Safety-Critical Software Summit

Dec 17

Open Source summit - seoul, Korea 2025 - ELISA project

Recap: ELISA Project at Open Source Summit Seoul Korea 2025

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The Open Source Summit 2025, held on November 4–5 in Seoul, South Korea, brought together a global community of developers, engineers, policymakers, and open source leaders to advance collaboration across the ecosystem. As one of the most comprehensive gatherings in open source, the event created space for meaningful dialogue across technical and strategic domains.

The ELISA Project participated as part of the Safety-Critical Software Track, contributing to discussions at the intersection of open source development and safety standards. This track highlighted the growing role of open source in regulated and safety-sensitive environments, where reliability, transparency, and compliance are essential.

Session Highlights:

Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive – Jaylin Yu, EMQ

Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive was presented by Jaylin Yu from EMQ and focused on practical experience deploying open source software in mass-production vehicles. The session examined how OSS can meet automotive safety and security expectations when combined with strong community engagement, academic collaboration, and production-driven validation.

Examples included MQTT-based remote diagnostics, actor-based system design, and the use of advanced stateful fuzzing techniques to uncover concurrency, race conditions, and protocol-level issues. Jaylin highlighted how software supply-chain decisions and dependency misuse can escalate into system-wide failures in safety-critical environments.

The talk also explored post-deployment challenges such as suspend-to-RAM behavior, file-descriptor exhaustion, time synchronization, and observability gaps in Linux-based systems. Overall, the session delivered, field-tested guidance for building secure, traceable, and reliable OSS-based software-defined vehicle platforms.

DO-330 Qualification of Enhanced LLVM Structural Coverage Tool – Minji Park & Seojin Kim, The Boeing Company

DO-330 Qualification of Enhanced LLVM Structural Coverage Tool was presented by Minji Park and Seojin Kim from The Boeing Company and focused on qualifying an open source structural coverage tool for use in safety-critical avionics software.

The session explained why structural coverage is mandatory under RTCA DO-178C and how verification tools themselves must be qualified under RTCA DO-330 to produce trusted evidence. The speakers described Boeing’s efforts to qualify an enhanced LLVM coverage (llvm-cov) tool, targeting statement, decision, and modified condition/decision coverage (MC/DC) required for higher software assurance levels. The session covered key details including how line and branch coverage were aligned with DO-178C objectives through source formatting, pipeline instrumentation, and toolchain integration.

The talk also outlined the determination of Tool Qualification Level (TQL 5), required qualification artifacts, and validation and verification activities needed to support certification. The session concluded with challenges of qualifying open source tools such as version changes, object code coverage, and regulatory submission and how Boeing is addressing them to enable compliant use of OSS in avionics systems.

Introduction and Consideration of Temporal Partitioning in Avionics With Open Source Eco-System – Haesun Kim & Gihwan Kwon, The Boeing Company

Introduction and Consideration of Temporal Partitioning in Avionics With an Open Source Ecosystem was presented by Haesun Kim and Gihwan Kwon from The Boeing Company and examined how ARINC 653 enables safe and deterministic operation in integrated modular avionics (IMA) systems.

The session introduced the motivation for adopting ARINC 653, comparing traditional federated avionics architectures with IMA approaches that rely on strict temporal and spatial partitioning. Key technical details covered the ARINC 653 two-tier scheduling model, including module-level scheduling across partitions and rate-monotonic process scheduling within each partition.

The speakers discussed gaps between ARINC 653 requirements and current open-source operating systems, highlighting challenges in scheduling, process management, and health monitoring. The talk concluded with Boeing’s ongoing collaboration with open-source communities and future work to bridge these gaps and enable compliant, safety-critical avionics systems built on open-source technologies

Smarter Code, Sneakier Risks: Supply Chain Security in the Age of AI – Lavakush Biyani, Harness

Smarter Code, Sneakier Risks: Supply Chain Security in the Age of AI was presented by Lavakush Biyani from Harness and examined how AI-powered coding tools are reshaping software development while introducing new supply chain security risks. The session explained how AI-generated code can unknowingly introduce vulnerabilities through insecure patterns, outdated libraries, or hallucinated dependencies that attackers can exploit.

The session covered real-world examples of dependency confusion, AI-suggested non-existent packages, and the reuse of vulnerable dependency versions due to limited model context. The speakers introduced practical detection techniques such as analyzing code changes, generating AI Bills of Materials (AIBOMs), tracking dependency drift, and monitoring build behavior.

The session concluded with guidance on integrating these security checks into CI/CD pipelines, enabling DevSecOps teams to manage AI-driven risks without slowing development velocity.

Detecting Double Free With BPF – Bojun Seo, LG Electronics

Detecting Double Free With BPF was presented by Bojun Seo from LG Electronics and addressed the challenges of detecting double free vulnerabilities in C and C++ programs, particularly in production and embedded environments.

