SlideShare a Scribd company logo

Webinar misra and security

Perforce
Perforce

Software security starts at the source — your code. When your code isn’t secure, a simple coding error could lead to a catastrophic attack. But ensuring secure code can be tricky, particularly in C. And especially if you’re developing embedded software for an automobile, airplane, or medical device. Learn the secret to secure embedded systems. You’ll: -Get an example of a security vulnerability. -Compare four ways to secure embedded systems. -Learn how MISRA C rules ensure secure code.

Software
1 of 24
Download to read offline
How to Secure Embedded Systems With MISRA C Rules Richard Bellairs
2© Perforce Software Inc. All Rights Reserved. Presenter Richard Bellairs Product Marketing Manager Richard has 20+ years of experience across a wide range of industries. He held electronics and software engineering positions in the manufacturing, defense, and test and measurement industries in the nineties and early noughties before moving to product management and product marketing. He now champions Perforce’s market-leading code quality management solution.
3© Perforce Software Inc. All Rights Reserved. 1 What is ‘Secure Code’? 2 How to Ensure Secure Code in C 3 Applying MISRA Security Rules to Your Code Here’s What We’ll Cover Today
4© Perforce Software Inc. All Rights Reserved. 90% of reported security incidents result from exploits against defects in the design or code of software. Coding Errors Compromise Security
“Devil’s Ivy” gives hackers access to millions of connected devices.
In July 2015, Fiat Chrysler recalled 1.4 million vehicles at risk of wireless hack.
In May 2018, it was reported that VPNFilter malware had infected at least 500,000 routers and NAS devices.
8© Perforce Software Inc. All Rights Reserved. https://dhavalkapil.com/blogs/ Buffer-Overflow-Exploit/ void func(int a, int b) { int c; int d; // some code } void main() { func(1, 2); // next instruction } char buff[10]; buff[10] = 'a'; The stack while in func(): Example of a Security Vulnerability: Buffer Overflow in C 2 1 <return address> <%ebp of main()> <space for ‘c’> <space for ‘d’> <-- %ebp <-- %esp
9© Perforce Software Inc. All Rights Reserved. https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/ #include <stdio.h> void secretFunction() { printf("Congratulations!n"); printf("You have entered in the secret function!n"); } void echo() { char buffer[20]; printf("Enter some text:n"); scanf("%s", buffer); printf("You entered: %sn", buffer); } int main() { echo(); return 0; } Example of a Security Vulnerability: Buffer Overflow in C
Preventing Security Vulnerabilities is Critical
11© Perforce Software Inc. All Rights Reserved. ISO/IEC TS 17961:2013 4 Ways to Ensure Secure Code in C
12© Perforce Software Inc. All Rights Reserved. What is MISRA? ISO 17961 MISRA C:2012 MISRA C:2012 Amendment 1
13© Perforce Software Inc. All Rights Reserved. • MISRA C Rule 18.1 • “A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand.” • CERT ARR30-C • “Do not form or use out-of-bounds pointers or array subscripts.” • CWE-119 • Improper Restriction of Operations within the Bounds of a Memory Buffer Example of a MISRA C Security Rule
14© Perforce Software Inc. All Rights Reserved. Comparing MISRA C and Other Standards MISRA C Coverage of C Secure MISRA C Coverage of CERT C One or more MISRA Rules One or more MISRA Directives One or more MISRA Rules One or more MISRA Directives Out of Scope Not Covered
15© Perforce Software Inc. All Rights Reserved. • Coding defects lead to catastrophic security breaches and fatal safety flaws. • Static analyzers scan source code to: • Detect bugs. • Ensure compliance with best practice coding standards, like MISRA. • So, you’ll produce safe, secure, reliable software at lower cost. Static Code Analyzers Apply MISRA Rules
16© Perforce Software Inc. All Rights Reserved. Helix QAC Server Helix QAC’s MISRA C compliance module covers 100% of the rules, with the deepest coverage. Apply MISRA Security Rules to Your Code
17© Perforce Software Inc. All Rights Reserved. Established for over 30 years Combines state of the art methods Scan large-scale projects Independently certified Integrate with existing tools and CI process Report code quality trends and code metrics Gold standard for critical applications Most precise analysis of C and C++ code Project proven with millions of lines of code Compliant with international standards Friction-free deployment Manage and improve code quality Why Helix QAC for C and C++?
18© Perforce Software Inc. All Rights Reserved. The average cost of fixing defects depending on the time they have been made and detected (the data for the table is taken from the book "Code Complete" by S. McConnell). Time Detected Time Introduced Requirements Architecture Construction System Test Post-Release Requirements 1 3 5 - 10 10 10 - 100 Architecture - 1 10 15 25 - 100 Construction - - 1 10 10 - 25 Static code analysis Safe, Secure, and Reliable Software Can Be Achieved at Lower Costs
19© Perforce Software Inc. All Rights Reserved. We focus on solutions for large scale product development that increases productivity. We maintain key integrations with top tools for seamless process automation. • Align product with business requirements • Accelerate innovation • Faster time to market DevSecOps at Scale • Improve productivity and efficiency • Better quality
20© Perforce Software Inc. All Rights Reserved. Check your code. Apply your coding standard. Meet safety and security standards. Improve code quality. Reduce time and cost. Continuous Code Quality
21© Perforce Software Inc. All Rights Reserved. Recap 1 What is ‘Secure Code’? 2 How to Ensure Secure Code in C 3 Applying MISRA Security Rules to Your Code
Questions?
Contact us to schedule a demo! info@perforce.com
Follow us for news and insights! Visit www.perforce.com

