Organisations looking to improve the quality, security and analysis of their C and C++ code early in the development life cycle are adopting MISRA coding standards to add the benchmark elements of rigor and consistency into their process across all of their application deliveries. As well as adding a coding best practice, auditing and reporting is made much easier due to the enormous knowledge and experience that comes along with the standards.
It is important to note that introducing the complete standard can deliver the discussed benefits, however, organisations can also create their own hybrid of the coding rules to meet their individual applications specific needs and variances.
MISRA was developed to provide guidance to facilitate safe and reliable coding practices for the automotive industry, however the Motor Industry Software Reliability Association (MISRA) coding standards have been adopted by many other industries developing safety-critical or business critical embedded software, including telecom, aerospace, defence, and medical. Klocwork has automated detection and reporting for MISRA-C:2004, MISRA-C++:2008 and MISRA-C:2012.
Klocwork is certified (pre-qualified) by TÜV SÜD for use in ISO 26262 projects. As with MISRA, developers should follow all ISO guidelines and ensure that any static analysis tool used in the coding process supports the ISO 26262 standard.
Trapping Security Vulnerabilities
Defensive coding through automation with a threat model in hand, developers can begin to drill-down and identify the specific security vulnerabilities that could expose their embedded software to risk. Programmers, however, aren’t security experts and can miss common security gaps, logic errors, and concurrency violations that expose code to external threats.
Automated static code analysis (SCA) tools can assist embedded software developers by helping to eliminate security vulnerabilities early in the development cycle. While automotive software development teams are familiar with traditional SCA tools, they’re limited to finding programmatic bugs only. Modern tools can detect security vulnerabilities and defects as the developer is writing code. This helps developers build security into their code and reduce risk as early as possible, without burdening the project with a lengthy defect-testing phase.
Static analysis tools can identify hundreds — if not thousands — of security vulnerabilities, including critical vulnerabilities such as buffer overflows, uninitialized data, use of dangling pointers, injection flaws, and the use of known insecure APIs and libraries.
About Rogue Wave Software
Rogue Wave Software are the largest independent provider of cross-platform software development tools and embedded components in the world. Through decades of solving the most complex problems across financial services, telecommunications, healthcare, government, academia, and other industries, Rogue Wave tools, libraries, and services enable developers to write better code, faster. More details…
Find out more…
For more information on analysing to the MISRA standard using Klocwork or tailoring source code analysis to meet in-house standards please complete the form below.