The session explained why traditional tools such as Valgrind and AddressSanitizer often struggle in real-world systems due to high overhead and their tendency to alter memory behavior, leading to hard-to-reproduce Heisenbugs. The session also covered a novel detection approach using BPF and uprobes to trace memory allocation and deallocation events without modifying the target process’s memory footprint.

The tool tracks allocation counters and captures stack traces in BPF maps, reporting double frees with significantly lower runtime and memory overhead. Through live demonstrations and real code examples, the talk showed how this lightweight BPF-based approach improves reliability and practicality for detecting double free errors in performance-sensitive embedded systems.

Telco Supply Chain Security: Implementing ISO 18974 & SBOM – Haksung Jang, SK Telecom

Telco Supply Chain Security: Implementing ISO/IEC 18974 & SBOM was presented by Haksung Jang from SK Telecom and focused on managing growing software supply chain risks in the rapidly evolving telecom industry.

The talk explained how increased reliance on open source in 5G, cloud-native, and software-defined networks has amplified dependency complexity and reduced visibility, creating serious security challenges. Key technical details covered the adoption of ISO/IEC 18974 (Open Source Security Assurance) as a standardized framework for vulnerability management, governance, and third-party assurance across telecom supply chains.

The session highlighted SBOM implementation using standards such as SPDX and CycloneDX, emphasizing automated generation, validation, and integration into CI/CD pipelines to enable rapid vulnerability response and regulatory compliance. Drawing from SK Telecom’s real-world OSPO experience and OpenChain Telco Work Group activities, the talk provided practical guidance on policy design, supplier collaboration, and building a trusted, standards-based telecom software ecosystem.

Key Takeaways:

The ELISA Project’s presence at Open Source Summit Seoul 2025 showed how open source is now essential in safety-critical and regulated systems.

Across automotive, avionics, embedded, AI, and telecom sessions, speakers demonstrated that open source can meet strict safety and security requirements when supported by strong processes and standards. Talks highlighted the importance of verification, deterministic system design, and low-overhead runtime analysis for real-world deployments. Supply chain security emerged as a shared priority, with SBOMs, AIBOMs, and international standards enabling visibility and trust.

Overall, the sessions reinforced that safety, security, and open collaboration must advance together.

What’s Next?

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Nov 11

ELISA Project - Open Source Summit: Tokyo, Japan 2025

ELISA Project at Open Source Summit: Tokyo, Japan 2025

By elisaproject Ambassadors, Blog, Critical Software Summit, Safety-Critical Software Summit

Open Source Summit is the place to connect directly with the people shaping open source – maintainers, developers, and community leaders, while learning from their experience and insights. It’s an opportunity to discover emerging technologies, explore practical solutions you can apply immediately, and collaborate on ideas and code that drive projects forward. Whether you’re looking to grow your skills, expand your network, or advance your career, the summit offers a unique environment to learn, contribute, and be part of the momentum powering the future of open source.

ELISA project will be represented by our community members at the Safety Critical Track.

This track explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems. Learn more.

Track Highlights:

1. Keynote: Space Grade Linux: Building a Safer, Open Source Future for Space Systems – Ramon Roche, General Manager, Dronecode Foundation

As launch cadence increases and development cycles tighten, the space industry turns to open source to meet the moment. Enter Space Grade Linux (SGL) — an initiative under the ELISA Project aimed at creating a reusable, safety-aware Linux foundation for spaceflight systems.

This talk will introduce the goals and current status of SGL, highlighting three foundational focus areas:
1. Kernel Configuration – Defining a shared starting point for space-focused Linux systems, emphasizing predictability, determinism, and traceability.
2. Booting into Linux: Exploring the safety-critical implications of system bring-up and strategies for improving reliability in space-grade deployments.
3. Userspace Strategy – Discussing early-stage decisions around minimal runtime environments, supervision, and what a safe, maintainable userspace might look like.

Attendees will get a hands-on overview of what’s already available in the GitHub repository, including a Yocto-based reference implementation and working kernel configuration. More importantly, they’ll learn how to get involved — through technical contributions, architecture discussions, or community collaboration.

2. A Human-Centric Quality Assurance Process for Open Source Software Projects – Wendi Urribarri & Carlos Ramirez, Woven by Toyota – Wednesday December 10, 2025 11:10 – 11:50 JST

As autonomous systems become part of our daily environments, ensuring software quality is critical, especially when defects can cause physical harm. In safety-critical domains like automotive, functional safety must be supported by development processes that ensure high quality and reliability, not only for embedded systems but also, in some cases, for software tools.

This talk presents an approach to support quality assurance of open source software projects. What sets this effort apart is the proposed integration of a human-centric quality strategy, rooted in human-error research informed by cognitive psychology and human factors, in the development process of these projects. We introduce a defect prediction engine designed to anticipate common error modes, enabling proactive defect prevention, focused code reviews, and targeted documentation checks. Our approach offers a fresh perspective on improving software quality across domains while aligning with the expectations of safety-critical frameworks.

