×

Ready to download this white paper?

First Name
Last Name
Job Title
Company
Phone Number
Address
Country
Your download is ready!
Error - something went wrong!
   

Addressing Your Insecurities with CERT C

August 31, 2017

The definition of good quality code is evolving as demand for it increases. Coding practices have long been focused on functional safety for applications developed for sectors where a software malfunction could cause injury or death, such as medical devices, industrial, transportation, automotive, and aerospace.  

Lately, however, functional security has been more in the news. In some instances, the difference is academic. If your heart pacemaker malfunctions as the result of malicious attack, you really won’t care whether that was the result of a security or safety limitation in the software.    

But secure coding is equally imperative away from these safety critical sectors, where hacking can result in damaged brands, misused information, and identity theft, and with the threat of organized criminal activity such as the development of ransomware an increasing concern.  In either case, the challenge is to make sure the software as a whole is coded in such a way that it is safe AND secure, and adherence to a security focused standard such as CERT C is central to that. This technical briefing is an introduction to both the CERT C standard, and the way in which automated tools can help achieve its objectives.  

  • An Overview of the CERT C Secure Coding Standard 
  • Verifying compliance with the CERT C Secure Coding Standard  
  • Static Analysis 
  • Expression-level Data 
  • Control Flow Analysis 
  • Data Flow Analysis 
  • Cross Reference Analysis 
  • Comparing Static Analysis Tools
Previous White Paper
ISO 26262 a Pain in the ASIL?
ISO 26262 a Pain in the ASIL?

There is an ever-widening range of automotive electrical and/or electronic (E/E/PE) systems such as adaptiv...

Next White Paper
DO-178C: Get on a High with your Software Development
DO-178C: Get on a High with your Software Development

This technical briefing is an introduction to both the DO-178C standard, and the way in which automated too...

×

Stay updated on security-related design topics with the security edition of our Embedded Daily newsletter.

Subscribed! Look for 1st copy soon.
Error - something went wrong!