[C-safe-secure-studygroup] Agenda - 20170823

Laurence Urhegyi laurence.urhegyi at codethink.co.uk
Wed Aug 23 13:54:37 UTC 2017


## Starting with discussion of:

1) Criteria for rule inclusion for the different profiles.
- Martin has raised the need for a set of criteria for rule inclusion in 
order to create a more objective environment for a vote.
- Especially in regard to rules that have to do with readability. For 
example, Martin has said that Rule 8.13 is generally a good practice to 
follow in any code-base for any software, so should be included in any 
profile. Therefore it seems that if we are going to exclude a rule such 
as that from either profile, we should be clear on why.
- Currently the distinction is somewhat unclear in general, not just 
this rule: although it's a good example because, in summary: this rule 
is good practice, but it is so subjective that it would be totally wrong 
for a project to fail a security audit because of it.

2) Required Visualisation Mechanisms: a potential category of rules 
which inform the programmer what they have done and ask whether it was 
intended.

## Rules

10.2 - Robert
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.2

10.3 - Clive
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.3

10.4 - Martin


10.5 - Aaron
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.5

10.6 - Fulvio
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.6

10.7 - Roberto


10.8 - Robert



More information about the C-safe-secure-studygroup mailing list