Software Integrity Blog

Author Archive

Ralf Huuck

rhuuck

Dr. Ralf Huuck is a director and senior architect with Synopsys’ Software Integrity Group. He focuses on driving next-generation technology for practical and actionable software security and compliance tools. Prior to joining Synopsys, Ralf served as the CEO with the security tool company, Goanna Software, and as a Principal Researcher with R&D lab, NICTA. He is also an Adjunct Associate Professor with UNSW, Australia.


Posts by Ralf Huuck:

 

Coverity: Setting the standard for better software

From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically on software. Not only do systems such as autonomous cars contain huge software stacks, but they also depend on a plethora of programming languages, frameworks, and communication protocols. While in the past a single developer could keep a system in his or her head, this is rarely the case today. Moreover, it is no longer sufficient to be an expert in one programming language. Efficient development often requires someone to master many languages and frameworks.

Continue Reading...

Posted in Security Standards and Compliance, Static Analysis (SAST) | Comments Off on Coverity: Setting the standard for better software

 

MISRA: Ensuring software safety and security from the start

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security are deep and pervasive characteristics. As such, it is advisable to start with solid architecture and robust code from the start. Robust software for better quality and security Coding guidelines can help in developing robust code that is portable, safe to be run in high-assurance systems, and secure against common code exploits. Motivated by these insights, the Motor Industry Software Reliability Association (MISRA) published a range of reports, recommendations, and guidelines to ensure the development of safe and secure software. Most prominently are MISRA’s guidelines for the development of C and C++ projects. These include their MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.

Continue Reading...

Posted in Automotive Security, Security Standards and Compliance | Comments Off on MISRA: Ensuring software safety and security from the start