Open Source Summit North America, happening on June 23-25 in Denver, Colorado, is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors. One of the tracks includes, Safety-Critical Software, which will feature several ELISA-project related sessions.
The Safety-Critical Software track will take place on Wednesday, June 25. It explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Check out the sessions below, which dive into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.
11 – 11:40 am: The Xen Safety Concept, a Major Milestone Toward Certification – Stefano Stabellini, AMD
Over the past decade, the Xen community has worked tirelessly to develop key features that now form a top-tier automotive solution. Xen’s most important role remains that of an enforcer, ensuring strict isolation between domains so that the execution of one domain remains unaffected by others. As one of the system’s most critical components, Xen is well suited for the highest levels of safety certification.
Since 2023, AMD, in collaboration with the Xen community, has been working to make Xen safety-certifiable according to the ISO 26262 and IEC 61508 safety standards. A major milestone was achieved in Q4 2024 when we obtained Safety Concept Approval from the safety assessors. They reviewed Xen and our safety plans and confirmed compliance with the relevant standards. This is a critical milestone on the road to Xen safety, demonstrating that Xen can be safety-certified.
This presentation will provide detailed insights into the Safety Concept, the activities involved in its development, and the review process. Additionally, it will offer an in-depth update on our journey toward achieving Xen safety certification.
11:55-12:30 pm: Verifying the Rust Standard Library – Rahul Kumar, Amazon Web Services
The Rust programming language is experiencing rapid adoption in critical infrastructure and systems programming, propelled by its memory safety guarantees and developer productivity advantages. Significant technology policies, such as the US National Cyber Strategy, explicitly endorse Rust as a pathway to memory-safe software. Unsafe code blocks, however, can circumvent Rust’s compile-time guarantees. To address this disparity, AWS has collaborated with the Rust Foundation on the Rust Standard Library Verification project, whose objective is to formally verify the safety of the Rust standard library. We are actively integrating automated verification into the Rust Library release process, thereby ensuring continuous safety validation across releases.
Our presentation will elucidate the structural framework and rationale underpinning our verification contest. We will demonstrate our current progress, showcasing successful verification examples and discussing the diverse open-source tools employed in the verification process. We will conclude with our prioritized areas for 2025 and practical ways for the Rust community to actively participate in this pivotal security initiative.
This presentation details S-Core’s development process, scope, status, and timeline, highlighting its integration within the broader automotive safety and SDV landscape. The author further showcases the project’s work towards robust and automated development through a docs-as-code approach utilizing open-source tools such as ReStructuredText, Sphinx-Needs, Bazel, and PlantUML
3:05 – 3:45 pm: Software Supply Chain for the SDV Future — Logistics, Cybersecurity and Compliance – Hasan Yasar, Software Engineering Institute | Carnegie Mellon University
Other ELISA-related sessions include:
As part of a broader effort to document the architecture and design of the Linux Kernel, we propose a method to formally describe low level developer intent in the form of testable expectations (i.e. requirements). This will provide a fact based foundation for pass/fail test development, test validation via code coverage tools, support optional traceability to higher level design, and enable tool development for process automation.
This talk is a continuation of the proposal for Linux Kernel Requirements that formally originated at the 2024 Linux Plumbers Safe Systems with Linux Mini-conference, and further updated at the December 2024 ELISA Workshop at Goddard Space Center.
This edition will present the current state of the requirement template design, provide examples of Linux kernel source code instrumented with low level requirements, present technical explanations for template design decisions, and provide an opportunity for feedback from the developer community.
Monday, June 23 at 2:25 – 3:05 pm: Panel Discussion: Driving Automotive Transformation With Open Source – Philipp Ahmann, Etas GmbH (BOSCH); Kate Stewart, The Linux Foundation; Masato Endo, Toyota Motor Corporation; Wolfgang Gehring, Mercedes Benz Tech Innovation
Open source software has long been utilized in automotive systems, yet the industry is experiencing a renewed focus on its strategic utilization also sparked by the so called Software Defined Vehicle. The establishment of OSPOs across numerous OEMs and Tier suppliers further signals this shift.
This panel digs into the motivations and implications of this trend. The panelist will explore the historical context of OSS in automotive, contrasting it with the current OSPO-driven approach. Key discussion points include the rationale for OSPO creation, the specific challenges they tackle – particularly in light of global sanctions, increasing connectivity demands, and the imperative for cyber resilience – and the anticipated impact on the automotive software landscape with regulated safety-critical Software Defined Vehicle systems.
