Safety-Critical Software Summit

Jun 24

Recap – Modernizing Software Verification – Craig Christianson, United States Air Force

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

Open Source Summit North America 2026 and Embedded Linux Conference brought together the open source community in Minneapolis from May 18–20, 2026.

According to the event report, the event welcomed 1,231 attendees from 524 organizations, with 68% of attendees in technical positions. The program included 210 conference talks selected from 977 talks submitted, reflecting strong interest and participation across the open source ecosystem.

For the ELISA Project community, the event was an important opportunity to continue the conversation around safety-critical software, open source safety standards, regulatory compliance, requirements traceability, verification, software supply chains, and safety engineering.

The Safety-Critical Software Track highlighted practical work across several domains, including aerospace, embedded systems, medical devices, robotics, avionics, automotive, and industrial systems. Sessions explored how open source communities are addressing the technical, process, and compliance needs of safety-critical systems.

Over the next few weeks, we will highlight selected session recordings from the track and share key takeaways with the community.

Session Spotlight: Modernizing Software Verification

This week, we are highlighting Modernizing Software Verification by Craig Christianson, United States Air Force.

Craig opened the session by discussing the difference between “software craftsmanship” and “software engineering,” using the analogy of building structures to explain why safety-critical software needs more than trial, error, and confidence. When software can affect whether people are protected or put at risk, stronger assurance practices are needed.

The session shared real-world examples of software in safety-critical contexts, including systems where software can help protect lives and systems where failure or compromise could create serious risk. Craig also discussed the compliance challenges faced by software engineers working on safety-critical software, including the rigorous and time-consuming nature of assurance and certification processes.

A key part of the talk focused on software assurance and the role of traceability across requirements, specifications, design, implementation, and maintenance. Craig explained how traditional assurance often depends on systematic evaluation, testing, reviews, and evidence, while formal verification uses mathematical models and proofs to reason about system behavior.

The session then explored how automated reasoning can help improve formal methods by making proofs machine-checkable, repeatable, reusable, and less dependent on manual human reasoning. Craig introduced automated reasoning tools and semantics, and showed how these approaches can help reduce errors in logical reasoning.

https://bit.ly/4w2KHJd

Craig also discussed the seL4 microkernel as an example of a system supported by formal verification. The talk explained how a small trusted computing base, strong isolation, and publicly available proofs can support higher assurance, while also noting that formal methods still rely on clearly stated assumptions.

The session concluded with a practical demonstration project built for seL4 using the Microkit build system. Craig walked through a Raspberry Pi example, showing how protection domains, mapped device registers, notifications, and hardware interrupts can be used to build a simple system while reasoning more carefully about separation and system behavior.

As open source continues to expand into regulated and safety-critical domains, this talk highlighted why modern verification methods matter. Formal methods and automated reasoning are not a replacement for all testing, but they can help strengthen assurance, improve traceability, reduce certain classes of errors, and support safer systems over time.

Watch the session recording here.

Stay tuned for more Safety-Critical Software Track session highlights from Open Source Summit North America 2026. Check the playlist here.

Jun 11

Recap: ELISA Project at Open Source Summit North America 2026

By elisaproject Ambassadors, Blog, Safety-Critical Software Summit

Open Source Summit North America 2026 brought together developers, contributors, maintainers, technologists, and community leaders to share knowledge, collaborate on solutions, and push open source projects forward.

The ELISA Project participated in the Safety Critical Software Track, which explored the intersection of open source and safety standards. Sessions covered best practices for regulatory compliance, security updates, safety engineering, requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

The track featured sessions on Space Grade Linux graduating from ELISA incubation, software supply chain management with the Yocto Project, Xen’s path toward safety certification, Tidepool’s open source quality management system for patient safety, deterministic interoperability in medical robotics, and modern approaches to software verification.

Together, these sessions highlighted how open source communities are advancing practical approaches for building reliable, transparent, and safety-critical systems across industries including aerospace, embedded systems, medical devices, robotics, and critical infrastructure.

The session playlist is now available. Watch the recordings here.

Thank you to all speakers, attendees, contributors, and community members who joined the conversations and continue to support the advancement of open source in safety-critical software.

Jun 03

ELISA Project Momentum Continues: Join Us at Upcoming Workshops, Safety Track Sessions, and Open Source Events

By elisaproject Blog, ELISA Summit, Industry Conference, Safety-Critical Software Summit, Workshop

The ELISA Project continues to grow as the open source ecosystem increasingly recognizes the importance of safety-critical systems, embedded Linux, requirements traceability, and collaborative safety engineering. Across industries such as automotive, aerospace, industrial, medical, rail, and energy, Linux is playing a larger role in systems where dependability, transparency, and long-term maintainability matter.

As this momentum builds, ELISA is expanding its presence across key open source events in 2026, creating more opportunities for contributors, maintainers, safety experts, developers, and industry leaders to collaborate.

Whether you are already involved in safety-critical Linux or are just beginning to explore how open source can support safety engineering, these upcoming events are great opportunities to learn, contribute, and connect with the ELISA community.

ELISA Workshop London 2026

The next ELISA Workshop will take place June 9–11, 2026, in London, co-hosted with Canonical. The workshop will gather ELISA members, contributors, and ecosystem partners for in-person collaboration, technical discussions, and planning around the project’s next steps. Register for the workshop here.

The London workshop agenda reflects the growing breadth of ELISA’s work. Sessions will explore safety-critical Linux, cybersecurity compliance, PREEMPT_RT latency monitoring, AI-based tooling for safety-critical development, SPDX modeling for safety cases, Software Heritage identifiers, kernel test coverage, safety manuals, Linux kernel requirements, and industry approaches to qualified Linux.

This workshop is an important opportunity for the community to collaborate directly, share progress, discuss challenges, and help define what comes next for safety-critical Linux.

