[C-safe-secure-studygroup] Welcome to the C Safe-Secure Study Group

Thu Dec 15 10:34:25 UTC 2016

Hi Robert

One item I think we ought to add, possibly as 4.1, is to identify the
audience for the rules/advice the study group is going to develop.

As I see it there are at least three possibilities:

   1. *the code developers*:  Traditionally (e.g. MISRA and IEC61508),
   safety guidance is targeted at the developers, often with compliance being
   a contractual requirement. The customers don't necessarily want to review
   the code themselves (but may do), but want to know that evidence of
   compliance is available
   2. *the customers for the code*:  For  TS17961  the model was that
   customers for the code would review it against the rules after its
   delivery, with no expectation that it had been developed with compliance in
   mind. Indeed, an explicit aim was that it could be applied to legacy code
   3. *writers of coding standards*:  This is the WG23 Software
   Vulnerabilities approach, i.e. identify the set of problems that a coding
   standard should address, but leave domain experts to work up detailed
   coding rules

.All the best

      Clive Pygott
      LDRA Inc

On Wed, Dec 14, 2016 at 8:39 PM, Robert Seacord via
C-safe-secure-studygroup <c-safe-secure-studygroup at lists.trustable.io>
wrote:

> Welcome to the C Safe-Secure Study Group.
>
> The charter of the group is:
>
> 1.  To study the problem of adding coverage for safety-critical and
> safety/security-critical issues into the existing C Secure Coding Rules TS.
>
> 2.  To study the problem of addressing safety and security issues related
> to parts of the C standard not currently covered by the TS, such as
> concurrency.
>
> 3.  To propose updates to TS 17961 based on these studies and based on
> experience gained with the TS since its publication.
>
> 4.  To recommend to WG14 a course of action for the resulting document,
> such as creating a new edition of the TS, or making it into an
> International Standard.
>
> The first order of business is to announce the organizational meeting of
> the Study Group on this WG14 reflector.  I would like to schedule this for
> a time that can accommodate those folks who have responded positively that
> they would like to participate in the study group (e.g., everyone on this
> mailing list).  I think most of the current participants are in Western
> Europe and the East Coast of the United States.  Consequently, I think we
> should probably shoot for perhaps a 4PM GMT / 11 AM EST time.  I would like
> to hold the inaugural meeting the first week of the new year (e.g., 1/3 -
> 1/6).  Please email Laurence Urhegyi <laurence.urhegyi at codethink.co.uk>
> with your availability and preferences (and optionally cc me or the list).
> Laurence has agreed to help out with some of the administrative /
> management tasks for the study group.
>
> The initial draft agenda for the inaugural meeting is:
>
> 1.  Identify officers for the study group.
> 2.  Decide what we want to name the study group.
> 3.  Decide how frequently we want to meet, and what form these meetings
> should take.
> 4.  Discuss the scope of the study group.
>
> Our first deadline following the inaugural meeting is to propose a
> schedule for this effort at the upcoming C Standards Meeting in Markham,
> Ontario 2017–4–3/7 (see http://www.open-std.org/jtc1/
> sc22/wg14/www/docs/n2084.htm).  To propose a schedule, we need to figure
> out what we hope to accomplish and who can contribute to the effort and at
> what level.
>
> Thanks,
> rCs
>
>
>
>
>
>
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-
> safe-secure-studygroup
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/cgi-bin/mailman/private/c-safe-secure-studygroup/attachments/20161215/4a66a960/attachment.html>