Open Source Summit North America 2025

Over the past decade, the Xen community has worked tirelessly to develop key features that now form a top-tier automotive solution. Xen's most important role remains that of an enforcer, ensuring strict isolation between domains so that the execution of one domain remains unaffected by others. As one of the system's most critical components, Xen is well suited for the highest levels of safety certification.

Since 2023, AMD, in collaboration with the Xen community, has been working to make Xen safety-certifiable according to the ISO 26262 and IEC 61508 safety standards. A major milestone was achieved in Q4 2024 when we obtained Safety Concept Approval from the safety assessors. They reviewed Xen and our safety plans and confirmed compliance with the relevant standards. This is a critical milestone on the road to Xen safety, demonstrating that Xen can be safety-certified.

This presentation will provide detailed insights into the Safety Concept, the activities involved in its development, and the review process. Additionally, it will offer an in-depth update on our journey toward achieving Xen safety certification.

The Rust programming language is experiencing rapid adoption in critical infrastructure and systems programming, propelled by its memory safety guarantees and developer productivity advantages. Significant technology policies, such as the US National Cyber Strategy, explicitly endorse Rust as a pathway to memory-safe software. Unsafe code blocks, however, can circumvent Rust’s compile-time guarantees. To address this disparity, AWS has collaborated with the Rust Foundation on the Rust Standard Library Verification project, whose objective is to formally verify the safety of the Rust standard library. We are actively integrating automated verification into the Rust Library release process, thereby ensuring continuous safety validation across releases.

Our presentation will elucidate the structural framework and rationale underpinning our verification contest. We will demonstrate our current progress, showcasing successful verification examples and discussing the diverse open-source tools employed in the verification process. We will conclude with our prioritized areas for 2025 and practical ways for the Rust community to actively participate in this pivotal security initiative.

Recently the Safe Open Vehicle Core (S-Core) project was started as a collaborative code-first project between automotive OEMs and Tier suppliers developing a safety-certifiable middleware stack for high-performance ECUs in software-defined vehicles. Targeting the non-differentiating core functionality, S-Core middleware software sits between the hardware abstraction layer and the platform API accessed by vehicle function applications. Compatible with POSIX-based OSes like Automotive Grade Linux and complementary to the ELISA project, S-Core focuses on achieving ISO 26262, ASPICE, and ISO 21434 compliance.

This presentation details S-Core's development process, scope, status, and timeline, highlighting its integration within the broader automotive safety and SDV landscape. The author further showcases the project's work towards robust and automated development through a docs-as-code approach utilizing open-source tools such as ReStructuredText, Sphinx-Needs, Bazel, and PlantUML.

The shift towards software-defined vehicles (SDVs) is set to profoundly impact Original Equipment Manufacturers (OEMs) and their supply chains. As vehicles become increasingly defined by software and connectivity, OEMs face a new era of software supply chain logistics that emphasizes agility, cybersecurity, and regulatory compliance. This presentation examines how SDV technology affects each stage of the OEM supply chain, from sourcing and logistics to manufacturing and data-driven optimization. Critical to this transformation is the secure management of software and data flows across the supply chain, with a focus on cybersecurity strategies to counter software-based vulnerabilities. Additionally, the presentation explores how data analytics can be leveraged to streamline logistics and ensure compliance with rapidly evolving regulations

As open-source adoption expands into safety-critical domains, ensuring continuous compliance is a growing challenge. This session, grounded in the ELISA (Enabling Linux in Safety Applications) project, explores how SBOM-driven traceability can bridge the gap between open-source development and regulatory safety requirements. We’ll cover how SPDX 3.x, automated CI/CD workflows, and tools like ELISA’s BASIL enable traceability between compliance requirements, validation tests, and software components. Attendees will gain insights into best practices for managing SBOM evolution, mitigating risks in change impact analysis, and integrating compliance automation into modern DevOps pipelines. Whether you’re in open-source governance or safety-critical software engineering, this session provides actionable strategies to align compliance with innovation.