Safety, Security, and Portability
There are two well-established markets for safety-critical systems and security-related systems developed in the C language. With the emergence of markets for safety- and security-critical systems, such as connected cars, it is important to precisely identify the relationship between safety, security, and portability. Existing standards and practices inadequately consider the issue or confuse these quality attributes. This whitepaper clarifies these concepts and provides definitions for safety-critical-software, security-critical-software, and security-related-software that characterize existing and emerging markets for C language programs.
This work was performed, in part, to benefit the C Safety and Security Rules Study Group within the ISO/IEC JTC1/SC22/WG14 international standardization working group for the programming language C. The purpose of this group is to study the problem of adding rules for safety-critical and safety/security-critical systems to ISO/IEC TS 17961:2013/Corrigendum 1:2016 Secure Coding Rules to produce an International Standard (IS) that addresses the needs of safety-critical systems, security-related systems, and safety- and security-critical systems. However, this short white paper will also benefit developers who are working to determine how to produce code for each of these markets.
For more information on joining the study group or secure coding in C and C++ in general, please contact Robert C. Seacord at NCC Group.
NCC Group also offers the following trainings in Secure Coding:
- Secure Coding in C and C++
- Secure Coding in C#
- Secure Coding in Java
Published date:  28 November 2017