to best practices for open source contributors to facilitate safety analysis in the future. In this session, Kate Stewart, Vice President of Dependable Embedded Systems and and ELISA Ambassador, shared an overview of existing tools which help to make the kernel development work more discoverable, creating certain traceability, and to make analysis “more provable.” The session addressed a few next steps which the project has to look into:
Capturing current Kernel requirements
Using Linux features
Testing Frameworks
Some parts of the topics were directly addressed as part of the second day agenda. In the first session, the safety analysis approach uses a combination of risk analysis, fault injection, and a high degree of automation. Part of it is also the System Theoretic Process Analysis (STPA). This was already successfully applied within Codethink and taken forward within the Open Source Engineering Process (OSEP) Working Group. The motivation to go in this direction was also made visible and which initial work has been started.
In the following session certain limits of a traditional STPA when applied to the Linux Kernel were pointed out by Red Hat. Additional tool support may be needed which was one reason to create the ks-nav tool. The objective of this tool is to analyze the Linux kernel for safety by presenting diagrams of call trees. In this way an understanding of the interactions and dependencies among different parts of the kernel can be gained for safety analysis. To speed up the development and make the tool more visible, the ks-nav tool resides now in an own repository within the ELISA github organization.
After that, the workshop participants had a longer discussion, whether manpage derived requirements and manpage driven testing can improve the argument towards usage of Linux in safety-critical applications.
It describes a large part of the software components of Linux usage in products
It is the established format to describe and learn the software functionality provided by Linux.
It is used by a large audience.
The workshop participants agreed that there is still a lot of work to map the current kernel implementation to the existing manpages and to close the gaps between both. This will be a great contribution to the whole kernel community. Overall the ELISA project plans to take major actions in the field of Kernel documentation improvements.
In the afternoon session “targets for upstreaming to Linux kernel for the remainder of the year” the topic of upstreaming documentation within the user and admin guide of the Kernel was put into practice. The current activities of the Linux Features for Safety Critical Systems (LFSCS) WG were presented to the workshop participants. Shuah Khan (Linux Foundation Fellow) together with Elana Copperman (Mobileye, LFSCS WG lead) illustrated the different configuration parameters of the PREEMPT_RT patches which are now almost completely upstreamed. However, it turned out that the documentation of the parameter and configuration towards desired usage have large room for improvements. As many safety-critical products rely on certain real time capabilities, ELISA judges this topic as high priority and very important.
The 3rd day concentrated heavily on internal ELISA activities, project health and growth. There was a session revisiting the project messaging along with a session about review of change management workflow, and a proposed approach document to go to the working groups/TSC for approval. In another session the participants brainstormed ideas for community growth and engagement, adjacent community outreach and mutual alignment.
Although the sessions focused on internal work, especially the contributions by affiliated workshop participants representing e.g. Eclipse Software-Defined-Vehicle, ETAS, MBition and NXP added new perspectives, led to good takeaways and made the workshop a success.
Major Workshop Takeaways
During the various sessions and at the end of each day takeaways from the participants were collected and discussed. An extract of major takeaways are listed below:
Rework and structure Kernel documentation is an important element of ELISA
Strong risk of diverging, in case you write documentation by another person than the maintainer of the code.
Start identifying critical subsystems of the Linux kernel to enhance user documentation similar to “workload” and “realtime” documentation.
Identification of the “core” part of the kernel that is present in all set of config images
Looking at user APIs for the “core” parts, may be a useful focus for doing detailed analysis that others can use, and build from
Any analysis has to be tagged to specific release, as changes are happening through time.
Getting the API and subsystem analysis of key pieces upstream, combined with recommendations on testing to demonstrate the user space APIs are consistent. (Maintainer need to agree)
ELISA is not providing a safe Linux, but there are interesting tools supporting Safety with using Linux
If you push a patch to the Linux kernel you have to follow rules (e.g. checkpatch). Maybe there can be kernel tools to improve the safety part of Linux, e.g. that the proposed change/config is in line with the safety guidelines
The kernel alone does not make the operating system, you need other components to create a particular system.
Open Sourcing the Red Hat requirement tool would be a great benefit for the wider open source safety community
Use the requirements tool to export SPDX safety linkage SBOMs for the Linux Kernel
Reach out to Eclipse SDV and AGL with SOAFEE to talk about an example system as part of Systems WG
SDPX and System SBOM may be of interest for Eclipse Foundation (SDV)
OEM may be a must have to work on a real use case in certain domains (especially automotive).
The puzzle pieces on the table may not yet be complete and people may use puzzle pieces differently
Workshops are a good place to learn how the different pieces fit together, SBOM, OSEP, ARCH…
Getting involved
The ELISA Project is open to anyone to participate. While membership is not required for participation, we always love to welcome additional members to join us in the mission of enabling Linux in safety applications and to collaborate with other members who are committed to this effort.
If you are interested to learn more about ELISA or want to participate in one of the working groups or recently started activities, just send an email to the technical forum mailing list. Or you can get advice on where to contribute best by joining the Technical Steering Committee (TSC) meeting which is held every other Wednesday at 13:00 UTC.
Last but not least the next in person workshop is only a few months away. ELISA members currently plan to meet again most likely in Munich, Germany, October 16- 18. Please join the mailing list and/or subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel to learn more about the next workshop.
