ELISA Summit – ELISA

Mar 27

What to expect from the ELISA Project at Open Source Summit 2026 – North America

By elisaproject Blog, Critical Software Summit, ELISA Summit, Industry Conference, Safety-Critical Software Summit

Open Source Summit is the premier event for open source developers and contributors. It’s where maintainers, technologists, and community leaders come together to share knowledge, collaborate on solutions, and push open source projects forward. It’s the home for code, community, and the people driving the future of open source.

A Cross-Domain Home for the Entire Open Source Ecosystem

Open Source Summit is not a single-focus, niche event—it’s the big tent that unites the full spectrum of open source technologies and communities. Whether you work in cloud infrastructure, Linux kernel development, AI/ML, embedded systems, DevOps, security, or safety-critical systems, Open Source Summit offers a shared space to exchange ideas, make connections, and learn across domains. It’s where technologists who don’t typically land in the same room get a chance to collaborate.

At the same time, Open Source Summit brings in the leaders and practitioners who support the ecosystem from non-technical angles: open source program office (OSPO) staff, legal experts, policy advocates, standards organizations, equity champions, community managers, and foundation leaders. Together, they help shape the frameworks, culture, and strategy that make open source work.

A Strategic Gathering for Open Source’s Future

This event serves as a strategic checkpoint for the open source movement. It’s where conversations happen about not only what’s being built—but how and why. From sustainability and funding models to licensing, AI alignment, security, and governance, Open Source Summit brings clarity and direction to a fast-changing open source landscape.

Whether you’re deep in code or focused on enabling the communities and structures that support it, this is where your work gains momentum and impact.

Safety Critical Software Track:

The ELISA Project will be part of the safety track that explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

Session Highlights:

Software Supply Chain Management With the Yocto Project – Joshua Watt, Garmin

Wednesday May 20, 2026 11:00am – 11:40am CDT

Managing software supply chains is an important part of safety critical software. In this talk, Joshua will describe the technologies, methods and lessons learned that the embedded software space uses to manage software supply chains using the Yocto project.

The Final Phase of Xen Safety: Solving Coverage and Residual Gaps – Stefano Stabellini, AMD

Wednesday May 20, 2026 11:55am – 12:35pm CDT

AMD, in collaboration with the Xen community, continues to advance efforts to make the Xen hypervisor safety-certifiable to ISO 26262 ASIL D and IEC 61508 SIL 3. The project has progressed from Safety Concept Approval toward the final certification phase.

This presentation will share practical lessons learned, including how we structure requirements and architecture specification documents to make them easier to review for Open Source experts. It will describe the tools and processes we use to maintain end-to-end traceability and explain how we leverage GitLab to automate requirements-based testing and verification pipelines.

We will also address the remaining challenges on the path to completion, including code coverage and FMEA. In particular, we will explain why achieving comprehensive code coverage is uniquely challenging for a widely used Open Source project such as Xen and outline the strategies we are applying to meet 100% code coverage targets.

Finally, we will describe our approach to FMEA (Failure Mode and Effects Analysis) and how it evolved to better align with existing upstream Xen failure-handling practices.

From Pull Request To Patient Safety: How Tidepool Built an Open-Source Quality Management System – Tapani Otala, Tidepool

Wednesday May 20, 2026 2:10pm – 2:50pm CDT

When software can directly affect whether someone lives or dies, “move fast and break things” isn’t an option. But does that mean safety-critical software can’t be open source? Tidepool’s experience building Tidepool Loop – an FDA-cleared, open-source automated insulin delivery (AID) system for people with Type 1 diabetes – proves it can.

This talk explores how Tidepool developed an open-source quality management system (QMS) that achieves full requirements traceability and testability while preserving the collaborative, transparent ethos of open-source development. We’ll walk through the real-world challenges of mapping regulatory requirements to code contributions, maintaining traceability across a distributed contributor base, and building test infrastructure that satisfies both FDA expectations and open-source community standards.

Attendees will leave with a practical framework for applying requirements traceability and verification practices to open-source projects operating in regulated or safety-critical domains from medical devices to automotive systems to critical infrastructure.

