[trustable-software] ***SPAM*** Re: From security to safety or the other way around?

[Robert Seacord]

The criticism I leveraged below against MISRA has also been leveraged against CERT C.  While I was at CERT, we followed a community process but at the end of the day I had the final say over what went into the standard and what did not.  While most people agreed I was a benevolent dictator, this process was unacceptable to many including government agencies that required that any standard they adopted be developed by a recognized standards body.  Now that I have left CERT, the situation has become worse because the people left in charge are almost exclusively motivated by revenue which I think history shows can run contrary to safety and security.

MISRA is worse in many regards.  I've long been frustrated by my inability to quote the title of a MISRA rule in an academic or other publication.  This prohibition (and others) clearly inhibits the free discussion and exchange of ideas required to produce a serviceable standard.  

You can purchase a version of my book (and God bless if you do) but The SEI CERT C Coding Standard can be downloaded for free from http://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf  and the development occurs on a public wiki at https://www.securecoding.cert.org/

The contents of the CERT C Coding Standard have already been contributed to ISO/IEC and formed the foundation of ISO/IEC TS 17961.   In a few weeks, WG14 will meet in Pittsburgh, PA and will discuss the future of this document and other documents.  One possibility, is that the committee could form a study group to evolve this document into a safety / security statement as an international standard.  Study Groups allow for work to be performed in a less formal and more productive manner.  We could, for example, make all the materials available as an open source document and let any interested parties contribute freely.     

Thanks,
rCs

-----Original Message-----
From: trustable-software [mailto:trustable-software-bounces at lists.veristac.io] On Behalf Of Andrew Banks
Sent: Thursday, September 29, 2016 7:12 AM
To: 'Discussion about trustable software engineering' <trustable-software at lists.veristac.io>
Subject: Re: [trustable-software] ***SPAM*** Re: From security to safety, or the other way around?

> I think the primary (non-technical) problem with MISRA is that it is a proprietary document, and that it is developed by a rather closed process.
> An international standards body such as the ISO/IEC C Standards 
> Committee is likely the best place to perform this work as it will be developed following a formal but open process that doesn't allow one individual or organization undue influence over the resulting product.

You will, of course, expect me to disagree... :-)

The MISRA C Guidelines costs £25 - the ISO C Standard is CHF198 (£157 ish)... RCS's book CERT-C is available from Amazon for £39

Any person can apply to join the MISRA C Working Group, and all members can influence the work... no one person or organisation has undue influence. We work on a one company one vote basis.  We held a public review prior to the publication of MISRA C:2012 and will do for future works.   The MISRA C Working Group accepts that revisions to the existing Guidelines may be required (even if that affects legacy code), whereas ISO WG14 has a policy of not breaking code - even when the Standard is flawed.  Anyone who has worked within an ISO Working Group will understand that the process is very slow and cumbersome!

What matters is whether a Standard serves the purpose for which it is intended, and which is seen as adding value - adoption of MISRA C worldwide and pan-industry suggests that this is the case... even if it has been developed by a small group of enthusiastic volunteers, supported by their employers, but with no external funding!

Andrew
Posting in a personal capacity!


_______________________________________________
trustable-software mailing list
trustable-software at lists.veristac.io
https://lists.veristac.io/cgi-bin/mailman/listinfo/trustable-software