ELISA Project at the Open Source Summit: Seoul, South Korea 2025

Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors.

A Cross-Domain Home for the Entire Open Source Ecosystem

Open Source Summit is not a single-focus, niche event—it’s the big tent that unites the full spectrum of open source technologies and communities. Whether you work in cloud infrastructure, Linux kernel development, AI/ML, embedded systems, DevOps, security, or safety-critical systems, Open Source Summit offers a shared space to exchange ideas, make connections, and learn across domains. It’s where technologists who don’t typically land in the same room get a chance to collaborate.

At the same time, Open Source Summit brings in the leaders and practitioners who support the ecosystem from non-technical angles: open source program office (OSPO) staff, legal experts, policy advocates, standards organizations, equity champions, community managers, and foundation leaders. Together, they help shape the frameworks, culture, and strategy that make open source work.

A Strategic Gathering for Open Source’s Future

This event serves as a strategic checkpoint for the open source movement. It’s where conversations happen about not only what’s being built—but how and why. From sustainability and funding models to licensing, AI alignment, security, and governance, Open Source Summit brings clarity and direction to a fast-changing open source landscape.

Whether you’re deep in code or focused on enabling the communities and structures that support it, this is where your work gains momentum and impact.

ELISA Project will be part of the Safety Critical Software Track. This track explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

Safety Critical Software Track Sessions:

Driving Safety Forward: Lessons Learned From Deploying OSS in Real-world Automotive – Jaylin Yu, EMQ

Wednesday November 5, 2025 13:35 – 14:05 KST

While OSS in Automotive is seen as the holy grail to solve SDV complexity challenges with faster time to market and higher performance, it still lacks practical real-world examples and showcases that address OSS usage in compliance with the stringent safety and security demands of Automotive. In this talk, the author shares his real-world story of bringing OSS into mass production vehicles. This includes the impact of a healthy open-source community and how academic research helped solve security gaps, leading to increased system stability. This also embraces the impact of the software supply chain, providing a proven approach, refined through failures, helping to lower dependency risk for MQTT-based remote vehicle diagnostics.The session is rounded out by highlighting the link between system utilities and safety functions, covering time synchronization, dependency management, and data integrity within a Linux system, which impact the selection of a file system, and what happens when a customer suddenly requires STR. The audience will leave the session with a holistic impression of what to consider when creating a secure, safe, OSS-based SDV automotive system. Add this session to your schedule.

DO-330 Qualification of Enhanced LLVM Structural Coverage Tool – Minji Park & Seojin Kim, The Boeing Company

Wednesday November 5, 2025 14:15 – 14:45 KST

Structural coverage identifies parts of the code that were not exercised during testing, which is crucial for the reliability of safety-critical applications. The tools used in this verification process must be qualified for confident use.This talk introduces ongoing efforts at Boeing to qualify an enhanced LLVM structural coverage tool, an open-source solution, to comply with RTCA DO-330 standards. Our goal is to utilize this tool to generate coverage data and fulfill the code coverage requirements outlined in RTCA DO-178C for safety-critical avionics software.This talk is connected to the session, “Measuring Code Coverage of the Linux Kernel in Accordance with RTCA DO-178C Considerations,” presented at the 2024 Embedded Open Source Summit North America.The talk will provide an overview of the DO-330 requirements and outline our qualification steps, including validation and verification activities. These efforts are aimed at ensuring that the data generated by the tool is considered reliable evidence for DO-178C objectives. In addition, we will discuss the challenges faced during the qualification of this open-source tool and the approaches we have taken to overcome them. Add this session to your schedule.

Introduction and Consideration of Temporal Partitioning in Avionics With Open Source Eco-System – Haesun Kim & Gihwan Kwon, The Boeing Company

Wednesday November 5, 2025 14:55 – 15:25 KST

The ARINC 653 standard is crucial for the development of integrated modular avionics (IMA) systems, providing a framework for partitioning and managing resources in safety-critical applications. This presentation explores the requirements of ARINC 653 and the considerations necessary for implementing it within an open-source environment through an operating system. We discuss the motivation for adopting ARINC 653 in IMA systems and highlight how it extends beyond a traditional POSIX environment by offering enhanced capabilities for resource management and fault tolerance, which are essential for the rigorous demands of avionics systems. Add this session to your schedule.

Smarter Code, Sneakier Risks: Supply Chain Security in the Age of AI – Lavakush Biyani, Harness

Wednesday November 5, 2025 15:55 – 16:25 KST

AI-powered code assistance tools are reshaping how we develop software, but they also introduce new and unexpected security risks. While helpful, these tools can unintentionally introduce vulnerabilities by suggesting insecure, misleading, or unverified dependencies due to incomplete or inaccurate context. This creates new risks in the software supply chain.In this talk, we will explore real-world examples of AI-generated code leading to security issues and demonstrate how to detect these threats by analyzing code changes, generating AI Bills of Materials (AIBOMs), tracking unexpected dependencies, and monitoring builds for unusual behavior. We will also cover how to identify subtle risks such as dependency confusion by tracking package versions and changes over time.I will also cover how to add these checks into CI/CD pipelines without slowing down the development cycle, giving DevSecOps teams and developers practical ways to stay secure in an AI-driven world. Add this session to your schedule.

Detecting Double Free With BPF – Bojun Seo, LG Electronics

Wednesday November 5, 2025 16:35 – 17:05 KST

Double free vulnerabilities remain a critical security and safety issue in C and C++ programs. These errors, where memory is freed multiple times, can lead to crashes or exploitable security flaws. Developers usually rely on static and dynamic analysis tools, which effectively catch most issues during testing. However, detecting double frees in production environments, particularly in embedded systems, is challenging. The reason is that conventional debugging tools often alter the memory footprint and introduce significant overhead, frequently failing to reproduce the issue due to these changes, so-called Heisenbug. This talk introduces a novel double free detection tool leveraging BPF(Berkeley Packet Filter). By collecting data in a separate process, this tool preserves the target process’s memory footprint, minimizing interference. With significantly lower overhead compared to traditional debugging tools, it enhances the reliability of detecting double frees in production, especially in performance-sensitive embedded systems. I will demonstrate how BPF’s lightweight tracing capabilities improve memory safety, offering an effective solution for real-world double free detection. Add this session to your schedule.

Telco Supply Chain Security: Implementing ISO 18974 & SBOM – Haksung Jang, SK Telecom

Wednesday November 5, 2025 17:15 – 17:45 KST

As the digital transformation of the Telco industry accelerates, the use of open source is surging. However, this has also led to unprecedented complexity and security risks in the software supply chain. This session presents a core strategy to address these challenges: supply chain management centered on the latest international standard, ISO/IEC 18974 (Open Source Security Assurance), and SBOM (Software Bill of Materials). Based on SK Telecom OSPO’s real-world adoption case and the activities of the OpenChain Korea Work Group, we will share the practical process of establishing an open source security governance framework tailored for the Telco environment. Attendees will gain actionable guidance and lessons learned for policy-making, automated SBOM generation and verification, and collaboration with supply chain partners, moving beyond mere theory. Add this session to your schedule.

To learn more about the event and register, check here.