[C-safe-secure-studygroup] Fwd: (SC22WG14.14627) N2139 2017/03/28 Seacord, C Safe Secure Coding Rules Study Group

Robert Seacord rcseacord at gmail.com
Wed Mar 29 14:20:25 UTC 2017 

---------- Forwarded message ----------
From: "Andrew Banks" <andrew at andrewbanks.com>
Date: Mar 29, 2017 3:49 AM
Subject: (SC22WG14.14627) N2139 2017/03/28 Seacord, C Safe Secure Coding
Rules Study Group
To: <sc22wg14 at open-std.org>
Cc: "Mailing list for members of the MISRA C WG" <
misra-c-wg at list.misra.org.uk>, "David Ward" <david.ward at horiba-mira.com>

Ladies and Gentlemen,

When Robert circulated his report to the Study Group mailing list, I posted
the reply, below.

Quite frankly, I am unimpressed that he has now circulated it to WG14
without correction.

Andrew

MISRA C Chairman

_____________________________________________
*From:* Andrew Banks [mailto:andrew at andrewbanks.com <andrew at andrewbanks.com>
]
*Sent:* 24 March 2017 14:20
*To:* 'c-safe-secure-studygroup at lists.trustable.io'
*Cc:* David Ward
*Subject:* RE: Schedule

RcS wrote

>> I've attached a draft of a presentation that can be used to talk about
the

>> study group... it's a work in progress.

While this is Robert's personal position, there are a couple of points to
be made, to address clear suggestions of bias:

·       Slide 13 - why is MIRA highlighted as being "a for profit
organisation"?  MIRA contribute staff time for project management, in the
same way as the other (commercial) member companies contribute staff time
for document development.  CERT is not tagged as "a US-Government funded
organisation"

·       Slides 14-17 are taken (without attribution) directly from a MISRA
report to WG14…

·       Slide 19 - the restrictions in MISRA are not for the fun of it.

o       major restrictions and prohibitions on many of the remaining
standard headers in hosted implementations* to prevent vulnerabilities due
to unspecified and undefined behaviour.*

·       Slide 18 - as Addendum 2 show:

o       MISRA C is perfectly suitable as a Security Standard

o       MISRA C is a subset by design and intent - the Yes/No answers infer
a clear bias towards against a C subset (contrary to perceived opinion eg
ISO26262 & DO178)

A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170329/58f1eaf9/attachment.html>

More information about the C-safe-secure-studygroup mailing list