Standardizing Deterministic Interoperability and Resource-Intelligent Design in Medical Robotics – Lilinoe Harbottle, San Jose State University

Wednesday May 20, 2026 3:05pm – 3:45pm CDT

In medical robotics, innovation can be bottlenecked by vertically integrated architectures that contribute to medical “deserts” due to high costs and limited interoperability. This session explores architectural frameworks for standardizing deterministic interoperability, shifting the safety burden from non-transparent hardware to auditable software logic. By establishing these standards, this work ensures that clinical technology is not restricted by fixed vendor-lock.

Through a methodology of high-precision kinematic verification and deterministic mapping, open-source code becomes the catalyst for hardware autonomy. This approach ensures sub-millisecond reliability in the operating room while promoting lifecycle sustainability through vendor-neutral middleware.

Attendees will learn about the implementation of safety-operated envelopes and clinical validation models that facilitate reproducible research and lower barriers to local manufacturing. By prioritizing architectural transparency over closed-loop frameworks, this session outlines a path toward a more sustainable and accessible future for global healthcare.

Modernizing Software Verification – Craig Christianson, United States Air Force

Wednesday May 20, 2026 4:20pm – 5:00pm CDT

In this session, Craig will discuss the importance of verifying safety-critical software by giving real-world examples of peoples’ lives who were saved or put at risk by software. He will share the compliance challenges faced by software engineers working on safety-critical software. He will give a brief overview of software assurance requirements for safety-critical systems and show how formal methods and automated reasoning are accelerating and improving the assurance process. He will give a brief introduction to automated reasoning tools and semantics, and will share success stories from a handful of open-source projects who are using these methods to reach assurance goals faster. Craig will finish by walking the audience through the design of a simple demonstration project that utilizes these technologies.

Learn more about the sessions and register for the event.

Jan 21

Recap of ELISA Project at Linux Plumbers Conference: Tokyo, Japan 2025

By elisaproject Blog, ELISA Summit, Industry Conference

The ELISA Project participated in the Linux Plumbers Conference (LPC) 2025, held December 11–13 at Toranomon Hills Forum in Tokyo (with hybrid remote access). The event brought together developers working in the core areas of Linux for technical discussions and collaboration.

ELISA at the Safe Systems with Linux Microconference

ELISA community members joined kernel developers during the Safe Systems with Linux Microconference to explore how Linux can better support safety-critical and high-integrity systems. The microconference focused on progress around traceability, requirements, testing, and scalable verification to support more dependable kernel development.

Session Highlights:

Aspects of Dependable Linux Systems – Kate Stewart (Linux Foundation), Philipp Ahmann (Etas GmbH (BOSCH))

Kate and Philipp discussed how Linux is increasingly used in safety-critical and regulated industries that rely on dependable and robust software. They explained that these industries follow formal standards for requirements, verification, and change management, but such standards are not well known within the open source kernel community. The session highlighted that while the Linux kernel already contains many good development practices, important artifacts like requirements, tests, and documentation are not yet connected in a structured way. The speakers highlighted the need for shared approaches rather than isolated company efforts to make Linux safer and easier to analyze in complex systems. The speakers encouraged collaboration on improving traceability, clarity, and maintainability to support dependable Linux-based systems.

NVIDIA Approach for Achieving ASIL B Qualified Linux: minimizing expectations from upstream kernel processes -Igor Stoppa (NVIDIA)

In this talk, Igor Stoppa presented NVIDIA’s approach for achieving ASIL-B qualified Linux while minimizing the impact on upstream kernel developers and processes. Unlike traditional safety strategies that require modifying or qualifying large parts of the kernel, NVIDIA proposes mechanisms that isolate and contain safety-relevant components so the wider kernel does not need to be safety-qualified. The approach focuses on reducing dependencies, avoiding burdens on maintainers, and enabling qualification without requiring upstream developers to become safety experts. Igor outlined techniques such as resource partitioning, thread capabilities, and memory pools to ensure verifiable safety behavior without intrusive kernel changes. The goal is to support safety use cases in automotive and robotics while keeping upstream integration feasible and low-friction.