3. Comparison and Proposal of Vulnerability Management Approaches in Yocto-Based Linux for the CRA – Akihiko Takahashi, Fujitsu Limited – Wednesday December 10, 2025 12:00 – 12:40 JST

Fujitsu has long provided multilateral support for SPDX, especially through activities in Yocto and SPDX. From 2016, we have been joining maintainers of meta-spdxscanner, enabling SPDX functionality for the Yocto Project. In 2024, We joined OpenSSF to enhance the security and trustworthiness of the global software supply chain. This marked a step forward in our continued dedication to this mission.

Due to the EU CRA, manufacturers in the EU will be obligated to report vulnerabilities starting in September 2026. In the context of Yocto, several vulnerability management approaches are being considered, such as cve-check, yocto-vex-check, and third-party tools. However, as of now, there is no clearly established best practice.
In this session, we will apply these vulnerability management approaches to practical use cases relevant to manufacturers covered by the CRA. The comparison includes the use of SBOMs and VEX to evaluate the effectiveness of each method. Through this analysis, we will clarify the strengths and challenges of vulnerability management in Yocto-based Linux and propose which approach is most suitable depending on the context.

4. Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive – Jaylin Yu, EMQ – Wednesday December 10, 2025 14:00 – 14:40 JST

While OSS in Automotive is seen as the holy grail to solve SDV complexity challenges with faster time to market and higher performance, it still lacks practical real-world examples and showcases that address OSS usage in compliance with the stringent safety and security demands of Automotive.
In this talk, the author shares his real-world story of bringing OSS into mass production vehicles. This includes the impact of a healthy open-source community and how academic research helped solve security gaps, leading to increased system stability. This also embraces the impact of the software supply chain, providing a proven approach, refined through failures, helping to lower dependency risk for MQTT-based remote vehicle diagnostics.
The session is rounded out by highlighting the link between system utilities and safety functions, covering time synchronization, dependency management, and data integrity within a Linux system, which impact the selection of a file system, and what happens when a customer suddenly requires STR.
The audience will leave the session with a holistic impression of what to consider when creating a secure, safe, OSS-based SDV automotive system.

5. Decoding Safe(ty) Linux Architectural Approaches for Critical Systems – Philipp Ahmann, Etas GmbH – Wednesday December 10, 2025 14:50 – 15:30 JST

For years, diverse interpretations about what it means to “enable Linux in safety applications” exist – an observation spanning multiple industries but particularly pronounced in automotive. With its long history of Linux adoption (like AGL) and current software-defined vehicle (SDV) innovation challenges, the automotive sector is undergoing a transition by both manufacturers and suppliers seeking to implement Linux also in safety critical production systems.

This presentation intends to resolve confusion around the terminology “safety Linux” versus “safe Linux”, clarifying where safety responsibility is allocated to Linux itself versus handled at the system level. By examining architectural system concepts currently implemented in products or under development, the author cuts through marketing rhetoric to provide clear distinctions between approaches. It showcases solutions employed by distributors and identifies crucial elements for safety argumentation like watchdog & monitoring.

Attendees will gain practical insights for evaluating safety approaches in Linux-based systems, including key questions to ask when assessing different safety concepts.

6. LF Energy 101: How Open Source Is Powering the Digital Energy Transition – Darshan Chawda & Nao Nishijima, Hitachi -Wednesday December 10, 2025 16:40 – 17:20 JST

The current energy sector must shift from legacy control systems, which are rigid and hardware-bound, to digital, software-defined systems that enable greater sustainability, resilience, and intelligence. To support this transformation, LF Energy, a Linux Foundation initiative, has empowered industrial partners for over seven years to collaborate through community-driven OSS projects, accelerating innovation across the digital energy ecosystem.

This talk offers a beginner-friendly introduction to LF Energy and its key projects, with a demo highlighting their role in virtualizing substations, forecasting energy, and simplifying operations through automation. These projects show how IT and AI technologies enhance grid safety, which is critical because failures in energy systems can disrupt public infrastructure. However, unlike pure IT systems, energy infrastructure relies heavily on physical hardware, making large-scale digital adoption more complex. LF Energy’s open innovation model, focused on IT/OT convergence, helps overcome these barriers by enabling redundancy, virtualization, and collaborative development, which leads to a more reliable and intelligent energy future.

Learn more about the event and register here.

Oct 22

ELISA project at the OSS Europe 2025 - Blog 4

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 4

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.

For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.

Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.

This week we highlight two talks from the Safety Critical Summit session:

Shifting Safety Techniques To a Statistical World – Imanol Allende & Nicholas Mc Guire

As safety-critical systems grow ever more complex, the traditional deterministic mindset that has long guided safety engineering is reaching its limits. In their Open Source Summit Europe 2025 talk, “Shifting Safety Techniques to a Statistical World,” Imanol Allende (Codethink) and Nicholas Mc Guire (OpenTech) challenge conventional assumptions about how we design and assure safety in modern systems.

Today’s high-performance, interconnected platforms from autonomous vehicles to adaptive software systems exhibit inherent non-determinism. Their behavior cannot always be broken down and analyzed piece by piece, as Descartes’ reductionist approach once suggested. Instead, these systems display emergent properties that arise from complex interactions, requiring a more holistic lens.

