[C-safe-secure-studygroup] Agenda - 20170823
Laurence Urhegyi
laurence.urhegyi at codethink.co.uk
Wed Aug 23 13:54:37 UTC 2017
## Starting with discussion of:
1) Criteria for rule inclusion for the different profiles.
- Martin has raised the need for a set of criteria for rule inclusion in
order to create a more objective environment for a vote.
- Especially in regard to rules that have to do with readability. For
example, Martin has said that Rule 8.13 is generally a good practice to
follow in any code-base for any software, so should be included in any
profile. Therefore it seems that if we are going to exclude a rule such
as that from either profile, we should be clear on why.
- Currently the distinction is somewhat unclear in general, not just
this rule: although it's a good example because, in summary: this rule
is good practice, but it is so subjective that it would be totally wrong
for a project to fail a security audit because of it.
2) Required Visualisation Mechanisms: a potential category of rules
which inform the programmer what they have done and ask whether it was
intended.
## Rules
10.2 - Robert
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.2
10.3 - Clive
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.3
10.4 - Martin
10.5 - Aaron
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.5
10.6 - Fulvio
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule10.6
10.7 - Roberto
10.8 - Robert
More information about the C-safe-secure-studygroup
mailing list