Don’t miss it: registration is required, and seats are limited for in-person attendance.

Open Source Summit 2026 – Mumbai, India

ELISA’s work also connects naturally with the broader conversations happening at Open Source Summit 2026 – Mumbai, India, taking place June 16–17, 2026.

Open Source Summit is a key gathering place for developers, maintainers, technologists, community leaders, OSPO teams, legal experts, policy advocates, standards organizations, and open source ecosystem leaders. It is where the full spectrum of open source communities come together, from Linux and embedded systems to AI, cloud infrastructure, DevOps, security, and safety-critical systems.

The Mumbai event will include tracks such as Embedded, Linux, Linux for Emerging Countries, Open AI & Data, OSS Enabling & Management, Security-adjacent ecosystem topics, Zephyr, and more. For the ELISA community, this is a valuable opportunity to connect safety-critical systems work with adjacent open source domains including embedded Linux, long-term maintenance, security, and ecosystem sustainability.

Open Source Summit 2026 – Seoul, Korea

The momentum continues at Open Source Summit 2026 – Seoul, Korea, taking place August 11–12, 2026.

Like other Open Source Summit events, the Seoul gathering will bring together the technical and non-technical leaders shaping open source. It will provide another important forum for conversations around open source collaboration, governance, safety, security, sustainability, and the role of Linux across industries.

The schedule is expected to go live on June 11, 2026, making this a good time for the ELISA community to watch for relevant sessions, plan participation, and encourage colleagues across the safety-critical and embedded systems ecosystem to attend.

Open Source Summit Europe 2026: Submit Your CFP

ELISA is also encouraging community members to submit proposals for Embedded Linux Conference & Open Source Summit Europe 2026, taking place October 7–9, 2026.

This is a major opportunity to share real-world work, lessons learned, and technical progress related to safety-critical and embedded Linux systems. Suggested submission topics include:

Safety-critical software, open source and safety standards, working with regulatory authorities, security updates for safety-critical systems, safety engineering in open source projects, development data and quality assessment, requirements traceability and testability, safety analysis methodologies, safety-relevant technical features, and case studies from aerospace, automotive, industrial, medical, energy, and other safety-critical domains.

Important dates:

CFP closes: Wednesday, June 24, 2026, at 23:59 CEST
CFP notifications: Friday, July 24, 2026
Schedule announcement: Wednesday, July 29, 2026
Event dates: Wednesday, October 7 – Friday, October 9, 2026

Whether you are working on kernel requirements, safety cases, testing, tooling, compliance, documentation, traceability, or real-world deployment, your experience can help move the ecosystem forward.

ELISA at Linux Plumbers Conference 2026: Safe Systems with Linux Microconference

ELISA will also be part of the Safe Systems with Linux Microconference at Linux Plumbers Conference 2026, taking place October 5–7, 2026, at the Prague Congress Centre in Prague, Czechia, with hybrid participation available.

As Linux is increasingly used in systems with varying levels of criticality, the need for traceability between requirements, code, tests, and supporting artifacts is becoming more urgent. The Safe Systems with Linux Microconference will focus on how the Linux kernel ecosystem can better support structured requirements, documentation, testing, and artifact sharing while preserving the flexibility and speed of upstream development.

This year’s discussion will build on prior work around expressing requirements and traceability as sidecar data structures. Topics will include requirements-driven testing, semantic aspects of kernel requirements, the Linux Kernel Requirements Framework, automation tooling, technical debt reduction, kernel quality initiatives, industry adoption, and the role of requirements in education and onboarding.

The microconference is an excellent place for kernel developers, maintainers, safety architects, tooling experts, and industry stakeholders to collaborate on practical approaches for dependable, safety-relevant systems with Linux.

Why This Matters

The ELISA Project is growing because the need is growing.

Industries want to use Linux and open source software in systems where reliability, accountability, and safety evidence matter. At the same time, open source communities need approaches that respect upstream development practices rather than forcing traditional safety processes into workflows where they do not fit.

ELISA helps bridge that gap.

By bringing together experts from across organizations and industries, ELISA supports shared methods, common terminology, reusable evidence, stronger tooling, and open collaboration around safety-critical Linux. The project’s involvement in workshops, Open Source Summit events, and safety-focused sessions reflects a broader shift: safety-critical open source is no longer a niche conversation. It is becoming a central part of the open source ecosystem.

Get Involved

Now is the time to participate.

Attend the ELISA Workshop in London. Join the conversations at Open Source Summit India, Korea, and Europe. Submit a CFP for Open Source Summit Europe. Take part in the Safe Systems with Linux Microconference at Linux Plumbers Conference. Share your use cases, your challenges, your tools, and your lessons learned.

The future of safety-critical systems with Linux will be built through collaboration, and ELISA is helping create the space for that work to happen.

Mar 27

What to expect from the ELISA Project at Open Source Summit 2026 – North America

By elisaproject Blog, Critical Software Summit, ELISA Summit, Industry Conference, Safety-Critical Software Summit

Open Source Summit is the premier event for open source developers and contributors. It’s where maintainers, technologists, and community leaders come together to share knowledge, collaborate on solutions, and push open source projects forward. It’s the home for code, community, and the people driving the future of open source.

A Cross-Domain Home for the Entire Open Source Ecosystem

Open Source Summit is not a single-focus, niche event—it’s the big tent that unites the full spectrum of open source technologies and communities. Whether you work in cloud infrastructure, Linux kernel development, AI/ML, embedded systems, DevOps, security, or safety-critical systems, Open Source Summit offers a shared space to exchange ideas, make connections, and learn across domains. It’s where technologists who don’t typically land in the same room get a chance to collaborate.

At the same time, Open Source Summit brings in the leaders and practitioners who support the ecosystem from non-technical angles: open source program office (OSPO) staff, legal experts, policy advocates, standards organizations, equity champions, community managers, and foundation leaders. Together, they help shape the frameworks, culture, and strategy that make open source work.

