Safety and Security Critical Software: Start with the End in Mind
Dr. Marcel Beemster, CTO of Solid Sands and Mark Hermeling, VP of Worldwide Sales @ GrammaTech
About this talk
Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way that you intend it to? As a first step, automated testing is really important. Though necessary, it is not sufficient as testing is limited by definition. There are other fault vectors to consider.
The first line of defense in functional safety is typically your coding standard. These standards ensure that the team writes easy to understand, easy to maintain code. The next line of defense is dynamic testing, it checks whether the system behaves correctly, given a set of inputs. However, again, while necessary, this is not sufficient. There are often many paths through the system that your dynamic testing has not considered and that can lead to errors such as buffer overruns or type overruns. These are hard to find problems and can lead to system failure.
Static analysis is a technology that can help locate these types of errors early in the development cycle, thereby saving time and money. One more, sometimes overlooked, fault vector is the compiler: it is the one tool that is responsible for translating all of your source to the target processor. One error in this extremely complex tool can have an unpredictable effect on the application.
This is even more important in the age of DevSecOps in which code is always in a state ready to be released. You need to make sure you know that your compiler is up to the task. A compiler validation suite makes sure that you know how your compiler behaves. No compiler is perfect, that is why it is important to know about its weaknesses.
In this webinar Solid Sands and GrammaTech will cover these particular fault vectors and help you cover off these areas, which are often blind spots for software development teams.
GrammaTech is a leading global provider of software analysis and testing solutions used by the world's most security conscious organizations to detect, measure, analyze and resolve security and safety vulnerabilities. The company is also a trusted cybersecurity research partner for the nation’s civil, defense, and intelligence communities.…