How to Choose the Right Coding Standard for Secure Software

Richard Bellairs

A new generation of connected devices has raised concerns over security and its effect on our privacy. From voice activated speakers in smart homes, to sensors that control our traffic more effectively, the security of software is an issue that every organization needs to take seriously.

Read More
Topics: secure software, coding standard

Mind the Gap: AUTOSAR Guidelines for Modern C++

Richard Bellairs

BP107 - autosar_bridge.pngAUTOSAR has published coding guidelines for using C++ in critical and safety-related applications.

Nobody likes a gap, and until October 2017 a gap existed when it came to coding standards for C++ 14 and C++ 11 for critical and safety related software. What did exist were standards for older C++ versions, and there was nothing for the types of critical and safety related systems becoming more important in automotive and other industries. MISRA C++: 2008, for example, only went up to C++ 03 and there has been a significant evolution since then.

Read More
Topics: ISO C++, AUTOSAR, coding guidelines

The increasing relevance of AUTOSAR as we move to more connected and autonomous vehicles

Richard Bellairs

The automotive industry has never before experienced such a rapid period of change, and as our vehicles become more connected, more able to take over some of the driving functions and, eventually, be able to drive themselves, the rate of change is going to increase even further in the coming years. The major part of this change will be in software. Already, some ninety per cent of automotive innovations are based on software-driven electronic components that account for nearly half of a vehicle’s development costs.

Read More
Topics: Coding Standards, C++, Autonomous car, Assisted vehicle, AUTOSAR

Welcoming UK government guidelines on automotive cyber security

Richard Bellairs

As cars gain increasing amounts of driver assistance features that not only warn the driver but also take control, the threat of a cyber attack becomes more than an annoyance; the real danger now exists that a hacker could cause a car to crash on a public road. As the automotive industry continues its journey towards autonomy, this threat will increase.

Read More
Topics: secure application development, Autonomous car, Cyber security

Overcoming the Vulnerabilities of Assisted and Autonomous Vehicles

Fran Buchmann

Cars are undergoing a rapid change from an electro-mechanical device under the control of humans to a completely autonomous vehicle. The software, sensors and actuators that enable this transformation form an incredibly complex system.

Read More
Topics: Autonomous car, Assisted vehicle, autonomous driving systems, Software development, Software vulnerabilities

What will Drive Adoption of C++17 for Embedded Systems?

Richard Bellairs


According to a recent   Embedded Systems Survey  by the Barr Group, “Nearly 95% of embedded programmers wrote the majority of their code in C or C++”. The popularity of C++ for embedded applications is growing while the language continues to evolve. C++14 is the latest published version of the ISO standard, and C++17 Draft International Standard (DIS) was recently approved. We can now expect C++17 publication before the end of 2017.
Read More
Topics: MISRA, embedded systems, ISO C++, HICPP, C++17

Who Cares About Embedded Code Security?

Dave Morris

HINT: They Don't Work In Your Organization:

In general code security often gets overlooked and when it comes to embedded software, code security has long taken a back seat to code quality. But there are plenty of people who do care about code security and are testing the security of your code. Unfortunately, most of them don’t have your interests in mind.

Code security is based on secure coding practices and writing applications that are resistant to attack by malicious or mischievous people or applications. Secure coding helps protect a user’s data from theft or corruption. Also, an insecure application will allow an attacker to take direct control of a device or provide an access path to another device, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. 

Secure coding is important for all software; whether you write code that runs on mobile devices, personal computers, servers or embedded devices, you should become familiar with the techniques and tools to support this practice.


Read More
Topics: secure application development, Security

Is Your Embedded Software Rugged By Design?

Dave Morris


The rate at which software is being embedded into “things” is exploding. Manufacturers in the appliance, automotive, consumer electronics, and medical device industries are rapidly expanding
 the use of embedded devices powered by software, making smarter products and adding new features and capabilities. To meet the growing demand for software and to keep up with rapidly changing business and consumer trends, developers are under pressure to write and reuse more code than ever, to deliver newer and better features, and to do it all faster. This evolution dramatically impacts the reliability, safety and security requirements for software- it needs to be Rugged, like never before.

Read More

Why Security Features Don't Secure Software

Dave Morris


Secure software (or the lack thereof) is a now a daily news topic and a major challenge for a growing number of companies who are increasing the amount and complexity of software in their products. Many software architects and developers lack training in security technologies and techniques and have only a rudimentary understanding of what should be done to improve application security. The urgency to improve application security has resulted in security being added to the requirements list in the form of features. This has resulted in feature requirements such as application firewalls, data encryption modules, and adding SSL to secure data flows. While these are all positive improvements; security features don’t do much to address some of the most prevalent security issues, which are the result of insecure code.

Read More
Topics: secure application development, Static Analysis

3 Barriers to Automating Software Development

Dave Morris


It is somewhat paradoxical that many industries use software to automate and improve the delivery of products, yet the way software is often developed lags behind in the use of automation. Static analysis offers the promise of automation to improve the safety, security and reliability of software dramatically. However, purchasing a static analysis tool alone will not guarantee better software.

Read More

What Does The Jeep Hack Really Mean for IoT?

Dave Morris

Are We On The Road To Ruin :

Shortly after Wired’s scoop about Jeep vulnerabilities and the consequent decision of Fiat Chrysler to recall 1.4 million cars in the US to update their software, it provides a glimpse into the future and highlights some issues that promise to be fairly common in the future of automotive (and all other connected smart "things" ).

Read More
Topics: secure application development, Security, CERT-C

Are You Choosing Effective Test Metrics For Code Complexity?

Jill Britton

Clear as Mud :

When it comes to working with code metrics, one of the least understood aspects seems to be cyclomatic complexity.  To shed some light on the subject we need to examine  function complexity measures, and specifically the correct basis for the well-known Cyclomatic Complexity (CYC) metric. I will take a deeper dive into this topic to offer a better 

understanding of this key measure of code complexity.

Read More
Topics: Code Review, software reuse, code complexity, Code Refactoring

Building Better Software

Improving Reliability Safety and Security

We live in an interconnected world — people are interacting with machines and devices that are in turn communicating with each other-  our lives and livelihoods now depend on software.

Software innovation is driving the creation of new products and markets, increasing the pressure on development organizations to deliver more features under tight schedules and budget – and unreliable, unsafe and insecure software is not an option. 

This blog is intended to share insights and approaches to help organizations manage the increasing complexity of embedded software development and to launch secure, high-quality, feature-rich products, ahead of the competition

Subscribe to Email Updates

New Call-to-action