October 17
33
t
ooLs
& s
oFtwArE
Secure embedded software –
choosing the right coding standard
By Richard Bellairs,
PRQA
This article compares
state-of-the-art coding standards
and explains how adherence to them
can help developers deliver more
secure C and C++ code.
An increasing number of products that
touch our daily lives are connected to the
internet. This brings many benefits, but also
introduces potential security vulnerabilities.
It is imperative that the software powering
these products is developed with security in
mind. Adoption of a strong coding standard
that addresses known security issues has
been shown to deliver more secure products.
Enforcing this standard with automated code
analysis tools will help to ensure products are
delivered on time and in budget.
The pace of change in consumer products is
amazing and the rate of innovation continues
to accelerate. A new generation of connected
devices and socially oriented services con-
tinues to impact our lives in profound ways,
from the use of voice-activated speakers to
control our smart homes to the hundreds of
sensors that are used to control traffic in our
cities more effectively. The widespread adop-
tion of connected devices raises concerns over
their security and our privacy.
Security of software is a hot topic, and one
that every organization must address effec-
tively. C remains the dominant language for
embedded software development in consumer
products, with C++ growing in popularity.
There is no shortcut to achieving software
security; reducing the risk it poses requires a
concerted effort, and an appreciation of best
practice industry guidelines. Applying coding
standards to the development of safety-criti-
cal software is a widely adopted practice, but
coding standards that target security issues
are still relatively new. Demand for software
security standards has increased as a result
of the Internet of Things (IoT); the security
of data and the connections between devices
have been shown to have serious security
flaws. Some examples of high-profile failures
include the hacking of TrendNet nanny cams
and the failure of Nest thermostats due to a
flawed software update. Security and privacy
breaches not only put users at risk, but also
have the potential to cause significant damage
to company reputation. As such, security is a
commercial imperative.
Recognition of the importance of security has
increased over recent years. New security-fo-
cused coding standards have emerged along-
side the more mature safety-critical standards.
Although the underlying goals are different,
their recommendations frequently overlap.
Most of the coding standards considered in this
article use rules to prohibit aspects of a language
that are considered inappropriate by the issu-
ing standards body. In addition, they prescribe
ways to enrich the development process and the
language effectiveness. In some respects, they
define a new language, with specific empha-
sis on delivering greater security, improved
predictability, increased robustness and better
maintainability. Today most popular coding
standards for security are the CERT C Secure
Coding Standard; MISRA C:2012; and the C
Secure Coding Rules (ISO/IEC TS 17961:2013).
For the purposes of comparison, the coding
standards covered in this article have been
assessed using nine categories, some of which
include a qualitative indication of how the
coding standards perform. The performance
indicator (1 to 3 stars) is derived from con-
siderations and impressions PRQA has col-
lected from its wide customer base which, by
any measure, can be considered an official
endorsement of any standard. We categorized
the standards as follows:
Industry:
the original industry sector targeted
by the coding standard.
Reference language version: the version of the
C Standard that is currently used as a refer-
ence for the coding guidelines. This is import-
ant as it can influence the choice of coding
standard for a project; for example, if C11 is to
be used (for instance, because some of its fea-
tures make it the most applicable for a given
application) MISRA C:2012 is not a good
candidate unless specific compliancy require-
ments make it necessary.
