Main Track (K-building)
Code, Compliance, and Confusion: Open Source in Safety-Critical Products
<p>The integration of Open Source Software (OSS) in functionally safe systems represents a critical intersection of innovation and compliance requirements across multiple industries. This talk examines two complementary aspects of this evolving landscape: the current state of OSS in functional safety applications and the persistent barriers hindering wider adoption.</p>
<p>2024/2025 have marked significant acceleration in the visibility and adoption of OSS in safety-critical environments, with diverse projects demonstrating varying levels of maturity. Foundation-backed initiatives like the ELISA project within the Linux Foundation are establishing frameworks for Linux in safety applications, while specialized operating systems such as Zephyr and Xen continue to gain traction. The Eclipse Foundation's Safe Open Vehicle Core (S-Core) project represents another significant advancement, aiming to create a common certifiable automotive middleware stack that addresses critical safety requirements. The ecosystem now spans from microkernel solutions like L4Re and seL4 to full-featured platforms, with Linux serving as a prime example of the opportunities and challenges in this space. Infrastructure improvements like the SPDX safety profile address critical aspects of safety documentation in Software Bill of Materials (SBOMs), while safety-certified components like the Ferrocene Rust compiler create new possibilities for language-level safety guarantees.</p>
<p>Despite this progress, substantial barriers impede broader OSS adoption in functionally safe systems. A particularly persistent challenge remains the confusion around terminology and approaches - exemplified by the distinctions between "safety Linux" versus "safe Linux" that illustrate broader issues in how safety responsibility is allocated between OSS components and system-level mitigations. By examining architectural concepts currently implemented in production systems or under development, this talk cuts through marketing rhetoric to provide clear distinctions between approaches across various open source technologies.</p>
<p>The author will address uncertainty around certification pathways, challenges in establishing sufficient evidence for safety arguments, fragmented governance models, and incomplete understanding of OSS development processes among safety assessors.</p>
<p>Attendees will gain practical insights for evaluating safety approaches in OSS-based systems, including key questions to ask when assessing different safety concepts across industries, with particular emphasis on applications where both manufacturers and suppliers are seeking to implement open source software in safety-critical production systems.</p>
<p>Links to relevant example projects as part of the talk are available in the resources.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/k1105 |
|---|---|
| Type | maintrack |
| Language | English |
More sessions
| 1/31/26 |
<p>Linux desktop is moving to a new era, ditching complex software spaghetti with years of tech debt with… a protocol? That's it? And you expect some compositor projects replace the almighty X server? Replace just the X server? When the protocol's the limit, we can do far more and far more fun stuff!</p> <p>We'll explore some more-or-less obscure uses for Wayland compositors and an embedded case study how simple task of porting DOOM to a router ended up with making it run basically all modern ...
|
| 1/31/26 |
<p>In 2026 the KDE project will turn 30, an extraordinary milestone in such a fast-paced ecosystem. </p> <p>In this talk, we'll explore the challenges we have faced over the years and how the KDE community has adapted to stay relevant, continuing to deliver a good experience for people to use on their computers ranging across laptops, mobiles and even gaming consoles.</p> <p>After glancing through our historical context, we'll discuss what's in store for KDE today and how we’re preparing for a ...
|
| 1/31/26 |
<p>Personal or professional - Linux on the desktop matters! It’s the daily interface between users and digital sovereignty – and it’s often put last. While Linux rules the cloud, servers, and mobile devices, the desktop is where control, compliance, and independence become tangible. This talk explores the current state of Linux on the desktop in Europe, with a focus on two real-world case studies from a leading automotive company and the German government. We’ll examine success stories, ...
|
| 1/31/26 |
<h1>Windows 10 is now end of life!</h1> <h2>... but not dead. Yet.</h2> <h4>The prospect of that alone should be enough to motivate change to Linux desktops - but various governments are providing a lot more reasons to move, such as...</h4> <ul> <li>tariffs (on goods and possibly services)</li> <li>unreliability (in trade and defence partnerships)</li> <li>increased need for data sovereignty ....to name a few.</li> </ul> <p>I've been part of migration projects most of my career, so in this talk ...
|
| 1/31/26 |
<p>Why Office is not as easy as you might hope. Come and hear about office algorithms & data structures, as well as the interesting engineering challenges of interoperability from the Libre / Collabora Office experience.</p> <p>Hear how many decades of accumulated backwards compatibility can make life particularly interesting. See why the temptation to start a new office suite from scratch overwhelms many people from time to time, and get some insights into the compromises that brings.</p> ...
|
| 1/31/26 |
<p>Libreboot is a coreboot distribution — just as Debian is a Linux distribution — providing fully free (libre) boot firmware for x86 and ARM systems. It replaces proprietary BIOS/UEFI firmware, initializing hardware and starting your operating system. Linux and BSD operating systems are well supported.</p> <p>Coreboot provides essential hardware initialization and then jumps to a payload program that boots your OS. Libreboot provides several payloads including, but not limited to, U-Boot, ...
|
| 1/31/26 |
<p>At Wikimedia Foundation, we run Wikipedia, the world's favourite encyclopædia and one of the top ten websites of the Internet! No unicorns, just hardware, open source, and a small engineering org.</p> <p>This talk pulls back the curtain on the stack that keeps Wikipedia fast, reliable, and resilient at global scale. Caching layers, databases, microservices, and Kubernetes are all stitched together to serve the world.</p> <p>We'll also touch on how we've brought our 25-year-old monolith into ...
|
