[C-safe-secure-studygroup] Meeting Minutes - 21 February 2018

[Laurence Urhegyi]

Hi,

Meeting notes from today (not the 7 feb like i wrongly said in the 
subject of the agenda mail).

ACTION: Robert, please add a write up for the two CERT C rules which are 
similar to MISRA rule 11.8 - that is exp 40-C and exp 32-C.

For the meet up in Prague: Thursday afternoon if WG14 finishes early, or 
meet on Friday, or maybe in a pub one night.

On the topic of our audience and the deviation process (Others please 
feel free to add to these notes too):

The outputted document for this study group is for analysers, not for 
system developers. So: 'hey, analyser vendor, can your tool diagnose the 
following rule?' This is black/white: the  tool will either conform or 
not. It's up to different organisations to mandate a deviation process. 
But we keep seeing MISRA rules which are useful, but we are finding edge 
cases and we need a deviation process for these. Can we get analyser 
vendors to admit that there needs to be a process for deviations, which 
*will* come up at some point? Analyser vendors can have the black/white 
position, but what about analyser users? it should be them who have the 
deviation? Deviation process for end users?

See the intro to the Any specific changes to the intro - modify the wiki 
and post to the list.

Rule 11.8
https://gitlab.com/trustable/C_Safety_and_Security_Rules_Study_Group/wikis/misrarule11.8
Safety profile? Yes
Security profile? Non consensus

Lastly, please check the below list of assigned rules and add an entry 
to the wiki page prior to the next meeting.

11.6 - Roberto
11.7 - Gavin

12.4 - Roberto

13.1 - Clive
13.2 - Fulvio
13.3 - Gavin
13.4 - Robert
13.5 - Martin
13.6 - Aaron

14.1 - Roberto
14.2 - Clive
14.3 - Fulvio
14.4 - Robert

15.1 - Aaron
15.2 - Martin
15.3 - Roberto
15.4 - Gavin
15.5 - Robert
15.6 - Fulvio
15.7 - Clive

16.1 - Martin
16.2 - Aaron