Applying Program Verification to Linux Kernel Code: Challenges, Practices, and Automation – Keisuke Nishimura

In this talk, Keisuke Nishimura presented ongoing work on applying deductive program verification to Linux kernel code, with a focus on the task scheduler. He explained that while the kernel is increasingly gaining specifications, checking that implementations satisfy them still relies heavily on manual effort. Using case studies, he showed how formal verification of scheduler functions can uncover real semantic bugs and increase confidence in functional correctness. The talk also covered practical challenges, such as writing formal specifications, handling loops with invariants, and preparing minimal, verifiable code extracted from large kernel files. Keisuke concluded by outlining automation efforts for code extraction and invariant inference, with the goal of making formal verification a more scalable and practical part of the Linux kernel development process.

Defining and maintaining requirements in the Linux Kernel – Chuck Wolber, Gabriele Paoloni (Red Hat), Kate Stewart (Linux Foundation)

Last year in Vienna the speakers of this talk held a session about “improving kernel design documentation and involving experts”. Following this, the ELISA Architecture working group drafted an initial template for the SW Requirements definition and started documenting the expected behaviour for different functions in the TRACING subsystem.

The work also included reviewing and adopting a framework for formally specifying kernel APIs.

This session aimed to present the latest updates and involve the experts to define the best next steps for having a path to introduce and maintain requirements in the kernel.

The discussion focused on how to document code, show value, address maintainer comments, and link requirements to tests and other verification measures.

KUnit Testing Insufficiencies – Matthew Whitehead (The Boeing Company)

This talk examined the limitations of KUnit when testing small, isolated units of Linux kernel code for high-integrity applications. Matthew Whitehead showed how the current KUnit approach struggles with scalability, system-state dependence, and the lack of built-in mocking or faking needed for low-level testing. Because KUnit tests are built into the kernel, they require full kernel builds, multiple kernels for large test sets, and slow write–execute–observe cycles. He demonstrated how creating isolated tests often requires patches, duplicated code, and extensive setup, which leads to high maintenance costs. The session highlighted the need for unit test capabilities that support out-of-tree compilation, user-space execution, and automatic integration of mocks.

Exploring possibilities for integrating StrictDoc with ELISA’s requirements template approach for the Linux kernel – Tobias Deiminger (Linutronix GmbH)

This talk demonstrated how ELISA’s proposed Linux kernel requirements template could be realized using the StrictDoc model and tooling. Tobias Deiminger showed how StrictDoc can parse requirement templates inlined in Linux source code, merge them with sidecar metadata files, and render traceable documents linking requirements, code, and tests. He highlighted that StrictDoc already fulfills most ELISA needs, including SPDX-REQ tags and structured traceability, while gaps remain around hash-based drift detection. The presentation included a live walkthrough using a demo repository and discussed StrictDoc’s broader model (requirements, design, tests, user stories) compared to ELISA’s current low-level focus. The talk concluded with the proposal that StrictDoc add hash generation and compatibility tweaks, while ELISA could list StrictDoc as a reference tool for kernel developers.

BASIL: Open Source Traceability for Safety-Critical Systems” – Luigi Pellecchia

This talk introduces BASIL – The FuSa Spice, a web-based tool that helps manage traceability for large, fast-evolving projects like the Linux kernel. Luigi Pellecchia explains how safety standards require traceability across requirements, code, tests, documentation, and test results, but these artifacts are spread across many repositories and CI systems (e.g., Linux Test Project, man-pages, CKI, KernelCI). BASIL proposes “traceability as code”: a single configuration file defines which repositories to scan, how to extract work items (requirements, tests, results), and how they relate to each other. From this, BASIL can automatically build and update traceability matrices, integrate data from external test infrastructures, and export results in formats such as SPDX. The session shows how this approach makes traceability and compliance more repeatable, automatable, and sustainable for the Linux kernel ecosystem.

