A new generation of connected devices has raised concerns over security and its effect on our privacy. From voice activated speakers in smart homes, to sensors that control our traffic more effectively, the security of software is an issue that every organization needs to take seriously.
C and C++ are the dominant programming languages used for embedded systems. The flexibility they afford to the developer is one reason for their enduring popularity. This flexibility also brings danger. Even the most experienced developer can unknowingly introduce defects that lead to security vulnerabilities.
Our whitepaper, “Secure Embedded Software: How to Choose the Right Coding Standard?” examines a few of the most popular coding standards, such as the CERT C Secure Coding Standard, MISRA C:2012 and the C Secure Coding Rules (ISO/IEC TS 17961:2013) in detail. Each of these standards use rules to prohibit aspects of language that are considered inappropriate, whilst also prescribing ways to enrich the development process and the language effectiveness.
We have assessed these standards using nine categories, from coverage to market adoption. The results are summarised in a simple table, allowing you to judge the strengths and weaknesses of each and determine which is most applicable to your needs.
There is not a single best standard for secure coding. Choosing one is a process that must consider many different factors, such as the duration of the project, , the version of the language being used and the amount of legacy code. Our paper presents a framework to help you choose the right coding standard for your current development project.
To find out more and read the full version of our Whitepaper ‘Secure Embedded Software: How to Choose the Right Security Coding Standard?’ Please click here.