A Strategic Gathering for Open Source’s Future

This event serves as a strategic checkpoint for the open source movement. It’s where conversations happen about not only what’s being built—but how and why. From sustainability and funding models to licensing, AI alignment, security, and governance, Open Source Summit brings clarity and direction to a fast-changing open source landscape.

Whether you’re deep in code or focused on enabling the communities and structures that support it, this is where your work gains momentum and impact.

Safety Critical Software Track:

The ELISA Project will be part of the safety track that explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

Session Highlights:BoF: Space Grade Linux: From Incubation to Foundation – Ramón Roche & Kate Stewart, The Linux Foundation

Monday May 18, 2026 5:25pm – 6:05pm CDT

SGL is graduating from ELISA incubation and launching as its own foundation. This BoF is a working discussion on three things: the structure of the new Technical Advisory Council, the near-term roadmap emerging from our mailing list, and where attendees want to plug in. New faces and long-time contributors equally welcome. Bring questions, bring priorities, bring pushback.

Software Supply Chain Management With the Yocto Project – Joshua Watt, Garmin

Wednesday May 20, 2026 11:00am – 11:40am CDT

Managing software supply chains is an important part of safety critical software. In this talk, Joshua will describe the technologies, methods and lessons learned that the embedded software space uses to manage software supply chains using the Yocto project.

The Final Phase of Xen Safety: Solving Coverage and Residual Gaps – Stefano Stabellini, AMD

Wednesday May 20, 2026 11:55am – 12:35pm CDT

AMD, in collaboration with the Xen community, continues to advance efforts to make the Xen hypervisor safety-certifiable to ISO 26262 ASIL D and IEC 61508 SIL 3. The project has progressed from Safety Concept Approval toward the final certification phase.

This presentation will share practical lessons learned, including how we structure requirements and architecture specification documents to make them easier to review for Open Source experts. It will describe the tools and processes we use to maintain end-to-end traceability and explain how we leverage GitLab to automate requirements-based testing and verification pipelines.

We will also address the remaining challenges on the path to completion, including code coverage and FMEA. In particular, we will explain why achieving comprehensive code coverage is uniquely challenging for a widely used Open Source project such as Xen and outline the strategies we are applying to meet 100% code coverage targets.

Finally, we will describe our approach to FMEA (Failure Mode and Effects Analysis) and how it evolved to better align with existing upstream Xen failure-handling practices.

From Pull Request To Patient Safety: How Tidepool Built an Open-Source Quality Management System – Tapani Otala, Tidepool

Wednesday May 20, 2026 2:10pm – 2:50pm CDT

When software can directly affect whether someone lives or dies, “move fast and break things” isn’t an option. But does that mean safety-critical software can’t be open source? Tidepool’s experience building Tidepool Loop – an FDA-cleared, open-source automated insulin delivery (AID) system for people with Type 1 diabetes – proves it can.

This talk explores how Tidepool developed an open-source quality management system (QMS) that achieves full requirements traceability and testability while preserving the collaborative, transparent ethos of open-source development. We’ll walk through the real-world challenges of mapping regulatory requirements to code contributions, maintaining traceability across a distributed contributor base, and building test infrastructure that satisfies both FDA expectations and open-source community standards.

Attendees will leave with a practical framework for applying requirements traceability and verification practices to open-source projects operating in regulated or safety-critical domains from medical devices to automotive systems to critical infrastructure.

Standardizing Deterministic Interoperability and Resource-Intelligent Design in Medical Robotics – Lilinoe Harbottle, San Jose State University

Wednesday May 20, 2026 3:05pm – 3:45pm CDT

In medical robotics, innovation can be bottlenecked by vertically integrated architectures that contribute to medical “deserts” due to high costs and limited interoperability. This session explores architectural frameworks for standardizing deterministic interoperability, shifting the safety burden from non-transparent hardware to auditable software logic. By establishing these standards, this work ensures that clinical technology is not restricted by fixed vendor-lock.

Through a methodology of high-precision kinematic verification and deterministic mapping, open-source code becomes the catalyst for hardware autonomy. This approach ensures sub-millisecond reliability in the operating room while promoting lifecycle sustainability through vendor-neutral middleware.

Attendees will learn about the implementation of safety-operated envelopes and clinical validation models that facilitate reproducible research and lower barriers to local manufacturing. By prioritizing architectural transparency over closed-loop frameworks, this session outlines a path toward a more sustainable and accessible future for global healthcare.

Modernizing Software Verification – Craig Christianson, United States Air Force

Wednesday May 20, 2026 4:20pm – 5:00pm CDT

In this session, Craig will discuss the importance of verifying safety-critical software by giving real-world examples of peoples’ lives who were saved or put at risk by software. He will share the compliance challenges faced by software engineers working on safety-critical software. He will give a brief overview of software assurance requirements for safety-critical systems and show how formal methods and automated reasoning are accelerating and improving the assurance process. He will give a brief introduction to automated reasoning tools and semantics, and will share success stories from a handful of open-source projects who are using these methods to reach assurance goals faster. Craig will finish by walking the audience through the design of a simple demonstration project that utilizes these technologies.

Learn more about the sessions and register for the event. Register for $699 with code SPRING and save over 40%.

Dec 17

Open Source summit - seoul, Korea 2025 - ELISA project

Recap: ELISA Project at Open Source Summit Seoul Korea 2025

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The Open Source Summit 2025, held on November 4–5 in Seoul, South Korea, brought together a global community of developers, engineers, policymakers, and open source leaders to advance collaboration across the ecosystem. As one of the most comprehensive gatherings in open source, the event created space for meaningful dialogue across technical and strategic domains.