Imanol and Nicholas argue that the next evolution in safety engineering lies in statistical system analysis. Approaches such as Probabilistic Worst Case Execution Time (pWCET) and Statistical Path Coverage offer promising ways to quantify and manage uncertainty in highly dynamic environments. These methods shift assurance from absolute determinism toward probabilistic confidence, reflecting the true behavior of modern computing platforms.

The talk outlines both the limitations of traditional safety techniques and the opportunities of statistical methods, emphasizing what will be needed methodologically, technically, and culturally for such approaches to gain acceptance within the functional safety domain.

In conclusion, this session invites the safety community to embrace uncertainty not as a flaw, but as a measurable feature of complex systems and to evolve its tools and thinking accordingly.

Engineering Trust: Formulating Continuous Compliance for Open Source – Paul Albertella & Kaspar Matas, Codethink

In this session, “Engineering Trust: Formulating Continuous Compliance for Open Source,” Paul Albertella and Kaspar Matas (Codethink) argue that software requirements, as commonly practiced, are broken. High-level requirements often collapse into feature wish lists; low-level requirements drift into after-the-fact narratives. Formal process models tend to treat the dynamism of FOSS as a defect—yet that very fluidity is a core strength and the result is that project intent and expectations get lost in the noise.

Enter the Eclipse Trustable Software Framework (TSF): a lightweight, continuous compliance framework built by and for open source. TSF lets projects organize and evidence their own objectives not only those imposed by standards while remaining workflow-agnostic and requiring only git. By managing objectives, reasoning, and artifacts alongside code, TSF closes the gap between paper processes and real engineering practice.

TSF’s distinctive outcome is an automated, transparent, traceable body of evidence quantified by a confidence score. That score helps teams decide where to focus next and gives consumers a concrete way to evaluate their trust in the software. Evidence can reference code, tests, results, and validators; hashes and links keep the graph consistent as projects evolve and CI runs.

The talk walks through TSF’s model and usage, then shows how its statements, evidence, and objectives can be mapped to functional safety standards (e.g., IEC 61508 or ISO 26262) to support certification and ongoing assessment. The message is pragmatic: keep the agility of open source, but capture intent and proof continuously so compliance becomes a living activity, not a one-off paperwork sprint.

MISRA C and C++ in OSS: Yes, We Can! – Roberto Bagnara, BUGSENG / University of Parma

In his presentation, “MISRA C and C++ in OSS: Yes, We Can!”, Roberto Bagnara (BUGSENG / University of Parma) challenged a long-standing assumption: that safety- and security-critical software written in C or C++ is fundamentally incompatible with open source development.

C and C++ have powered decades of system software efficient, portable, and close to the hardware but their origins in the 1970s also carry forward deep weaknesses. Undefined and unspecified behaviors, lack of runtime checks, and a “trust the programmer” philosophy make them risky foundations for modern critical systems. When open source software becomes part of automotive, aerospace, or industrial platforms, these risks demand a structured mitigation and that’s where MISRA C and MISRA C++ come in.

MISRA defines safe subsets of C and C++, guiding developers away from dangerous constructs and toward predictable, reviewable code. These rules are not about finding bugs, but about preventing entire classes of failures by design. Mandatory rules prevent undefined behavior; advisory rules promote clarity and verifiability. Importantly, deviations are allowed if they are justified, documented, and demonstrably safe.

Roberto highlighted real-world experience applying MISRA to major open source projects such as Xen, Zephyr, and Trusted Firmware, where compliance was achieved through a combination of training, tailoring, and tooling the “three T’s.” His team’s static analysis tool ECLAIR integrates MISRA checking into continuous integration, helping projects track compliance as they evolve.

The results are encouraging: projects once reporting millions of rule violations now maintain near-complete compliance, with violations justified or eliminated and regressions automatically detected.

The key insight: safety and openness are not mutually exclusive. With collaboration, tailored guidelines, and the right tools, even complex open source ecosystems can move toward MISRA-aligned development building a foundation of trustable, verifiable software for the systems that matter most.

What’s Next?

Together, these perspectives point to a pragmatic future: combine statistical assurance, continuous evidence, and disciplined coding subsets to make safety an ongoing, collaborative property of open source.

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Oct 09

ELISA project recap blog from the Open Source Summit - Part 3

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 3

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Insights Into the Safe Open Source Vehicle Core Project for SDV – Philipp Ahmann, Etas GmbH (BOSCH)

The Safe Open Source Vehicle Core (S-Core) project, presented by Philipp Ahmann of ETAS (Bosch), is a collaborative, code-first effort to build a safety-certifiable middleware stack for software-defined vehicles (SDVs). Targeting the layers above the operating system, S-Core complements ELISA’s work and aims for ISO 26262, ASPICE, and ISO 21434 compliance. It supports POSIX-based systems like Automotive Grade Linux and Zephyr, is developed in C++ and Rust, and offers a VS Code-based dev environment with containerized builds.

