|MISRA Guidelines for secure coding - further updates |
The MISRA C Working Group are pleased to announce the publication of two Addenda to the MISRA C:2012 guidelines. News item posted Thursday, February 01, 2018
The 2nd edition of MISRA C:2012 Addendum 2 (Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 "C Secure") updates the document to include coverage provided by Amendment 1 (Additional security guidelines for MISRA C:2012).
MISRA C:2012 Addendum 3 (Coverage of MISRA C:2012 against CERT C) provides an analysis of the coverage provided by MISRA C:2012 (including Amendment 1) against the recommendations provided by CERT C.
Together, these two documents demonstrate that MISRA C provides best practice guidelines for the development of secure applications, as well as the widely considered applicability of MISRA C for safety-related systems.
Future work within the MISRA C Working Group on the Standard Library for Hosted Applications, and to add the new features of C11 are underway, and will enhance the coverage of MISRA C in these areas.
|MISRA C:2012 TC1 published |
Since the publication of MISRA C:2012 and its adoption by industry and the wider C community, a number of issues have arisen, both from discussions within the MISRA C Working Group and in response to feedback via the MISRA C Forum on this bulletin board. News item posted Tuesday, August 01, 2017
MISRA C:2012 Technical Corrigendum 1 provides clarification on these issues, and should be read in conjunction with the original MISRA C:2012 document.
The document is available to download from the resources section of the MISRA Forum, link here.
|MISRA Safety Case guidelines public review |
MISRA is pleased to announce that a draft of its “Guidelines for Automotive Safety Case Arguments” will shortly be available for public review. The ISO 26262 standard defines a safety case as an “argument that the safety requirements for an item are complete and satisfied by evidence compiled from work products of the safety activities during development”. This new MISRA document will give practical guidance on a model for structuring automotive safety arguments, although its principles may also be applicable in other sectors. News item posted Wednesday, November 09, 2016
Update 25 November 2016. The call for reviewers is now closed. Thank you to everyone who has responded and we will be in contact within the next week regarding the next steps in the review process.
|MISRA Compliance:2016 published |
MISRA has today published MISRA Compliance:2016 which sets out a framework for claiming compliance with MISRA coding guidelines including guidance on a robust and structured process for the use of deviations. It includes a mechanism for establishing pre-approved "permits" to help streamline the deviation process. It supersedes the compliance, deviation and process requirements previously published in various MISRA coding guidelines.
Associated with this, MISRA C:2004 Permits presents a number of deviation permits covering commonly-encountered use cases for use with the MISRA C:2004 guidelines. It should be used in conjunction with MISRA Compliance:2016, a companion document which describes the purpose of deviation permits and which sets out the principles by which the concept of MISRA Compliance is governed. News item posted Wednesday, May 25, 2016
Both documents are available as a free download from this website (see under "Publications") or from the MISRA Bulletin Board.
|MISRA guidelines for security published |
MISRA has today published the mapping of MISRA C coverage of the "C Secure" requirements found in ISO/IEC TS 17961:2013. This mapping shows that for freestanding applications, MISRA C already has excellent coverage of the "C Secure" requirements. Additional guidelines are provided in MISRA C:2012 Amendment 1 to improve the coverage of the security concerns highlighted by the "C Secure" guidelines.
Both documents are available as a free download from this website (see under "Publications") or from the MISRA Bulletin Board. News item posted Wednesday, May 25, 2016
|MISRA clarifies safe and secure uses of the C language |
New documents to be launched at the Device Developer Conference
MISRA is releasing new documents to clarify use of the MISRA C Guidelines in developing any application with high integrity or high reliability requirements – both safety-related and security-related. The release will take place at a MISRA workshop at the Device Developer Conference in Cambridge on 27 April 2016.
