[trustable-software] From security to safety, or the other way around?

[Robert Seacord]

Paul,

I think your suggestion  is the ideal solution to this problem and that these standards need to be developed and support by the community.  I could certainly make the contents of the CERT C Coding Standard available in this fashion.  

Thanks,
rCs


-----Original Message-----
From: Paul Sherwood [mailto:paul.sherwood at codethink.co.uk] 
Sent: Tuesday, September 27, 2016 7:55 AM
To: andrew at andrewbanks.com; Robert Seacord <Robert.Seacord at nccgroup.trust>
Cc: Discussion about trustable software engineering <trustable-software at lists.veristac.io>
Subject: Re: [trustable-software] From security to safety, or the other way around?

Hi chaps,
it's great to see that established communities like CERT and MISRA are recognising the need to bring safety + security together. Unfortunately I'm not qualified to comment on the details of which direction to push, as i said.

But recognising that creating more and more standards is probably wrong [1], can I ask you both directly:

Would there be any chance to establish an open source model for MISRA and/or CERT, with a view to establish a shared understanding of best-practice together?

My dream scenario would be if we could somehow get to

- a publicly accessible git repository (e.g. on Github, GitLab or
similar)
- containing markdown text
- of one or the other standard (or maybe both)
- licensed in a permissive way
- supporting contributors
- with public discussion and community-led process to drive towards even more widely applicable norms/standards.

br
Paul

[1] https://xkcd.com/927/