The ELISA Project participated as part of the Safety-Critical Software Track, contributing to discussions at the intersection of open source development and safety standards. This track highlighted the growing role of open source in regulated and safety-sensitive environments, where reliability, transparency, and compliance are essential.

Session Highlights:

Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive – Jaylin Yu, EMQ

Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive was presented by Jaylin Yu from EMQ and focused on practical experience deploying open source software in mass-production vehicles. The session examined how OSS can meet automotive safety and security expectations when combined with strong community engagement, academic collaboration, and production-driven validation.

Examples included MQTT-based remote diagnostics, actor-based system design, and the use of advanced stateful fuzzing techniques to uncover concurrency, race conditions, and protocol-level issues. Jaylin highlighted how software supply-chain decisions and dependency misuse can escalate into system-wide failures in safety-critical environments.

The talk also explored post-deployment challenges such as suspend-to-RAM behavior, file-descriptor exhaustion, time synchronization, and observability gaps in Linux-based systems. Overall, the session delivered, field-tested guidance for building secure, traceable, and reliable OSS-based software-defined vehicle platforms.

DO-330 Qualification of Enhanced LLVM Structural Coverage Tool – Minji Park & Seojin Kim, The Boeing Company

DO-330 Qualification of Enhanced LLVM Structural Coverage Tool was presented by Minji Park and Seojin Kim from The Boeing Company and focused on qualifying an open source structural coverage tool for use in safety-critical avionics software.

The session explained why structural coverage is mandatory under RTCA DO-178C and how verification tools themselves must be qualified under RTCA DO-330 to produce trusted evidence. The speakers described Boeing’s efforts to qualify an enhanced LLVM coverage (llvm-cov) tool, targeting statement, decision, and modified condition/decision coverage (MC/DC) required for higher software assurance levels. The session covered key details including how line and branch coverage were aligned with DO-178C objectives through source formatting, pipeline instrumentation, and toolchain integration.

The talk also outlined the determination of Tool Qualification Level (TQL 5), required qualification artifacts, and validation and verification activities needed to support certification. The session concluded with challenges of qualifying open source tools such as version changes, object code coverage, and regulatory submission and how Boeing is addressing them to enable compliant use of OSS in avionics systems.

Introduction and Consideration of Temporal Partitioning in Avionics With Open Source Eco-System – Haesun Kim & Gihwan Kwon, The Boeing Company

Introduction and Consideration of Temporal Partitioning in Avionics With an Open Source Ecosystem was presented by Haesun Kim and Gihwan Kwon from The Boeing Company and examined how ARINC 653 enables safe and deterministic operation in integrated modular avionics (IMA) systems.

The session introduced the motivation for adopting ARINC 653, comparing traditional federated avionics architectures with IMA approaches that rely on strict temporal and spatial partitioning. Key technical details covered the ARINC 653 two-tier scheduling model, including module-level scheduling across partitions and rate-monotonic process scheduling within each partition.

The speakers discussed gaps between ARINC 653 requirements and current open-source operating systems, highlighting challenges in scheduling, process management, and health monitoring. The talk concluded with Boeing’s ongoing collaboration with open-source communities and future work to bridge these gaps and enable compliant, safety-critical avionics systems built on open-source technologies

Smarter Code, Sneakier Risks: Supply Chain Security in the Age of AI – Lavakush Biyani, Harness

Smarter Code, Sneakier Risks: Supply Chain Security in the Age of AI was presented by Lavakush Biyani from Harness and examined how AI-powered coding tools are reshaping software development while introducing new supply chain security risks. The session explained how AI-generated code can unknowingly introduce vulnerabilities through insecure patterns, outdated libraries, or hallucinated dependencies that attackers can exploit.

The session covered real-world examples of dependency confusion, AI-suggested non-existent packages, and the reuse of vulnerable dependency versions due to limited model context. The speakers introduced practical detection techniques such as analyzing code changes, generating AI Bills of Materials (AIBOMs), tracking dependency drift, and monitoring build behavior.

The session concluded with guidance on integrating these security checks into CI/CD pipelines, enabling DevSecOps teams to manage AI-driven risks without slowing development velocity.

Detecting Double Free With BPF – Bojun Seo, LG Electronics

Detecting Double Free With BPF was presented by Bojun Seo from LG Electronics and addressed the challenges of detecting double free vulnerabilities in C and C++ programs, particularly in production and embedded environments.

The session explained why traditional tools such as Valgrind and AddressSanitizer often struggle in real-world systems due to high overhead and their tendency to alter memory behavior, leading to hard-to-reproduce Heisenbugs. The session also covered a novel detection approach using BPF and uprobes to trace memory allocation and deallocation events without modifying the target process’s memory footprint.

The tool tracks allocation counters and captures stack traces in BPF maps, reporting double frees with significantly lower runtime and memory overhead. Through live demonstrations and real code examples, the talk showed how this lightweight BPF-based approach improves reliability and practicality for detecting double free errors in performance-sensitive embedded systems.

Telco Supply Chain Security: Implementing ISO 18974 & SBOM – Haksung Jang, SK Telecom

Telco Supply Chain Security: Implementing ISO/IEC 18974 & SBOM was presented by Haksung Jang from SK Telecom and focused on managing growing software supply chain risks in the rapidly evolving telecom industry.

The talk explained how increased reliance on open source in 5G, cloud-native, and software-defined networks has amplified dependency complexity and reduced visibility, creating serious security challenges. Key technical details covered the adoption of ISO/IEC 18974 (Open Source Security Assurance) as a standardized framework for vulnerability management, governance, and third-party assurance across telecom supply chains.

The session highlighted SBOM implementation using standards such as SPDX and CycloneDX, emphasizing automated generation, validation, and integration into CI/CD pipelines to enable rapid vulnerability response and regulatory compliance. Drawing from SK Telecom’s real-world OSPO experience and OpenChain Telco Work Group activities, the talk provided practical guidance on policy design, supplier collaboration, and building a trusted, standards-based telecom software ecosystem.

