When developing reliable or critical software, for example in embedded systems, MISRA guidelines are widely known and their application is well supported by static code analysis solutions such as Axivion. While the focus of these guidelines is on safety concerns, the guidelines are actually also a very useful starting point when it comes to security. But the missing explicit security focus raised some concerns, and MISRA C itself notes (in MISRA C:2012 Amendment 1, Foreword, 2016):
"Unfortunately, many people focus on the safety-related software reference, and a perception exists that MISRA C is only safety-related and not security-related."
Consequently, MISRA C:2012 was extended, first by Addendum 2, which provided a mapping between MISRA guidelines and C Secure Coding rules (ISO/IEC TS 17961:2013), and then by Amendment 1, which provided additional rules specifically to cover security topics from the C Secure Coding rules that had not been covered well so far.
Later, Addendum 3 also provided a mapping to the SEI CERT C Coding Standard (2016). All these extensions combined supported the view that MISRA guidelines are also applicable in security-related environments, and users of static code analyzers such as Axivion can notice quite some overlap between all these different rulesets, regardless of whether their primary focus is safety or security.
On the C++ side, the MISRA C++ working group recently published MISRA C++:2023. In the creation of this significant update, the group reviewed not only the previous MISRA C++ and AUTOSAR C++ guidelines, but also looked at the development on the MISRA C side, including the more security-focused rules from Amendment 1.
Consequently, some rules that seemed to apply equally to C++ were included in the new version, typically with adjustments to better fit the (modern) C++ world. Also, the general tendency to focus on decidable rules was followed, so that MISRA checkers like the one included in Axivion Static Code Analysis can support compliance with the guidelines much better, thereby improving the practical value of the rules.
An example are the rules regarding errno from the MISRA C:2012 Amendment 1, which in MISRA C++:2023 were condensed to basically two decidable rules:
- a rule to forbid the use of string handling functions from the C standard library in general
and - a rule that forbids the assignment of any value other than literal 0 to errno in user code
So we can see that MISRA continues to follow its mission to "provide world-leading, best practice guidelines for the safe and secure application of both embedded control systems and stand-alone software" (www.misra.org.uk) – explicitly including also the security aspect.
Learn more about Axivion's MISRA checker.
For more information about Axivion Static Code Analysis and Axivion Architecture Verification, please see Axivion.
To schedule an appointment for a free demo, please contact us.
