Open Source Summit + Embedded Linux Conference North America 2026

Managing software supply chains is an important part of safety critical software. In this talk, Joshua will describe the technologies, methods and lessons learned that the embedded software space uses to manage software supply chains using the Yocto project.

AMD, in collaboration with the Xen community, continues to advance efforts to make the Xen hypervisor safety-certifiable to ISO 26262 ASIL D and IEC 61508 SIL 3. The project has progressed from Safety Concept Approval toward the final certification phase.

This presentation will share practical lessons learned, including how we structure requirements and architecture specification documents to make them easier to review for Open Source experts. It will describe the tools and processes we use to maintain end-to-end traceability and explain how we leverage GitLab to automate requirements-based testing and verification pipelines.

We will also address the remaining challenges on the path to completion, including code coverage and FMEA. In particular, we will explain why achieving comprehensive code coverage is uniquely challenging for a widely used Open Source project such as Xen and outline the strategies we are applying to meet 100% code coverage targets.

Finally, we will describe our approach to FMEA (Failure Mode and Effects Analysis) and how it evolved to better align with existing upstream Xen failure-handling practices.

When software can directly affect whether someone lives or dies, "move fast and break things" isn't an option. But does that mean safety-critical software can't be open source? Tidepool's experience building Tidepool Loop - an FDA-cleared, open-source automated insulin delivery (AID) system for people with Type 1 diabetes - proves it can.

This talk explores how Tidepool developed an open-source quality management system (QMS) that achieves full requirements traceability and testability while preserving the collaborative, transparent ethos of open-source development. We'll walk through the real-world challenges of mapping regulatory requirements to code contributions, maintaining traceability across a distributed contributor base, and building test infrastructure that satisfies both FDA expectations and open-source community standards.

Attendees will leave with a practical framework for applying requirements traceability and verification practices to open-source projects operating in regulated or safety-critical domains from medical devices to automotive systems to critical infrastructure.

In medical robotics, innovation can be bottlenecked by vertically integrated architectures that contribute to medical “deserts” due to high costs and limited interoperability. This session explores architectural frameworks for standardizing deterministic interoperability, shifting the safety burden from non-transparent hardware to auditable software logic. By establishing these standards, this work ensures that clinical technology is not restricted by fixed vendor-lock.

Through a methodology of high-precision kinematic verification and deterministic mapping, open-source code becomes the catalyst for hardware autonomy. This approach ensures sub-millisecond reliability in the operating room while promoting lifecycle sustainability through vendor-neutral middleware.

Attendees will learn about the implementation of safety-operated envelopes and clinical validation models that facilitate reproducible research and lower barriers to local manufacturing. By prioritizing architectural transparency over closed-loop frameworks, this session outlines a path toward a more sustainable and accessible future for global healthcare.

In this session, I will discuss the importance of verifying safety-critical software by giving real-world examples of peoples' lives who were saved or put at risk by software. I will share the compliance challenges faced by software engineers working on safety-critical software. I will give a brief overview of software assurance requirements for safety-critical systems and show how formal methods and automated reasoning are accelerating and improving the assurance process. I will give a brief introduction to automated reasoning tools and semantics, and I will share success stories from a handful of open-source projects who are using these methods to reach assurance goals faster. I will finish by walking the audience through the design of a simple demonstration project that utilizes these technologies.