The discussions at LPC 2025 made it clear that building safer and more dependable Linux-based systems is a shared challenge and a shared opportunity. Across all sessions, common themes emerged: improving traceability, defining clearer requirements, strengthening testing practices, and exploring scalable approaches to verification. These conversations reflect exactly what ELISA is working toward: enabling the broader community to confidently use Linux in safety-critical and high-integrity environments.

If you are interested in these topics, we invite you to learn more about the ELISA Project and get involved. Learn more about the ELISA project and working groups.

Jan 11

My ELISA Mentorship

By elisaproject Blog, ELISA Summit, Mentorship

Shefali Sharma, a senior student at the Meerut Institute of Engineering and Technology in India, was a mentee of the ELISA Project starting in March 2022. Her mentors were Shuah Khan, Linux Fellow and Kernel Maintainer at the Linux Foundation and Chair of the ELISA Technical Steering Committee at that time, and Milan Lakhani, Co-Chair of the ELISA Medical Devices Working Group and Software Engineer at Codethink. During her mentorship, Shefali learned a lot about the Linux kernel, Core C programming, and various tools and techniques for analyzing the kernel like strace, ftrace, cscope, perf.

Shefali will be sharing her key learnings on Thursday, January 19 at 12:33-12:43 am ET at the LFX Mentorship Showcase, a virtual event that gives Linux Foundation mentees an opportunity to present their experience with their mentorship. This virtual event, which takes place on January 18-19, is free to attend and open to anyone who would like to learn more about the experiences of LF Mentorship Program mentees, find out more about some of the programs our projects are working on, recruit new talent, and support new developer contributions. Register for the free event here.

If you can’t make the LFX Mentorship Showcase, you can check out her findings in this video from the ELISA Summit (September 2022) about kernel tracing.

You can also learn more in Shefali’s Medium blog here.

Nov 30

Bosch and XPENG Motors join the ELISA Project to Strengthen their Commitment to Safety-Critical Applications in Automobiles

By maemalynn Announcement, ELISA Summit, Industry Conference, News

SAN FRANCISCO – November 30, 2022 – Today, the ELISA (Enabling Linux in Safety Applications) Project announced that Robert Bosch GmbH and XPENG Motors have joined the project, marking its commitment to Linux and its effective use in safety-critical applications in connected cars. Hosted by the Linux Foundation, ELISA is an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems.

Bosch is one of the world’s leading automotive suppliers. Bosch solutions combine automotive software know-how across all domains with expertise in electrical/electronic architecture of large integrated systems, complex real-time software, IoT, and automotive hardware. Their middleware offers functional safety, real-time behavior, and reliability under automotive requirements, combined with cyber-security. The Bosch experience and formal membership in ELISA fits well within the project goals and mission.

“Increasing product complexity and driving requirements in various areas of the software defined vehicle towards mixed-critical workloads requires thinking and going new ways to widen traditional approaches of systems engineering. Due to Bosch’s existing expertise in Linux and functional safety, the formal membership of Bosch within the ELISA project is a logical and consequent step,” said Philipp Ahmann, Business Development Manager – Embedded Open Source, Cross-Domain Computing Solutions at Robert Bosch GmbH. “The enthusiastic collaboration between functional safety experts combined with the recent excellent contributions from Linux experts are adding the value and momentum needed to enable Linux in safety applications and to make ELISA a success story.”

Earlier this month, Philipp Ahmann was nominated and elected as the new Chair of the ELISA Project Technical Steering Committee (TSC). He has been involved in the ELISA Project since May 2019 as an ambassador and member of the Technical Steering Committee (TSC) who has written blogs and given presentations in various Linux Foundation conferences and industry shows.

Philipp Ahmann steps into this role after TSC Chair Shuah Khan, Linux Fellow and Kernel Maintainer at The Linux Foundation, who has helped build the technical governance of the project and advance its mission and goals for more than two years. She will continue to contribute to the ELISA by helping Philipp Ahmann in his TSC role and supporting the working group leads.