The MISRA C Guidelines are internationally accepted as setting out a subset of C for use in critical systems. Generally this is understood to mean for use in safe systems. However the guidelines are equally appropriate for secure systems, a topic of increasing concern with the growth of the Internet of Things. ISO/IEC JTC1/SC22/WG14 (the committee responsible for maintaining the C Standard) has published its C Language Security Guidelines (ISO/IEC 17961:2013). MISRA has carried out a coverage comparison between this and MISRA C:2012 and is publishing the resulting coverage matrix as MISRA C:2012 Addendum 2. Alongside MISRA C:2012 Amendment 1 “Additional security guidelines for MISRA C:2012”, which includes a small number of additional guidelines, to improve the coverage of the security concerns highlighted by the ISO C Secure Guidelines, particularly in the use of "untrustworthy data", MISRA C is demonstrably suitable for both safe and secure applications.
To read the full press release click here. News item posted Friday, April 22, 2016
|MISRA C:2012 Examples Suite available |
MISRA is pleased to announce that a set of code examples for MISRA C:2012 is available to download. These can be found in the “Resources” section of the MISRA Bulletin Board (free registration is required to access this area of the Bulletin Board). See "Resources" above for a link,
This set of files is intended to illustrate issues addressed by the MISRA C rules as expressed in MISRA C:2012 “Guidelines for the use of the C language in critical systems”. The code examples are mainly taken from the example sections in the MISRA C:2012 guidelines. It is not intended to be an exhaustive test suite and should not be used as such; however they may help users of the document understand compliant and non-compliant code.
A more comprehensive exemplar suite may be produced in the future.
News item posted Tuesday, March 11, 2014
|MISRA C:2012 now available |
De facto standard for embedded C programming completed and on sale
MISRA, the organization behind many guidelines for critical systems, is pleased to announce that MISRA C:2012 is now available at our webstore.
MISRA C:2012 extends support to the C99 version of the C language (while maintaining guidelines for C90). It also includes a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent and safer use of C in critical systems.
Click here to read the full release. News item posted Monday, March 18, 2013
|MISRA C ADC released |
MISRA is pleased to announce the publication of MISRA C ADC: Approved deviation compliance for MISRA C:2004.
MISRA C is intended to be used within the framework of a disciplined software development process. The MISRA C:2004 guidelines (Section 4.3.2) permit controlled deviation from the rules when software safety and/or quality requirements cannot otherwise be satisfied.
It should be understood that a deviation can only be adequately justified when supported by information such as:
- An appropriate reason for the need to raise a deviation;
- A description of the extent to which a relaxation of the rule is being introduced;
- An argument to support the reasons for the deviation;
- Measures which must be observed to ensure safety and/or quality.
MISRA C ADC is a technical note that is intended to be a first step in describing the requirements in greater detail. It focuses solely on the first of these topics, the common reasons for raising a deviation. News item posted Wednesday, March 06, 2013
|MISRA C:2012 release date announced |
De facto standard for embedded C programming to be available from 18 March 2013
MISRA, the organization behind many guidelines for critical systems, is pleased to announce that the latest version of MISRA C, its world-recognised standard for embedded C programming, will be available at www.misra.org.uk/shop from 18 March 2013. MISRA C:2012 extends support to the C99 version of the C language (while maintaining guidelines for C90), in addition to including a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent, safe use of C in critical systems.
To download the full press release click here. News item posted Tuesday, February 26, 2013
|MISRA members talk on ISO 26262 |
Several members of the MISRA Steering Group gave presentations recently at an IET event on safety assessments with the theme of ISO 26262 compliance. The keynote was given by the MISRA Project Manager, Dr David Ward from MIRA Ltd, and other presenters included the MISRA Steering Group Chairman, Roger Rivett from JLR. Together the presentations gave a wide perspective on what "compliance" means covering OEMs, Tier 1 and Tier 2 suppliers and safety assessors.
Webcasts of the event can be found on iet.tv (search for "26262" or try this link [will open in new window]) News item posted Friday, March 16, 2012
|MISRA C3 review - registration closed |
MISRA is working on an updated version of MISRA C and we intend to have a version available for public review in January 2012. We have now closed the call for reviewers and would like to thank everyone for their interest. We will be in touch with all those who have registered to advise them of next steps shortly. News item posted Friday, January 06, 2012
|New MISRA autocode documents |
MISRA AC GMG and MISRA AC SLSF were published in May 2009 News item posted Friday, May 29, 2009