Using a docs-as-code workflow with Sphinx, PlantUML, and Bazel, S-Core tightly links documentation, code, and testing through automated CI. Modules such as IPC, logging, and data persistence are under active development, with contributions from 70+ developers across 10+ companies.

Following a V-model safety process, S-Core builds in traceability, audits, and ASIL-B-level rigor, while distributors will handle final certification and integration. With a 0.5 release planned for late 2025 and 1.0 in 2026, the project is establishing a shared, open, and certifiable foundation for the next generation of safety-critical automotive software.

AutoSD: A Linux Development and Prototyping Framework for the Automotive Community – Alessandro Carminati & Gabriele Paoloni, Red Hat

AutoSD presented by Alessandro Carminati and Gabriele Paoloni (Red Hat) is an upstream, community-driven Linux distribution for automotive, backed by the CentOS Automotive SIG and serving as a public preview of Red Hat’s in-vehicle OS. Built on CentOS Stream, AutoSD adds automotive essentials: a real-time tuned Linux kernel, OSTree for transactional, rollback-safe updates, and containerized mixed-criticality so safety functions can run alongside infotainment without interference. A docs-as-code + CI approach keeps code, tests, and documentation aligned; images are declaratively built (YAML) via the Automotive Image Builder/OSBuild toolchain, and shipped as a binary distro for fast, reproducible onboarding.

A major focus is hardware enablement without the usual pain. If a SoC/board is already supported, you can boot prebuilt images and prototypes immediately. If drivers are upstream, contributors can add and maintain support in AutoSD under an upstream-first policy. For newly supported silicon, teams can evaluate quickly using a vendor BSP (“Frankenbuild”) but are encouraged to move to out-of-tree modules built against AutoSD’s stable kernel ABI for a maintainable, near-production path while upstreaming progresses.

Safety is treated as architecture, not afterthought: namespaces/cgroups isolate workloads, containers enforce domain boundaries, the kernel is real-time tuned, and intensive stress/fuzz testing (e.g., syzkaller + KASan) underpins freedom-from-interference claims. In Red Hat’s commercial in-vehicle OS, the same model maps to ASIL-B safety partitions (with a hardware watchdog and hardware-specific certification), while AutoSD remains the open, rapid-prototyping lane. Tightly aligned with communities like ELISA and Eclipse SDV, AutoSD offers a reference framework the industry can actually build on: contribute patches, enable new SoCs, propose features, and help shape a secure, updatable, and certifiable Linux base for software-defined vehicles.

What’s Next?

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Oct 07

ELISA project at Open Source Summit Europe 2025

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 2

By elisaproject Blog, Critical Software Summit, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

BASIL – What’s New, What’s Next – Luigi Pellecchia, Red Hat

At the Open Source Summit Amsterdam, during the Safety-Critical track, Luigi Pellecchia, Principal Software Quality Engineer at Red Hat and member of the ELISA Technical Steering Committee, presented the session “BASIL – What’s New, What’s Next.” BASIL is an open source tool designed to build and maintain requirements traceability for safety-critical systems in a collaborative environment. It helps engineers link requirements, test specifications, test cases, justifications, and documents into a unified traceability matrix. The tool features a web interface, a REST API for automation, and supports test execution through both built-in and external infrastructures. It also tracks all changes, manages users with fine-grained permissions, and exports full SPDX-based design SBOMs, ensuring complete traceability from design to verification.

Recent developments in BASIL include support for SPDX traceability export, import of requirements in multiple formats (CSV, JSON, YAML, StrictDoc, SPDX), and the ability to scan and import test repositories using TMT (Test Management Tool). The system now offers enhanced user management, allowing admins to clone permission sets, configure email servers for password resets, and simplify collaboration on shared components. New integrations include LAVA, enabling users to list, map, and trigger test runs from external infrastructures like GitLab CI, GitHub Actions, KernelCI, and Testing Farm. BASIL also introduces AI-assisted authoring, where large language models help draft test specifications and cases directly from selected document sections. Additional improvements include re-enabled end-to-end and API testing, broader browser compatibility, and better usability in shared environments.

In his demo, Luigi showcased how BASIL lets users select a reference document, break it into sections, and map traceable items on top. The system visualizes coverage and gaps, links tests to requirements, and executes or imports test results seamlessly. It can generate a design SBOM capturing the full traceability structure useful for ISO 26262 and similar compliance audits.

Looking ahead, the roadmap includes hierarchical document mapping, multi-reference document support, and baseline snapshots for point-in-time reviews. The team plans to migrate to PostgreSQL for scalability, improve file and folder management, enhance LAVA plugin templates, and align with the SPDX Safety Profile 3.1 specification. A PDF export option for assessors is also under consideration.

BASIL continues to evolve as a cornerstone in open source safety-critical development bringing together transparency, automation, and compliance readiness.