Key Takeaways:

The ELISA Project’s presence at Open Source Summit Seoul 2025 showed how open source is now essential in safety-critical and regulated systems.

Across automotive, avionics, embedded, AI, and telecom sessions, speakers demonstrated that open source can meet strict safety and security requirements when supported by strong processes and standards. Talks highlighted the importance of verification, deterministic system design, and low-overhead runtime analysis for real-world deployments. Supply chain security emerged as a shared priority, with SBOMs, AIBOMs, and international standards enabling visibility and trust.

Overall, the sessions reinforced that safety, security, and open collaboration must advance together.

What’s Next?

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Nov 11

ELISA Project - Open Source Summit: Tokyo, Japan 2025

ELISA Project at Open Source Summit: Tokyo, Japan 2025

By elisaproject Ambassadors, Blog, Critical Software Summit, Safety-Critical Software Summit

Open Source Summit is the place to connect directly with the people shaping open source – maintainers, developers, and community leaders, while learning from their experience and insights. It’s an opportunity to discover emerging technologies, explore practical solutions you can apply immediately, and collaborate on ideas and code that drive projects forward. Whether you’re looking to grow your skills, expand your network, or advance your career, the summit offers a unique environment to learn, contribute, and be part of the momentum powering the future of open source.

ELISA project will be represented by our community members at the Safety Critical Track.

This track explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems. Learn more.

Track Highlights:

1. Keynote: Space Grade Linux: Building a Safer, Open Source Future for Space Systems – Ramon Roche, General Manager, Dronecode Foundation

As launch cadence increases and development cycles tighten, the space industry turns to open source to meet the moment. Enter Space Grade Linux (SGL) — an initiative under the ELISA Project aimed at creating a reusable, safety-aware Linux foundation for spaceflight systems.

This talk will introduce the goals and current status of SGL, highlighting three foundational focus areas:
1. Kernel Configuration – Defining a shared starting point for space-focused Linux systems, emphasizing predictability, determinism, and traceability.
2. Booting into Linux: Exploring the safety-critical implications of system bring-up and strategies for improving reliability in space-grade deployments.
3. Userspace Strategy – Discussing early-stage decisions around minimal runtime environments, supervision, and what a safe, maintainable userspace might look like.

Attendees will get a hands-on overview of what’s already available in the GitHub repository, including a Yocto-based reference implementation and working kernel configuration. More importantly, they’ll learn how to get involved — through technical contributions, architecture discussions, or community collaboration.

2. A Human-Centric Quality Assurance Process for Open Source Software Projects – Wendi Urribarri & Carlos Ramirez, Woven by Toyota – Wednesday December 10, 2025 11:10 – 11:50 JST

As autonomous systems become part of our daily environments, ensuring software quality is critical, especially when defects can cause physical harm. In safety-critical domains like automotive, functional safety must be supported by development processes that ensure high quality and reliability, not only for embedded systems but also, in some cases, for software tools.

This talk presents an approach to support quality assurance of open source software projects. What sets this effort apart is the proposed integration of a human-centric quality strategy, rooted in human-error research informed by cognitive psychology and human factors, in the development process of these projects. We introduce a defect prediction engine designed to anticipate common error modes, enabling proactive defect prevention, focused code reviews, and targeted documentation checks. Our approach offers a fresh perspective on improving software quality across domains while aligning with the expectations of safety-critical frameworks.

3. Comparison and Proposal of Vulnerability Management Approaches in Yocto-Based Linux for the CRA – Akihiko Takahashi, Fujitsu Limited – Wednesday December 10, 2025 12:00 – 12:40 JST

Fujitsu has long provided multilateral support for SPDX, especially through activities in Yocto and SPDX. From 2016, we have been joining maintainers of meta-spdxscanner, enabling SPDX functionality for the Yocto Project. In 2024, We joined OpenSSF to enhance the security and trustworthiness of the global software supply chain. This marked a step forward in our continued dedication to this mission.

Due to the EU CRA, manufacturers in the EU will be obligated to report vulnerabilities starting in September 2026. In the context of Yocto, several vulnerability management approaches are being considered, such as cve-check, yocto-vex-check, and third-party tools. However, as of now, there is no clearly established best practice.
In this session, we will apply these vulnerability management approaches to practical use cases relevant to manufacturers covered by the CRA. The comparison includes the use of SBOMs and VEX to evaluate the effectiveness of each method. Through this analysis, we will clarify the strengths and challenges of vulnerability management in Yocto-based Linux and propose which approach is most suitable depending on the context.

4. Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive – Jaylin Yu, EMQ – Wednesday December 10, 2025 14:00 – 14:40 JST

While OSS in Automotive is seen as the holy grail to solve SDV complexity challenges with faster time to market and higher performance, it still lacks practical real-world examples and showcases that address OSS usage in compliance with the stringent safety and security demands of Automotive.
In this talk, the author shares his real-world story of bringing OSS into mass production vehicles. This includes the impact of a healthy open-source community and how academic research helped solve security gaps, leading to increased system stability. This also embraces the impact of the software supply chain, providing a proven approach, refined through failures, helping to lower dependency risk for MQTT-based remote vehicle diagnostics.
The session is rounded out by highlighting the link between system utilities and safety functions, covering time synchronization, dependency management, and data integrity within a Linux system, which impact the selection of a file system, and what happens when a customer suddenly requires STR.
The audience will leave the session with a holistic impression of what to consider when creating a secure, safe, OSS-based SDV automotive system.

