[C-safe-secure-studygroup] The problem with MISRA is...
Paul Sherwood
paul.sherwood at codethink.co.uk
Wed Feb 22 13:10:02 UTC 2017
On 2017-02-22 12:13, Andrew Banks wrote:
> Paul wrote:
>
>>> The main direction of this group is towards making C programs both
>>> safe and secure
>>> which I understand to be beyond the scope of MISRA C.
>
> Why? Of course this is not beyond the scope of C... whatever gave you
> that idea? Examples please?
If you are saying that the MISRA C standard already deals with how to
write secure C, then I'll have to take your word for it - I haven't
touched C since the 90s, and I haven't read the doc.
In any case, you asked for polite answers, I was attempting to offer one
:)
> Can I draw your attention to the Foreword of last year's Addendum 1
> [*] or Myth Busting #2 from any of my presentations over the past few
> years.
Thanks for that. Now I can move onto something I *do* have more current
information, which is software licensing.
Your doc includes...
"All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical or photocopying, recording or otherwise without
the prior written permission of the Publisher."
Which deters me from even reading it.
> Just because it came from a safety-critical background, there is
> nothing in MISRA C that precludes its use in security environments -
I don't think I said that.
> in the same way that its automotive heritage has not prevented its
> wide adoption across the high-integrity spectrum.
Indeed.
br
Paul
More information about the C-safe-secure-studygroup
mailing list