“Philipp has made vast contributions during his time with the ELISA Project,” said Shuah Khan. “Since the day he joined the community, he’s been actively involved and has led the Automotive Working Group to real-world use cases like tell tales. His leadership will play an important role in setting up priorities and in providing guidance to the project. We are very excited about this next step in our evolution as an open source project setting the standard for safety-critical applications.”

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes. Launched in February 2019, ELISA works with Linux kernel and safety communities to agree on what should be considered when Linux is used in safety-critical systems. The project has several dedicated working groups that focus on providing resources for system integrators to apply and use to analyze qualitatively and quantitatively on their systems.

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Developers who are elected to the Technical Steering Committee or who participate as project leaders will provide leadership regarding the technical direction.

XPENG Motors, a leading Chinese smart EV company with hubs in China, the United States, and Europe, was founded in 2014 with a belief that technology is bound to transform the future of mobility.

“We are a technology company at heart. By addressing the needs of our customers with our expertise, we can solve the complicated questions in unchartered territory,” said Yu Peng, Embedded Systems General Manager at XPENG Motors. “We recognize the crucial and diverse role mobility plays in people’s lives, and aspire to expand future mobility through intelligent revolution, from the road to the air.”

“We joined ELISA because we wanted to get more technology and experience in improving the functional safety and stability of Linux-based system software. Through communications and participation, we hope the ELISA Project helps us to make products safer and more reliable,” said Peng.

Other ELISA Project members include ADIT, AISIN AW CO., Arm, Automotive Grade Linux, Automotive Intelligence and Control of China, Banma, Boeing, BMW Car IT GmbH, Codethink, Elektrobit, Horizon Robotics, Huawei Technologies, Intel, Lotus Cars, Toyota, Kuka, Linuxtronix. Mentor, NVIDIA, SUSE, Suzuki, Wind River, OTH Regensburg, Toyota and ZTE.

ELISA Presentations

The ELISA Project will be represented at Open Source Summit Japan, hosted on December 5-6 in Yokohama, Japan, and virtually. Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation, will give a keynote address titled “Japan’s Critical Infrastructure – Open Source Evolution,” on Tuesday, December 6 that will feature ELISA and a few other open source projects. On Wednesday, December 7, there will be an ELISA Mini-Summit that will offer a deep dive into the mission of the project and activities of the various working groups. There is a $10 fee when adding the ELISA Summit to the Open Source Summit Japan registration. Learn more about the conference or register here.

ELISA Summit: Trusted Execution Inside Secure Enclaves (Video)

By sremmert Blog, ELISA Summit

An estimated 185 people registered for the ELISA Summit, which took place virtually on September 7-8 to gather Linux community members and attendees from around the world. The event, which featured 15 sessions and 20 speakers, was open to anyone involved or interested in defining, using, or learning about common elements, processes, and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Members of the ELISA Project community presented best practices and overviews on emerging trends and hot topics to using open source software in safety-critical applications and detailed working group updates.

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Işıl Öz, Assistant Professor, Izmir Institute of Technology and Elana Copperman, System Architect, Mobileye. They gives an overview on the topic “Trusted Execution Inside Secure Enclaves“.

Trusted Execution Environments (TEE), which are hardware-implemented encryption technologies, ensure that applications work in an encrypted and secure way by protecting them from the operating system or other programs. While the sensitive data and code are stored inside private regions of enclave memory, unauthorized entities cannot modify them.

In this talk, the speakers will share basics about enclave memories and their usage scenarios. They will talk about open-source projects on Intel SGX technology and our experience in our ELISA mentorship program. In addition to that, the topics also include the safety issues with security aspects and mention about the impact of secure enclave implementations for safety-critical systems.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here.

Nov 23

ELISA Summit: Analysis of eBPF for Safety Use Case (Video)

By sremmert Blog, ELISA Summit, Mentorship

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Elana Copperman, Mobileye & Jules Irenge, Linux Foundation Mentee. They will be sharing their insights on the topic “eBPF for safety use cases”.

Jules shares his experience of working as part of the LXF/ELISA Mentorship Program. The program is focused on ebpf and xdp.