5. Decoding Safe(ty) Linux Architectural Approaches for Critical Systems – Philipp Ahmann, Etas GmbH – Wednesday December 10, 2025 14:50 – 15:30 JST

For years, diverse interpretations about what it means to “enable Linux in safety applications” exist – an observation spanning multiple industries but particularly pronounced in automotive. With its long history of Linux adoption (like AGL) and current software-defined vehicle (SDV) innovation challenges, the automotive sector is undergoing a transition by both manufacturers and suppliers seeking to implement Linux also in safety critical production systems.

This presentation intends to resolve confusion around the terminology “safety Linux” versus “safe Linux”, clarifying where safety responsibility is allocated to Linux itself versus handled at the system level. By examining architectural system concepts currently implemented in products or under development, the author cuts through marketing rhetoric to provide clear distinctions between approaches. It showcases solutions employed by distributors and identifies crucial elements for safety argumentation like watchdog & monitoring.

Attendees will gain practical insights for evaluating safety approaches in Linux-based systems, including key questions to ask when assessing different safety concepts.

6. LF Energy 101: How Open Source Is Powering the Digital Energy Transition – Darshan Chawda & Nao Nishijima, Hitachi -Wednesday December 10, 2025 16:40 – 17:20 JST

The current energy sector must shift from legacy control systems, which are rigid and hardware-bound, to digital, software-defined systems that enable greater sustainability, resilience, and intelligence. To support this transformation, LF Energy, a Linux Foundation initiative, has empowered industrial partners for over seven years to collaborate through community-driven OSS projects, accelerating innovation across the digital energy ecosystem.

This talk offers a beginner-friendly introduction to LF Energy and its key projects, with a demo highlighting their role in virtualizing substations, forecasting energy, and simplifying operations through automation. These projects show how IT and AI technologies enhance grid safety, which is critical because failures in energy systems can disrupt public infrastructure. However, unlike pure IT systems, energy infrastructure relies heavily on physical hardware, making large-scale digital adoption more complex. LF Energy’s open innovation model, focused on IT/OT convergence, helps overcome these barriers by enabling redundancy, virtualization, and collaborative development, which leads to a more reliable and intelligent energy future.

Learn more about the event and register here.

Oct 22

ELISA project at the OSS Europe 2025 - Blog 4

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 4

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.

For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.

Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.

This week we highlight two talks from the Safety Critical Summit session:

Shifting Safety Techniques To a Statistical World – Imanol Allende & Nicholas Mc Guire

As safety-critical systems grow ever more complex, the traditional deterministic mindset that has long guided safety engineering is reaching its limits. In their Open Source Summit Europe 2025 talk, “Shifting Safety Techniques to a Statistical World,” Imanol Allende (Codethink) and Nicholas Mc Guire (OpenTech) challenge conventional assumptions about how we design and assure safety in modern systems.

Today’s high-performance, interconnected platforms from autonomous vehicles to adaptive software systems exhibit inherent non-determinism. Their behavior cannot always be broken down and analyzed piece by piece, as Descartes’ reductionist approach once suggested. Instead, these systems display emergent properties that arise from complex interactions, requiring a more holistic lens.

Imanol and Nicholas argue that the next evolution in safety engineering lies in statistical system analysis. Approaches such as Probabilistic Worst Case Execution Time (pWCET) and Statistical Path Coverage offer promising ways to quantify and manage uncertainty in highly dynamic environments. These methods shift assurance from absolute determinism toward probabilistic confidence, reflecting the true behavior of modern computing platforms.

The talk outlines both the limitations of traditional safety techniques and the opportunities of statistical methods, emphasizing what will be needed methodologically, technically, and culturally for such approaches to gain acceptance within the functional safety domain.

In conclusion, this session invites the safety community to embrace uncertainty not as a flaw, but as a measurable feature of complex systems and to evolve its tools and thinking accordingly.

Engineering Trust: Formulating Continuous Compliance for Open Source – Paul Albertella & Kaspar Matas, Codethink

In this session, “Engineering Trust: Formulating Continuous Compliance for Open Source,” Paul Albertella and Kaspar Matas (Codethink) argue that software requirements, as commonly practiced, are broken. High-level requirements often collapse into feature wish lists; low-level requirements drift into after-the-fact narratives. Formal process models tend to treat the dynamism of FOSS as a defect—yet that very fluidity is a core strength and the result is that project intent and expectations get lost in the noise.

Enter the Eclipse Trustable Software Framework (TSF): a lightweight, continuous compliance framework built by and for open source. TSF lets projects organize and evidence their own objectives not only those imposed by standards while remaining workflow-agnostic and requiring only git. By managing objectives, reasoning, and artifacts alongside code, TSF closes the gap between paper processes and real engineering practice.

TSF’s distinctive outcome is an automated, transparent, traceable body of evidence quantified by a confidence score. That score helps teams decide where to focus next and gives consumers a concrete way to evaluate their trust in the software. Evidence can reference code, tests, results, and validators; hashes and links keep the graph consistent as projects evolve and CI runs.

The talk walks through TSF’s model and usage, then shows how its statements, evidence, and objectives can be mapped to functional safety standards (e.g., IEC 61508 or ISO 26262) to support certification and ongoing assessment. The message is pragmatic: keep the agility of open source, but capture intent and proof continuously so compliance becomes a living activity, not a one-off paperwork sprint.

MISRA C and C++ in OSS: Yes, We Can! – Roberto Bagnara, BUGSENG / University of Parma

In his presentation, “MISRA C and C++ in OSS: Yes, We Can!”, Roberto Bagnara (BUGSENG / University of Parma) challenged a long-standing assumption: that safety- and security-critical software written in C or C++ is fundamentally incompatible with open source development.

C and C++ have powered decades of system software efficient, portable, and close to the hardware but their origins in the 1970s also carry forward deep weaknesses. Undefined and unspecified behaviors, lack of runtime checks, and a “trust the programmer” philosophy make them risky foundations for modern critical systems. When open source software becomes part of automotive, aerospace, or industrial platforms, these risks demand a structured mitigation and that’s where MISRA C and MISRA C++ come in.

