[trustable-software] From security to safety, or the other way around?

Andrew Banks andrew at andrewbanks.com
Sun Sep 25 08:26:06 UTC 2016 

>> I've been reading a very interesting paper titled 'Safety and Security Coding Standards for C' 
>> written by Robert C. Seacord for the IET (Institute of Engineering and Technology)

I'm pleased to see the IET addressing the issue, and a good choice of author!

>> Any MISRA folks have ideas on how it would extend towards (for example connected) secure systems?

As you suggest, the whole topic of Safety v Security has become a Big Thing, and I've spoken at a number of conferences (in the UK, Germany and Japan) on this and the approach that MISRA is taking - which is to address the concept of High Integrity Software, rather than focus on arbitrary semantic differences (at software level) between Safety and Security.   While MISRA C "Guidelines for the use of C in Critical Systems" was originally created as an automotive safety guideline, it has been widely adopted by other industries, and (as per its title) it is applicable for use in any critical system.

Robert Secord and I agree with each other on many aspects of the subject, although there are one or two areas where we have our differences.

The recently published Addendum 2 (coverage of MISRA C against ISO 17961 C Secure) and the imminent Addendum 3 (coverage of MISRA C against CERT-C) clearly show that we disagree with Robert's assessment that MISRA C is not *already* a security standard.  Likewise, current and planned work includes further extension into areas relevant to the hosted environment.

Furthermore, (while we suspect his intent is the opposite) we welcome Robert's observation that CERT-C is not considered a subset, as both DO-178x and ISO 26262 require a subset of C :-)

Standards, such as MISRA C and CERT-C need to continue to evolve to remain relevant, and our plans for MISRA C hope to ensure that it meets the needs for all High Integrity and Critical Systems... I am more than happy to enter into discussions, where it is felt that MISRA C needs to improve further.



Kind regards
Andrew Banks MIET FBCS CITP
Chairman, MISRA C Working Group
http://www.misra.org.uk

More information about the trustable-software mailing list