From Chaos to Control: Overcoming C and C++’s Inherent Unsafety – Assaf Tzur-El, Simple. Technology

In this talk, Assaf Tzur-El argues that the languages’ twin hazards are unsafety (buffer overflows, lifetime misuse, races) and unpredictability (undefined/unspecified/implementation-defined behavior). A “simple” line can become a CVE; a runtime divide-by-zero may legally do anything; evaluation order of f(a(), b(), c()) can change between calls; even fundamentals like sizeof(long) and char signedness vary. Calls to “just use Rust” collide with reality: massive legacy codebases, entrenched toolchains, domain constraints (real-time, performance, low-level access), and developer expertise mean wholesale migration isn’t practical.

The pragmatic path is discipline + enforcement. Discipline comes from structured guidelines MISRA C / MISRA C++ which codify dos and don’ts across categories (mandatory/required/advisory), with ~80% decidable by tools. Enforcement comes from wiring those rules into your pipeline: static analysis (e.g., clang-tidy/Sonar/Klocwork), -Wall -Werror, and CI gating.

Assaf illustrates how MISRA’s seemingly vague rules (e.g., “switch shall be appropriately structured”) unpack into precise checks (always have default), and how apparent collisions (e.g., “no unreachable code”) resolve once you read the rationale. Around that core, adopt defensive programming (“trust no input”), Secure-by-Design practices, and standards awareness (ISO 26262 et al.) to make failures rarer and more predictable when they do happen.

What’s Next?

The Safety-Critical track showed how open source is moving from complexity to control. BASIL is helping teams build clear, verifiable links between requirements, tests, and results bringing real traceability to safety-critical development. At the same time, Assaf Tzur-El reminded us that while C and C++ aren’t going away, we can make them safer through guidelines like MISRA, static analysis, and a defensive coding mindset.

Together, these talks highlight a shared goal: making open source software more reliable and trustworthy for safety-critical use. Stay tuned for more session highlights, and consider joining ELISA working groups to help advance safe, open software for all.

Sep 24

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 1

By elisaproject Blog, Critical Software Summit, Industry Conference, Linux Foundation, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Looking at Linux as a SEooC – Kate Stewart, The Linux Foundation; Nicole Pappler, AlektoMetis & Chuck Wolber, The Boeing Company

Linux is increasingly deployed in safety-critical systems as a Safety Element out of Context (SEooC), yet its scale and rapid evolution, thousands of contributors and near-continuous upstream change pose unique assurance challenges. This talk explains what SEooC means in practice, why it should be understood as a “safety element with assumed context,” and the implications for integrators: a SEooC is not plug-and-play. System developers remain responsible for confirming compatibility, reviewing the safety manual and assumptions of use, ensuring traceability to their own requirements, configuring the element correctly, and validating it within their specific hazard and timing constraints. We frame the work through design assurance hazard identification, design mitigation via requirements-based engineering, and implementation assurance highlighting current gaps between kernel behavior and requirements-derived tests.

The session outlines community efforts to close those gaps: defining low-level Linux kernel requirements with maintainer sign-off; advancing coverage (statement, decision, MC/DC) using LLVM-based kernel coverage and object-code mapping; and packaging evidence with an SPDX functional-safety profile. Speakers also address non-determinism (focusing on deterministic outcomes, minimal configurations) and introduce knaf for call-tree analysis from specific entry points.

Overall, these efforts show how scaling requirements, testing, and coverage within open collaboration can yield reusable evidence, strengthen kernel reliability, and align with a substantial portion of DO-178C DAL A objectives across industries.

Identifying Safety Weaknesses and Fault Propagation in the Linux Kernel – Igor Stoppa, NVIDIA

With growing interest in using Linux in safety-critical domains such as automotive, traditional functional safety practices need to be applied to an open source environment. One such practice is fault injection, where failures are deliberately introduced to study how the system reacts.

This talk by Igor Stoppa, NVIDIA, introduced a tool and methodology for injecting controlled faults into Linux kernel data structures. The goal is to uncover subtle forms of degradation that may not trigger a crash but can compromise safety goals, such as delayed system responses. By running repeatable experiments, the approach makes it possible to check whether safety mechanisms detect and report problems consistently and within required timing constraints.

The work highlights both the challenges of applying safety analysis to a large, fast-moving project like the Linux kernel and the opportunities to integrate such testing into the regular release process. Over time, this could provide valuable data on fault propagation, improve kernel reliability, and strengthen Linux’s role in safety-critical applications.

What’s Next?

The Safety-Critical Software track at Open Source Summit Europe 2025 highlighted the important progress being made toward making Linux a reliable choice in regulated and safety-sensitive domains. From exploring Linux as a Safety Element out of Context to fault injection techniques that expose hidden weaknesses, these discussions show how the community is tackling complex challenges with rigor and collaboration.

To learn more, be sure to check our upcoming blogs where we will cover more sessions from the track. If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Sep 17

Recap Blog: ELISA Project at Open Source Summit Europe 2025

By sremmert Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The ELISA Project was proud to participate in Open Source Summit Europe 2025, held August 25-27 in Amsterdam, Netherlands. As the premier gathering for open source developers, technologists, and community leaders, this year’s event once again showcased the strength, diversity, and innovation of the open source ecosystem.

