Software Integrity

Archive for the 'Security Standards and Compliance' Category

 

Is your software MISRA clean?

“Scalpel.” “Scalpel.” “Let’s make the incision … There we go …  Spreader.” “Spreader.” “Good. A little wider. Like that. Metzenbaum.” “Metzenbaum.” “There we are. We’re at the DIVIDE_BY_ZERO site. As you can see, it starts here, and follows this path here. We’ll remove it … gently … nice, a clean extraction. Now, let’s graft in […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance, Software Quality, Vulnerability Assessment | Comments Off on Is your software MISRA clean?

 

Meet Auntie MISRA

Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance | Comments Off on Meet Auntie MISRA

 

MISRA: Ensuring software safety and security from the start

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]

Continue Reading...

Posted in Automotive Security, Security Standards and Compliance | Comments Off on MISRA: Ensuring software safety and security from the start

 

Fault Injection Podcast .004: Driving automotive software security

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars. You can always join the discussion by sending […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing, Internet of Things, Security Standards and Compliance | Comments Off on Fault Injection Podcast .004: Driving automotive software security

 

How will the EU’s GDPR set a higher data security standard?

By mid 2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?

 

Software glitch causes FAA to order Boeing 787s powered down

Until Boeing provides a permanent software fix, airlines with 787 Dreamliners in their fleet will have to power down the planes once every 22 days. A software glitch that could result in the loss of controllability for the 787s manifests itself after several hours of continuous use. The FAA says “all three flight control modules […]

Continue Reading...

Posted in Embedded Software Testing, Security Standards and Compliance | Comments Off on Software glitch causes FAA to order Boeing 787s powered down

 

5 software licenses you need to understand

There are different types of software licenses with some requiring you to make your source code public. Do you know what’s in your software? If you wrote the software yourself, the answer would be yes. But, if you’re like most people, you probably only wrote a portion of it. Industry practices vary but studies do […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance | Comments Off on 5 software licenses you need to understand

 

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out. It really is no surprise that the FDA […]

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

 

Helping the automotive industry prepare for regulations

The U.S. Government has proposed new regulation of Highly Automated Vehicles while the industry works toward self-regulation. On Monday, the Detroit News Website reported that the U.S. government will attempt regulate autonomous vehicles. Such regulation will be available in an official document titled “Federal Automated Vehicles Policy”. According to the article “[r]egulators say they will […]

Continue Reading...

Posted in Automotive Security, Security Standards and Compliance | Comments Off on Helping the automotive industry prepare for regulations

 

Software testing included in final ISA / IEC 62443-4-1

A new standard covering the secure product development lifecycle has been ratified, officially making static code analysis, software composition analysis, and malformed input testing part of the requirements. Known officially as ISA-62443-4-1 Security for industrial automation and control systems Part 4-1: Secure product development life-cycle requirement, it is part of a larger certification program designed […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Software testing included in final ISA / IEC 62443-4-1