MISRA defines safe subsets of C and C++, guiding developers away from dangerous constructs and toward predictable, reviewable code. These rules are not about finding bugs, but about preventing entire classes of failures by design. Mandatory rules prevent undefined behavior; advisory rules promote clarity and verifiability. Importantly, deviations are allowed if they are justified, documented, and demonstrably safe.

Roberto highlighted real-world experience applying MISRA to major open source projects such as Xen, Zephyr, and Trusted Firmware, where compliance was achieved through a combination of training, tailoring, and tooling the “three T’s.” His team’s static analysis tool ECLAIR integrates MISRA checking into continuous integration, helping projects track compliance as they evolve.

The results are encouraging: projects once reporting millions of rule violations now maintain near-complete compliance, with violations justified or eliminated and regressions automatically detected.

The key insight: safety and openness are not mutually exclusive. With collaboration, tailored guidelines, and the right tools, even complex open source ecosystems can move toward MISRA-aligned development building a foundation of trustable, verifiable software for the systems that matter most.

What’s Next?

Together, these perspectives point to a pragmatic future: combine statistical assurance, continuous evidence, and disciplined coding subsets to make safety an ongoing, collaborative property of open source.

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Oct 09

ELISA project recap blog from the Open Source Summit - Part 3

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 3

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Insights Into the Safe Open Source Vehicle Core Project for SDV – Philipp Ahmann, Etas GmbH (BOSCH)

The Safe Open Source Vehicle Core (S-Core) project, presented by Philipp Ahmann of ETAS (Bosch), is a collaborative, code-first effort to build a safety-certifiable middleware stack for software-defined vehicles (SDVs). Targeting the layers above the operating system, S-Core complements ELISA’s work and aims for ISO 26262, ASPICE, and ISO 21434 compliance. It supports POSIX-based systems like Automotive Grade Linux and Zephyr, is developed in C++ and Rust, and offers a VS Code-based dev environment with containerized builds.

Using a docs-as-code workflow with Sphinx, PlantUML, and Bazel, S-Core tightly links documentation, code, and testing through automated CI. Modules such as IPC, logging, and data persistence are under active development, with contributions from 70+ developers across 10+ companies.

Following a V-model safety process, S-Core builds in traceability, audits, and ASIL-B-level rigor, while distributors will handle final certification and integration. With a 0.5 release planned for late 2025 and 1.0 in 2026, the project is establishing a shared, open, and certifiable foundation for the next generation of safety-critical automotive software.

AutoSD: A Linux Development and Prototyping Framework for the Automotive Community – Alessandro Carminati & Gabriele Paoloni, Red Hat

AutoSD presented by Alessandro Carminati and Gabriele Paoloni (Red Hat) is an upstream, community-driven Linux distribution for automotive, backed by the CentOS Automotive SIG and serving as a public preview of Red Hat’s in-vehicle OS. Built on CentOS Stream, AutoSD adds automotive essentials: a real-time tuned Linux kernel, OSTree for transactional, rollback-safe updates, and containerized mixed-criticality so safety functions can run alongside infotainment without interference. A docs-as-code + CI approach keeps code, tests, and documentation aligned; images are declaratively built (YAML) via the Automotive Image Builder/OSBuild toolchain, and shipped as a binary distro for fast, reproducible onboarding.

A major focus is hardware enablement without the usual pain. If a SoC/board is already supported, you can boot prebuilt images and prototypes immediately. If drivers are upstream, contributors can add and maintain support in AutoSD under an upstream-first policy. For newly supported silicon, teams can evaluate quickly using a vendor BSP (“Frankenbuild”) but are encouraged to move to out-of-tree modules built against AutoSD’s stable kernel ABI for a maintainable, near-production path while upstreaming progresses.

Safety is treated as architecture, not afterthought: namespaces/cgroups isolate workloads, containers enforce domain boundaries, the kernel is real-time tuned, and intensive stress/fuzz testing (e.g., syzkaller + KASan) underpins freedom-from-interference claims. In Red Hat’s commercial in-vehicle OS, the same model maps to ASIL-B safety partitions (with a hardware watchdog and hardware-specific certification), while AutoSD remains the open, rapid-prototyping lane. Tightly aligned with communities like ELISA and Eclipse SDV, AutoSD offers a reference framework the industry can actually build on: contribute patches, enable new SoCs, propose features, and help shape a secure, updatable, and certifiable Linux base for software-defined vehicles.

What’s Next?

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Oct 07

ELISA project at Open Source Summit Europe 2025

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 2

By elisaproject Blog, Critical Software Summit, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

BASIL – What’s New, What’s Next – Luigi Pellecchia, Red Hat

At the Open Source Summit Amsterdam, during the Safety-Critical track, Luigi Pellecchia, Principal Software Quality Engineer at Red Hat and member of the ELISA Technical Steering Committee, presented the session “BASIL – What’s New, What’s Next.” BASIL is an open source tool designed to build and maintain requirements traceability for safety-critical systems in a collaborative environment. It helps engineers link requirements, test specifications, test cases, justifications, and documents into a unified traceability matrix. The tool features a web interface, a REST API for automation, and supports test execution through both built-in and external infrastructures. It also tracks all changes, manages users with fine-grained permissions, and exports full SPDX-based design SBOMs, ensuring complete traceability from design to verification.

Recent developments in BASIL include support for SPDX traceability export, import of requirements in multiple formats (CSV, JSON, YAML, StrictDoc, SPDX), and the ability to scan and import test repositories using TMT (Test Management Tool). The system now offers enhanced user management, allowing admins to clone permission sets, configure email servers for password resets, and simplify collaboration on shared components. New integrations include LAVA, enabling users to list, map, and trigger test runs from external infrastructures like GitLab CI, GitHub Actions, KernelCI, and Testing Farm. BASIL also introduces AI-assisted authoring, where large language models help draft test specifications and cases directly from selected document sections. Additional improvements include re-enabled end-to-end and API testing, broader browser compatibility, and better usability in shared environments.