For ELISA (Enabling Linux in Safety Applications), it was an incredible opportunity to connect with developers, architects, functional safety experts, and contributors working at the intersection of Linux and safety-critical systems.

ELISA Project community photo taken at the Open Source Summit Europe 2025

ELISA Booth Highlights

As a Bronze Sponsor, ELISA hosted Booth #29, where attendees learned about safety-critical software and Linux.

Visitors stopped by to:

Learn more about ELISA’s mission and latest progress.
Explore tools, processes, and working group initiatives.
Connect with project members, contributors, and users.

The booth was buzzing throughout the summit, and it was inspiring to see interest from developers across automotive, industrial, medical, and other safety-focused domains.

ELISA in the Safety-Critical Software Summit

ELISA was also featured in the Safety-Critical Software Summit, a focused track within Open Source Summit Europe dedicated to exploring how open source and safety standards intersect. Watch the sessions here.

Sessions covered a wide range of important topics, including:

Kernel safety – identifying weaknesses, fault propagation, and ways Linux can evolve as a safety element out of context (SEooC).
Automotive innovation – exploring safe software platforms, prototyping frameworks, and open source initiatives for software-defined vehicles.
Compliance and trust – practical approaches to continuous compliance, traceability, and the use of statistical methods in safety analysis.

These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.

Key Takeaways

There is strong and growing interest in applying Linux to safety-critical domains, from automotive to medical and industrial applications.
Progress in tools, methodologies, and compliance frameworks is enabling broader adoption of open source in regulated environments.
Collaboration between industry, academia, and the open source community is essential to tackling safety challenges at scale.
The ELISA community continues to expand, fueled by conversations and new contributors who engaged with us in Amsterdam.

Join the ELISA Community

We want to thank everyone who visited us at Booth #29, attended our sessions, and engaged with the ELISA Project at Open Source Summit Europe 2025.

Your questions, feedback, and contributions help shape the future of open source in Linux in safety-critical applications.

If you didn’t get a chance to connect in Amsterdam, it’s not too late!

Learn more about ELISA’s mission and working groups.
Get involved in the community.
Stay tuned for upcoming events and opportunities to collaborate.

👋 Thank You, Amsterdam!

From booth conversations to technical discussions, ELISA’s presence at Open Source Summit Europe 2025 was a success thanks to the open source community. We look forward to building on this momentum and continuing the conversation about safety-critical open source systems.

Until next time – see you at the next event!

Aug 06

Documenting the Design of the Linux Kernel - Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

Talk Highlights: Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundation; Gabriele Paoloni, Red Hat

By sremmert Ambassadors, Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

Open Source Summit North America, which happened on June 23-25 in Denver, Colorado, had a total of 1,535 in-person attendees (47% hold technical positions) that represented 732 organizations. This year’s event featured vibrant conversations in the Safety-Critical Software track, sponsored by ELISA Project member Honda.

Safety-critical systems — whether in automotive, industrial, medical, or aerospace — are increasingly adopting open source technologies. The sessions in this dedicated track tackled real-world challenges and shared solutions around functional safety, tool qualification, compliance, and certifiability of open source software.

Highlights included:

Panel discussions on bridging the gap between open source innovation and safety assurance
Technical deep dives into applying safety analysis methods to Linux-based systems
Case studies from the ELISA Project working groups showcasing progress in automotive, medical, and industrial domains

This week we are highlighting the talk “Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat” from the Open Source Summit, North America 2025.

Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

As Linux adoption grows in safety-critical industries like aerospace and automotive, structured design documentation and traceability become increasingly important. This talk presented the ELISA Project’s efforts to reverse-engineer and document low-level developer intent within the Linux kernel using a new, machine-readable requirements template.

Building on earlier discussions at Linux Plumbers 2024 and the December ELISA Workshop at NASA Goddard, the session outlined a proposed framework for capturing “testable expectations” in line with kernel development norms. The goal is to support pass/fail test development, improve test precision using code coverage, and eventually link low-level requirements to higher-level system design.

The speakers showcased early examples from the kernel’s tracing subsystem, discussed the balance between testability and maintainability, and explained how the effort helps address kernel technical debt and reduce certification barriers. The proposal also seeks to avoid burdening maintainers by decoupling documentation from core development.

Key topics included:

A breakdown of the proposed requirement template structure and fields
Examples of real-world kernel functions instrumented with low-level requirements
Integration plans with KernelCI for test coverage and traceability
Challenges encountered, such as avoiding pseudo-code duplication and handling evolving code
Community feedback from upstream maintainers and next steps toward broader adoption

To learn more and get involved in the Safety Architecture Working Group, check here.

What’s Next?

We’re excited to continue the conversations sparked at OSSummit through our public working groups, monthly meetings and upcoming events. Join the ELISA Project at Open Source Summit Europe, happening on August 25-27 in Amsterdam, at the Safety-Critical Software Summit. Check out the schedule or visit the ELISA Project ambassadors and leaders at the booth #29. Learn more here.

