Enhanced Guidelines Appear for Safe, Secure C Programs
MISRA, originally the Motor Industry Software Reliability Association, has updated its guidelines for the safe and secure use of the C programming language in critical applications. The MISRA C:2012 Amendment 1, announced April 22, adds fourteen new rules focused specifically on security in response to the needs of connected systems. New rules in the amendment help developers following the MISRA standard to avoid coding practices that can introduce security vulnerabilities.
The MISRA C guidelines are an internationally accepted subset of C for use in the design of safety-critical systems. However, the guidelines are equally appropriate for secure systems, according to Andrew Banks, chairman of the MISRA C Committee. “Anyone using the C language for system development, particularly for systems that have to be safe and/or secure should be using the MISRA C Guidelines,” said Banks in the press release announcing the amendment.
“The fact is, safety and security are not separate things,” said Andrew Girson, CEO of embedded design, consulting, and training firm Barr Group in an interview with EE Times. “They’re different concepts, but have a lot of overlap.” Girson gave as an example the situation of buffer overflow. In a safety-critical system a buffer overflow could result in unreliable system behavior. But the potential for buffer overflows is also common cyber attack vulnerabilities, even if an overflow didn’t compromise safety. So, designin
More: Enhanced Guidelines Appear for Safe, Secure C Programs