In his demo, Luigi showcased how BASIL lets users select a reference document, break it into sections, and map traceable items on top. The system visualizes coverage and gaps, links tests to requirements, and executes or imports test results seamlessly. It can generate a design SBOM capturing the full traceability structure useful for ISO 26262 and similar compliance audits.

Looking ahead, the roadmap includes hierarchical document mapping, multi-reference document support, and baseline snapshots for point-in-time reviews. The team plans to migrate to PostgreSQL for scalability, improve file and folder management, enhance LAVA plugin templates, and align with the SPDX Safety Profile 3.1 specification. A PDF export option for assessors is also under consideration.

BASIL continues to evolve as a cornerstone in open source safety-critical development bringing together transparency, automation, and compliance readiness.

From Chaos to Control: Overcoming C and C++’s Inherent Unsafety – Assaf Tzur-El, Simple. Technology

In this talk, Assaf Tzur-El argues that the languages’ twin hazards are unsafety (buffer overflows, lifetime misuse, races) and unpredictability (undefined/unspecified/implementation-defined behavior). A “simple” line can become a CVE; a runtime divide-by-zero may legally do anything; evaluation order of f(a(), b(), c()) can change between calls; even fundamentals like sizeof(long) and char signedness vary. Calls to “just use Rust” collide with reality: massive legacy codebases, entrenched toolchains, domain constraints (real-time, performance, low-level access), and developer expertise mean wholesale migration isn’t practical.

The pragmatic path is discipline + enforcement. Discipline comes from structured guidelines MISRA C / MISRA C++ which codify dos and don’ts across categories (mandatory/required/advisory), with ~80% decidable by tools. Enforcement comes from wiring those rules into your pipeline: static analysis (e.g., clang-tidy/Sonar/Klocwork), -Wall -Werror, and CI gating.

Assaf illustrates how MISRA’s seemingly vague rules (e.g., “switch shall be appropriately structured”) unpack into precise checks (always have default), and how apparent collisions (e.g., “no unreachable code”) resolve once you read the rationale. Around that core, adopt defensive programming (“trust no input”), Secure-by-Design practices, and standards awareness (ISO 26262 et al.) to make failures rarer and more predictable when they do happen.

What’s Next?

The Safety-Critical track showed how open source is moving from complexity to control. BASIL is helping teams build clear, verifiable links between requirements, tests, and results bringing real traceability to safety-critical development. At the same time, Assaf Tzur-El reminded us that while C and C++ aren’t going away, we can make them safer through guidelines like MISRA, static analysis, and a defensive coding mindset.

Together, these talks highlight a shared goal: making open source software more reliable and trustworthy for safety-critical use. Stay tuned for more session highlights, and consider joining ELISA working groups to help advance safe, open software for all.

Sep 24

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 1

By elisaproject Blog, Critical Software Summit, Industry Conference, Linux Foundation, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Looking at Linux as a SEooC – Kate Stewart, The Linux Foundation; Nicole Pappler, AlektoMetis & Chuck Wolber, The Boeing Company

Linux is increasingly deployed in safety-critical systems as a Safety Element out of Context (SEooC), yet its scale and rapid evolution, thousands of contributors and near-continuous upstream change pose unique assurance challenges. This talk explains what SEooC means in practice, why it should be understood as a “safety element with assumed context,” and the implications for integrators: a SEooC is not plug-and-play. System developers remain responsible for confirming compatibility, reviewing the safety manual and assumptions of use, ensuring traceability to their own requirements, configuring the element correctly, and validating it within their specific hazard and timing constraints. We frame the work through design assurance hazard identification, design mitigation via requirements-based engineering, and implementation assurance highlighting current gaps between kernel behavior and requirements-derived tests.

The session outlines community efforts to close those gaps: defining low-level Linux kernel requirements with maintainer sign-off; advancing coverage (statement, decision, MC/DC) using LLVM-based kernel coverage and object-code mapping; and packaging evidence with an SPDX functional-safety profile. Speakers also address non-determinism (focusing on deterministic outcomes, minimal configurations) and introduce knaf for call-tree analysis from specific entry points.

Overall, these efforts show how scaling requirements, testing, and coverage within open collaboration can yield reusable evidence, strengthen kernel reliability, and align with a substantial portion of DO-178C DAL A objectives across industries.

Identifying Safety Weaknesses and Fault Propagation in the Linux Kernel – Igor Stoppa, NVIDIA

With growing interest in using Linux in safety-critical domains such as automotive, traditional functional safety practices need to be applied to an open source environment. One such practice is fault injection, where failures are deliberately introduced to study how the system reacts.

This talk by Igor Stoppa, NVIDIA, introduced a tool and methodology for injecting controlled faults into Linux kernel data structures. The goal is to uncover subtle forms of degradation that may not trigger a crash but can compromise safety goals, such as delayed system responses. By running repeatable experiments, the approach makes it possible to check whether safety mechanisms detect and report problems consistently and within required timing constraints.

The work highlights both the challenges of applying safety analysis to a large, fast-moving project like the Linux kernel and the opportunities to integrate such testing into the regular release process. Over time, this could provide valuable data on fault propagation, improve kernel reliability, and strengthen Linux’s role in safety-critical applications.

What’s Next?

The Safety-Critical Software track at Open Source Summit Europe 2025 highlighted the important progress being made toward making Linux a reliable choice in regulated and safety-sensitive domains. From exploring Linux as a Safety Element out of Context to fault injection techniques that expose hidden weaknesses, these discussions show how the community is tackling complex challenges with rigor and collaboration.

To learn more, be sure to check our upcoming blogs where we will cover more sessions from the track. If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.