Learn more about the conference or register for it at the main Open Source Summit Europe page.

For more ELISA Project updates, subscribe to the LinkedIn page, Youtube Channel or join the community on our new Discord channel!

Aug 01

Watch Now: Safety-Critical Software Summit Videos @ OSSummit NA

By maemalynn Blog, Safety-Critical Software Summit

Highlights included:

Panel discussions on bridging the gap between open source innovation and safety assurance
Technical deep dives into applying safety analysis methods to Linux-based systems
Case studies from the ELISA Project working groups showcasing progress in automotive, medical, and industrial domains

The videos can be found on the Open Source Summit North America playlist on the ELISA Project YouTube channel.

Many thanks to all the ELISA Project contributors and collaborators who presented, facilitated hallway conversations, and helped guide newcomers through the complexities of using Linux in safety-critical environments including: Stefano Stabellini (AMD), Carolyn Zech (Amazon Web Services (AWS)), Philipp Ahmann (ETAS), Gabriele Paolini (Red Hat), Rinat Shagisultanov and Troy Sabin (InfoMagnus), Hasan Yasar (Software Engineering Institute | Carnegie Mellon University), Chuck Wolber (The Boeing Company), Kate Stewart (The Linux Foundation), Masato Endo (Toyota Motor Corporation) and Wolfgang Gehring, (Mercedes Benz Tech Innovation).

Community Momentum

The Safety-Critical Software track continues to grow — a reflection of the increasing demand for transparent, collaborative development in safety-focused industries. With representatives from leading companies, standards bodies, and the open source community, the track served as a bridge between traditionally siloed sectors.

This momentum builds on ELISA’s mission: to make it easier for developers and companies to build and certify Linux-based safety applications by providing guidance, tools, and domain-specific working groups.

: Linux Discussion

: Masato Endo, Toyota Motor Corporation; Wolfgang Gehring, Mercedes Benz Tech Innovation;Philipp Ahmann, Etas GmbH (BOSCH); Kate Stewart, The Linux Foundation

: Gabriele Paoloni, Red Hat; Kate Stewart, The Linux Foundation; Chuck Wolber, The Boeing Company

: Gabriele Paoloni, Red Hat; Philipp Ahmann, Etas GmbH (BOSCH); The Linux Foundation’s Maemalynn Meanor and Min Yu at the attendee reception at Meow Wolf Denver

What’s Next?

Learn more about the conference or register for it at the main Open Source Summit Europe page.

For more ELISA Project updates, subscribe to the LinkedIn page, Youtube Channel or join the community on our new Discord channel!

Jul 09

ELISA project at the Open source summit, Europe 2025

ELISA Project at Open Source Summit Europe 2025

By sremmert Blog, Industry Conference, Safety-Critical Software Summit

Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors.

Why Attend

Connect with the people shaping open source
Learn from maintainers, architects, and industry leaders
Discover new technologies and real-world solutions
Collaborate on ideas that move projects forward
Grow your skills, your network, and your career

ELISA Project at OSS Europe

We are excited to announce that the ELISA (Enabling Linux in Safety Applications) Project will be participating in the upcoming Open Source Summit Europe, taking place August 25-27, 2025 in Amsterdam, Netherlands.

As a proud Bronze Sponsor of this year’s event, ELISA will also be part of the Safety-Critical Software Summit, one of the focused tracks within Open Source Summit Europe

This is a key opportunity to connect with developers, system architects, functional safety experts, and open source contributors working at the intersection of Linux and safety-critical systems.

What to Expect from ELISA Project at Open Source Summit Europe?

Yes, we have a booth and we would love to see you there!
Stop by Booth #29 to:

Learn more about ELISA’s mission and progress
See how Linux can support safety-critical systems across industries
Explore tools, processes, and working group initiatives
Check out live demos
Meet with project members, contributors and users
Pick up your favourite ELISA branded giveaways

And if you have been following ELISA for a while, you may have noticed we have refreshed our logo!
Come by the booth to grab special edition stickers and updated designs featuring the new logo. Quantities are limited, so be sure to stop by early!

Whether you are in automotive, industrial, medical, or another safety-focused domain, this is a great opportunity to ask questions and see how ELISA might support your work.

ELISA Talks and Sessions

The ELISA Project will also be featured in the Safety Critical Software track sessions. You can find the full schedule information here.

Join the ELISA Community

If you are interested in functional safety or contributing to the project, we would love to have you involved. Learn more.

👋 See You in Amsterdam

The ELISA Project is proud to be part of Open Source Summit Europe 2025 and the growing conversation around safety-critical open source systems. From booth activities to in-depth technical talks, this is a great opportunity to learn, connect, and collaborate.

Don’t forget to stop by Booth #29, attend our talks at the Safety-Critical Software Summit, and meet the people behind the project.

We look forward to seeing you in Amsterdam!