[trustable-software] From security to safety, or the other way around?

Colin Robbins colin.robbins at qonex.com
Thu Sep 29 11:59:50 UTC 2016 

Hello,

>From my experience, the debate about how a standard is produced is a red-herring.   I worked on both ISO committees, IETF groups, Open Group and probably others over time.

The critical part is adoption.   A standard is pointless unless widely adopted by the community it targets.
I've seen good ISO standards not adopted, poor ISO standards adopted, some Open Group standards widely deployed, and others not used etc.

>From what I've seen MSRA C is well supported by software verification tools - therefore in that context, as a standards it is a success - it has a body of followers that choose to implement its recommendations.
This does not say anything to whether it is a good or bad standard that helps meet goals of better software.

So I'd argue we should be prepared to adopt and enhance ANY standard, irrespective of how its produced, it if meets our identified objectives.   

The X.509 security standard pretty much works like this.  It was defined by ISO using their adopted processes.  The IETF community liked the framework, but needed a more agile approach to evolving the standard, so defined a set of RFC's using their own processes that effectively added to / modified the ISO standard.

Regards,

Colin Robbins
Nexor.

Tel: +44 (0) 115 953 5541 

-----Original Message-----
From: trustable-software [mailto:trustable-software-bounces at lists.veristac.io] On Behalf Of Andrew Banks
Sent: 29 September 2016 12:12
To: 'Discussion about trustable software engineering' <trustable-software at lists.veristac.io>
Subject: Re: [trustable-software] Re: From security to safety, or the other way around?

> I think the primary (non-technical) problem with MISRA is that it is a proprietary document, and that it is developed by a rather closed process.
> An international standards body such as the ISO/IEC C Standards 
> Committee is likely the best place to perform this work as it will be developed following a formal but open process that doesn't allow one individual or organization undue influence over the resulting product.

You will, of course, expect me to disagree... :-)

The MISRA C Guidelines costs £25 - the ISO C Standard is CHF198 (£157 ish)... RCS's book CERT-C is available from Amazon for £39

Any person can apply to join the MISRA C Working Group, and all members can influence the work... no one person or organisation has undue influence. We work on a one company one vote basis.  We held a public review prior to the publication of MISRA C:2012 and will do for future works.   The MISRA C Working Group accepts that revisions to the existing Guidelines may be required (even if that affects legacy code), whereas ISO WG14 has a policy of not breaking code - even when the Standard is flawed.  Anyone who has worked within an ISO Working Group will understand that the process is very slow and cumbersome!

What matters is whether a Standard serves the purpose for which it is intended, and which is seen as adding value - adoption of MISRA C worldwide and pan-industry suggests that this is the case... even if it has been developed by a small group of enthusiastic volunteers, supported by their employers, but with no external funding!

Andrew
Posting in a personal capacity!


_______________________________________________
trustable-software mailing list
trustable-software at lists.veristac.io
https://lists.veristac.io/cgi-bin/mailman/listinfo/trustable-software
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4833 bytes
Desc: not available
URL: <https://lists.veristac.io/pipermail/trustable-software/attachments/20160929/3103e553/attachment-0001.bin>

More information about the trustable-software mailing list