Recommended

The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Fortinet Broşür
Fortinet BroşürFortinet Broşür
Fortinet BroşürGüney Bilişim
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMoti Sagey מוטי שגיא
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedMoti Sagey מוטי שגיא
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 

Recommended

The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Fortinet Broşür
Fortinet BroşürFortinet Broşür
Fortinet BroşürGüney Bilişim
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMoti Sagey מוטי שגיא
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedMoti Sagey מוטי שגיא
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
INFINITY Presentation
INFINITY PresentationINFINITY Presentation
INFINITY PresentationCristian Garcia G.
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Apresentação fortinet
Apresentação fortinetApresentação fortinet
Apresentação fortinetinternetbrasil
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesTI Safe
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10MarketingArrowECS_CZ
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
ECI Cyber Case Study EUW2017
ECI Cyber Case Study EUW2017ECI Cyber Case Study EUW2017
ECI Cyber Case Study EUW2017ECI – THE ELASTIC NETWORK™
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceCheck Point Software Technologies
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity OverviewMoti Sagey מוטי שגיא
 
Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Perforce
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems Naveen Jakhar, I.T.S
 

More Related Content

What's hot

Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Apresentação fortinet
Apresentação fortinetApresentação fortinet
Apresentação fortinetinternetbrasil
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesTI Safe
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10MarketingArrowECS_CZ
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingTonex
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 

What's hot (20)

Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
INFINITY Presentation
INFINITY PresentationINFINITY Presentation
INFINITY Presentation
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Apresentação fortinet
Apresentação fortinetApresentação fortinet
Apresentação fortinet
 
CLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José AntunesCLASS 2016 - Palestra José Antunes
CLASS 2016 - Palestra José Antunes
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
ICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity TrainingICS (Industrial Control System) Cybersecurity Training
ICS (Industrial Control System) Cybersecurity Training
 
ECI Cyber Case Study EUW2017
ECI Cyber Case Study EUW2017ECI Cyber Case Study EUW2017
ECI Cyber Case Study EUW2017
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
 

Similar to Webinar misra and security

Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Perforce
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis Perforce
 
IBM Detailed ALM/ELM for Aerospace & Defence overview
IBM Detailed ALM/ELM for Aerospace & Defence overviewIBM Detailed ALM/ELM for Aerospace & Defence overview
IBM Detailed ALM/ELM for Aerospace & Defence overviewImran Hashmi
 
C Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingC Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingTonex
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Priyanka Aash
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Perforce
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRockwell Automation
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security CA Technologies
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 

Similar to Webinar misra and security (20)

Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2
 
Security in Embedded systems
Security in Embedded systems Security in Embedded systems
Security in Embedded systems
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis
 
IBM Detailed ALM/ELM for Aerospace & Defence overview
IBM Detailed ALM/ELM for Aerospace & Defence overviewIBM Detailed ALM/ELM for Aerospace & Defence overview
IBM Detailed ALM/ELM for Aerospace & Defence overview
 
C Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C ProgrammingC Programming and Coding Standards, Learn C Programming
C Programming and Coding Standards, Learn C Programming
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding Standards
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 

More from Perforce

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsPerforce
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Perforce
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Perforce
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsPerforce
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessPerforce
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsPerforce
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog Perforce
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Perforce
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowPerforce
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldPerforce
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterprisePerforce
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMPerforce
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog Perforce
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Perforce
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure Perforce
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Perforce
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4Perforce
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Perforce
 
5 Ways to Accelerate Standards Compliance with Static Code Analysis
5 Ways to Accelerate Standards Compliance with Static Code Analysis 5 Ways to Accelerate Standards Compliance with Static Code Analysis
5 Ways to Accelerate Standards Compliance with Static Code Analysis Perforce
 
Code Quality Management Best Practices
Code Quality Management Best Practices Code Quality Management Best Practices
Code Quality Management Best Practices Perforce
 

More from Perforce (20)

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning Needs
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPs
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development Process
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOps
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New Workflow
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated World
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALM
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison
 
5 Ways to Accelerate Standards Compliance with Static Code Analysis
5 Ways to Accelerate Standards Compliance with Static Code Analysis 5 Ways to Accelerate Standards Compliance with Static Code Analysis
5 Ways to Accelerate Standards Compliance with Static Code Analysis
 
Code Quality Management Best Practices
Code Quality Management Best Practices Code Quality Management Best Practices
Code Quality Management Best Practices
 