On one hand, eBPF is a kernel mechanism that provides a sandboxed runtime environment in the Linux kernel without changing kernel source code or loading kernel modules.

eBPF programs can be attached to various kernel subsystems, including networking, tracing and Linux security modules (LSM).

On the other, eXpress Data Path (xdp) is a technology that enables high performance data communication, bypassing most of the operating system networking stack using eBPF.

Elana shares an analysis of eBPF for safety, focusing on xdp, and demonstrate how these can be used for safety.

In the process she showcase eBPF /xdp tools that do and count how many packets have been accepted, rejected or redirected and how this can be used for tracing.

The goal of this presentation is to guide system administrators and programmers to consider using this technology to improve on software safety.

To learn more, watch the video below.

For more details about the ELISA Project, visit the main website here.

Nov 18

ELISA Summit : Using memory access error detection (Video)

By sremmert Blog, ELISA Summit

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Priyanka Verma, Senior Software Quality Engineer, Red Hat GmbH and Dennis Brendel, Senior Software Quality Engineer, Red Hat on the topic “Using memory access error detection for safety argumentation”.

Kernel Electric-Fence (KFENCE) and Kernel Address Sanitizer (KASAN) are memory safety error detectors with support in the Linux kernel. This presentation explores how well KASAN and KFENCE detect different types of memory access errors with various configuration settings to assess the suitability of these memory access sanitizers to develop safety argumentation.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here.

Nov 16

ELISA Summit : AUTOSAR Adaptive Applications in Rust (Video)

By sremmert Blog, ELISA Summit

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Christof Petig, Advanced Software Developer, Aptiv Services Deutschland GmbH and Huzaifa Saadat, Head of Center of Excellence AUTOSAR, Alten GmbH on the topic “AUTOSAR Adaptive Applications in Rust”. The talk mainly focuses on the introduction to AUTOSAR adaptive, benefits of Rust wrt FuSa, presenting specific techniques for Rust C++ interaction within AUTOSAR adaptive, outlook towards Rust for AUTOSAR classic.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here.

Nov 11

ELISA Summit: Medical Devices Working Group Update (Video)

By sremmert Blog, ELISA Summit, Working Group

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by the team members from ELISA Medical Device Working Group: Jason Smith, Jeffrey (Jefro) Osier-Mixon, Kate Stewart, Milan Lakhani,Nicole Pappler, Shefali Sharma, Shuah Khan on the topic of Medical Device Working Group update.

The main goal of this working group is to develop best practices to analyze systems and identify the components of Linux that will be participating in safety analysis, in the context of medical device safety standards. The main activities include

Analysis of open source medical device application (openAPS)
Create documentation of results of STPA analysis (system, requirements, architecture, design, …)
Comparison of results of STPA analysis to 62304 Software of Unknown Provenance (SOUP)
Create documentation on usage of tooling to support kernel analysis

In this session, the team shares progress to date, as well as some of the lessons learned and areas where they could use some help. The deliverables being worked on for the next quarter will be previewed as well.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here. To learn more about the Medical Device Working Group or to join the community, click here.

Nov 09

ELISA Summit: Kernel Tracing (Video)

By sremmert Blog, ELISA Summit, Working Group

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Shefali Sharma, Senior year CSE Student, India and LFX Mentee at ELISA Medical Devices WG on the topic “Kernel Tracing.” In this video, Shefali presents the work she did during her ELISA Mentorship Program including:

Understanding system resources necessary to build and run a workload is important.
The highlights of theLinux tracing and strace can be used to discover the system resources in use by a workload.
The completeness of the system usage information depends on the completeness of coverage of a workload.
Performance and security of the operating system can be analyzed with the help of tools like ftrace, perf, stress-ng, paxtest.
Once we discover and understand the workload needs, we can focus on them to avoid regressions and use it to evaluate safety considerations.

In addition to these topics, she also explains about her mentorship experience with ELISA Medical Working Group. Watch the video below or check out the presentation materials here.

If you’re interested in becoming a ELISA Project or Linux Foundation mentee, you can review mentorships and all here: https://lfx.linuxfoundation.org/tools/mentorship/.