From the moon to autonomous driving
There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically on software. Not only do systems such as autonomous cars contain huge software stacks, but they also depend on a plethora of programming languages, frameworks, and communication protocols. While in the past a single developer could keep a system in his or her head, this is rarely the case today. Moreover, it is no longer sufficient to be an expert in one programming language. Efficient development often requires someone to master many languages and frameworks.
Posted in Security Standards and Compliance, Static Analysis (SAST) | Comments Off on Coverity: Setting the standard for better software
Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security are deep and pervasive characteristics. As such, it is advisable to start with solid architecture and robust code from the start.
Robust software for better quality and security
Coding guidelines can help in developing robust code that is portable, safe to be run in high-assurance systems, and secure against common code exploits. Motivated by these insights, the Motor Industry Software Reliability Association (MISRA) published a range of reports, recommendations, and guidelines to ensure the development of safe and secure software. Most prominently are MISRA’s guidelines for the development of C and C++ projects. These include their MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.
Posted in Automotive Security, Security Standards and Compliance | Comments Off on MISRA: Ensuring software safety and security from the start