Recently uploaded

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 

Webinar misra and security

  • 1. How to Secure Embedded Systems With MISRA C Rules Richard Bellairs
  • 2. 2© Perforce Software Inc. All Rights Reserved. Presenter Richard Bellairs Product Marketing Manager Richard has 20+ years of experience across a wide range of industries. He held electronics and software engineering positions in the manufacturing, defense, and test and measurement industries in the nineties and early noughties before moving to product management and product marketing. He now champions Perforce’s market-leading code quality management solution.
  • 3. 3© Perforce Software Inc. All Rights Reserved. 1 What is ‘Secure Code’? 2 How to Ensure Secure Code in C 3 Applying MISRA Security Rules to Your Code Here’s What We’ll Cover Today
  • 4. 4© Perforce Software Inc. All Rights Reserved. 90% of reported security incidents result from exploits against defects in the design or code of software. Coding Errors Compromise Security
  • 5. “Devil’s Ivy” gives hackers access to millions of connected devices.
  • 6. In July 2015, Fiat Chrysler recalled 1.4 million vehicles at risk of wireless hack.
  • 7. In May 2018, it was reported that VPNFilter malware had infected at least 500,000 routers and NAS devices.
  • 8. 8© Perforce Software Inc. All Rights Reserved. https://dhavalkapil.com/blogs/ Buffer-Overflow-Exploit/ void func(int a, int b) { int c; int d; // some code } void main() { func(1, 2); // next instruction } char buff[10]; buff[10] = 'a'; The stack while in func(): Example of a Security Vulnerability: Buffer Overflow in C 2 1 <return address> <%ebp of main()> <space for ‘c’> <space for ‘d’> <-- %ebp <-- %esp
  • 9. 9© Perforce Software Inc. All Rights Reserved. https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/ #include <stdio.h> void secretFunction() { printf("Congratulations!n"); printf("You have entered in the secret function!n"); } void echo() { char buffer[20]; printf("Enter some text:n"); scanf("%s", buffer); printf("You entered: %sn", buffer); } int main() { echo(); return 0; } Example of a Security Vulnerability: Buffer Overflow in C
  • 11. 11© Perforce Software Inc. All Rights Reserved. ISO/IEC TS 17961:2013 4 Ways to Ensure Secure Code in C
  • 12. 12© Perforce Software Inc. All Rights Reserved. What is MISRA? ISO 17961 MISRA C:2012 MISRA C:2012 Amendment 1
  • 13. 13© Perforce Software Inc. All Rights Reserved. • MISRA C Rule 18.1 • “A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand.” • CERT ARR30-C • “Do not form or use out-of-bounds pointers or array subscripts.” • CWE-119 • Improper Restriction of Operations within the Bounds of a Memory Buffer Example of a MISRA C Security Rule
  • 14. 14© Perforce Software Inc. All Rights Reserved. Comparing MISRA C and Other Standards MISRA C Coverage of C Secure MISRA C Coverage of CERT C One or more MISRA Rules One or more MISRA Directives One or more MISRA Rules One or more MISRA Directives Out of Scope Not Covered
  • 15. 15© Perforce Software Inc. All Rights Reserved. • Coding defects lead to catastrophic security breaches and fatal safety flaws. • Static analyzers scan source code to: • Detect bugs. • Ensure compliance with best practice coding standards, like MISRA. • So, you’ll produce safe, secure, reliable software at lower cost. Static Code Analyzers Apply MISRA Rules
  • 16. 16© Perforce Software Inc. All Rights Reserved. Helix QAC Server Helix QAC’s MISRA C compliance module covers 100% of the rules, with the deepest coverage. Apply MISRA Security Rules to Your Code
  • 17. 17© Perforce Software Inc. All Rights Reserved. Established for over 30 years Combines state of the art methods Scan large-scale projects Independently certified Integrate with existing tools and CI process Report code quality trends and code metrics Gold standard for critical applications Most precise analysis of C and C++ code Project proven with millions of lines of code Compliant with international standards Friction-free deployment Manage and improve code quality Why Helix QAC for C and C++?
  • 18. 18© Perforce Software Inc. All Rights Reserved. The average cost of fixing defects depending on the time they have been made and detected (the data for the table is taken from the book "Code Complete" by S. McConnell). Time Detected Time Introduced Requirements Architecture Construction System Test Post-Release Requirements 1 3 5 - 10 10 10 - 100 Architecture - 1 10 15 25 - 100 Construction - - 1 10 10 - 25 Static code analysis Safe, Secure, and Reliable Software Can Be Achieved at Lower Costs
  • 19. 19© Perforce Software Inc. All Rights Reserved. We focus on solutions for large scale product development that increases productivity. We maintain key integrations with top tools for seamless process automation. • Align product with business requirements • Accelerate innovation • Faster time to market DevSecOps at Scale • Improve productivity and efficiency • Better quality
  • 20. 20© Perforce Software Inc. All Rights Reserved. Check your code. Apply your coding standard. Meet safety and security standards. Improve code quality. Reduce time and cost. Continuous Code Quality
  • 21. 21© Perforce Software Inc. All Rights Reserved. Recap 1 What is ‘Secure Code’? 2 How to Ensure Secure Code in C 3 Applying MISRA Security Rules to Your Code
  • 23. Contact us to schedule a demo! info@perforce.com
  • 24. Follow us for news and insights! Visit www.perforce.com