Publication of ISO/IEC 20246:2017

I am pleased to announce the publication of ISO/IEC 20246:2017 (Software and systems engineering — Work product reviews), which sits alongside the ISO/IEC/IEEE 29119 family.

This Standard establishes a generic framework for Work Product Reviews that can be referenced and used by all organisations involved in the management, development, test and maintenance of systems and software.

It contains a generic process, activities, tasks, review techniques and documentation templates that are applied during the review of a work product. A work product is any artefact produced by a process.

This document defines work product reviews that can be used during any phase of the life cycle of any work product; it is intended for, but not limited to, project managers, development managers, quality managers, test managers, business analysts, developers, testers, customers and all those involved in the development, testing and maintenance of systems and software.

This Standard can be purchased through National Bodies, or directly from ISO.

 

Posted in BSI, WG26 | Leave a comment

KFC Colonel’s Club

Recently there have a been a spate of hack-attacks that, thankfully, have not affected me.  However, I awoke this morning to find one that did… the KFC Colonel's Club… so yet another Big Company has failed in its duty to protect its consumers' personal data.

Although (at the time of publishing) there is no mention of this on the website (either the main page, or the Colonel's Club sub-site, nor on their social media feeds) the incident is widely reported by the media… including curiously the Daily Mirror which reported it four days before KFC deigned to contact us.

But this brings me to my main gripe: we are constantly being told not to click dubious looking links, or to trust emails from unexpected sources…

Dubious-looking Email Header?

So how much trust should we place in an email that comes from:

colonelsclub.com@cmail2.com

and with a return-path as

TheColonelsClub-ykjjtkc1hduhditthl1r@cmail2.com

Dubious-looking URL?

But there is more… the email helpfully contains a link to kfc.co.uk to enable us to change your password… but the actual URL in the email is

http://kfcuk.cmail2.com/t/r-e-ykjjtkc-hduhditthl-j !!!

Internet Security 101

Yes, I'm internet-savvy to know how to check URLs… but how is someone less savvy supposed to differentiate between important messages, and phishing messages, when (supposedly) reputable companies such as KFC send messages that tick all the warnings?

Please KFC: next time you send out an email, make sure it comes from a KFC server… and make sure any URLs are unambiguously KFC related.  In the UK that means using the kfc.co.uk domain-name.

 

 

Posted in Cybersecurity, Social Media | Leave a comment

BSI Committee IST/015/-/26 on Software Testing

I am pleased to announce that, following confirmation by the BSI parent committee IST/15 (Software and Systems Engineering), I have succeeded Dr Stuart Reid as Chairman of BSI committee IST/015/-/26 on Software Testing, the UK Mirror Panel to ISO/IEC JTC1/SC7/WG26.

I am grateful for the encouragement offered by Dr Reid, who remains Convenor of the International panel, and look forward to further success of the ISO/IEC 29119 family.

Posted in BSI, Software, WG26 | Leave a comment

Device Developer Conference – MISRA C Chairman’s Presentation

As a personal first, my presentation is now vailable on YouTube!

Posted in MISRA | Leave a comment

MISRA clarifies safe and secure uses of the C language

The MISRA C Working Group is pleased to announce the launch of four new documents, at the forthcoming Device Developer Conference:

  • Guidelines on achieving MISRA Compliance:

    • MISRA Compliance 2016
    • MISRA-C:2004 Permits
       
  • Enhancements for Security Coding

    • MISRA C:2012 Addendum 2 – Coverage of MISRA C:2012 against ISO 17961
    • MISRA C:2012 Amendment 1 – Additional Security Guidelines

These enhancements to MISRA C:2012 reinforce its position as an industry leading publication, both in safety-critical and security-critical software.

 

Download the Full Press Release

Download the Full Press Release

About MISRA C

MISRA C was first published in 1998. Now in its third edition, MISRA C "Guidelines for the use of the C language in critical systems" was established to provide a "restricted subset of a standardized structured language" as required in the 1994 MISRA Guidelines, for automotive systems being developed to meet the requirements of Safety Integrity Level (SIL) 2 and above.

Subsequently, it has been adopted and used across a wide variety of industries and applications including the rail, aerospace, military and medical sectors.

Posted in MISRA | Leave a comment

UK Device Developer Conference 2016

I am please to announce that I will be speaking at the UK Device Developers' Conference 2016, to be held in Cambridge in April.

I will be taking part in the Workshop "Getting to grips with the Latest Developments around MISRA C", giving a "State of the Nation" presentation about MISRA C.

Specifically, I will be highlighting the applicability of MISRA C to the Security aspects of software development.

Posted in MISRA, Software | Leave a comment

VDA Automotive SYS Conference 2015 Report

Download My Conference Presentation As previously mentioned, last week I attended the VDA Automotive SYS Conference in Potsdam.

The theme of my presentation was MISRA C – Safety v Security and discussed the coverage of MISRA C against ISO/IEC 17691 (the C Secure standard).

As my debut on the conference circuit, I think things went as well as expected, and I'm greatful for the positive feedback received from delegates.

Posted in MISRA, Standards, Uncategorized | Leave a comment

Geocacheing in Germany

Background

The scene is set: attending a conference in Germany, and you have a couple of hours free in the evening. Do you (a) sit in the bar and drink beer, or (b) go geocaching?

A bit of a silly question, really…

A Souvenir From Brandenburg

Souvenir from Stadt Brandenburg

Souvenir from Stadt Brandenburg

Checking the Geocaching website, a circuit of a dozen or so caches looked do-able – with a possible bonus of a six-haul Tracker-hotel. So armed with my phone running the cgeo app, and a translation of the various cache webpages, I set off with a conference co-attendee (aka TheDoctor12)

The Geocaching system offers a souvenir for each Stadt in Germany – so completion of the first cache resulted in the award of a new icon… my first non-UK territory

The Coin and Tracker Bug Hotel

Coin & TB Hotel "Waldlehrpfad" Wildpark Potsdam

Coin & TB Hotel “Waldlehrpfad” Wildpark Potsdam

With three of the first four on the route safely logged, we entered the Waldlehrpfad in such of the Coin and Tracker-Bug Hotel… reportedly holding six trackables.

Unfortunately, only two were present:

  • Grisu der kleine Drache
  • Stefricks Metropolis Express

I retrieved these two for a journey to England… and the other four logged as missing.

Continuing the Walk

Onward we trekked, taking in a further three more but skipping other two planned caches due to too much activity, before reaching the nearest one to the hotel. Unfortunately, in the fading light this wooded area precluded further exploration, so we decided to call it a night. But I went to find Am Boden the following morning!

  1. Haus33
  2. Haveldurchblick
  3. Haveldurchblick 2
  4. Coin & TB Hotel "Waldlehrpfad" Wildpark Potsdam
  5. Einer am Rande
  6. So geht es auch
  7. Blick nach Potsdam #1
  8. Am Boden

I did not "DNF" the three that we did not find, as we skipped them, rather than didn't find them.

An enjoyable walk, in some lovely countryside… hopefully I will be back again some time, to find a few more!

Posted in Geocaching | Leave a comment

VDA Automotive SYS Conference

I am please (and slightly nervous) to announce that I will be speaking at the VDA Automotive SYS 2015 conference, to be held in Postdam in July.

I will be taking part in the Workshop "Software coding for safety and security", talking about MISRA C and the difference between Safety and Security in software development.

Posted in MISRA, Software | Leave a comment

Santa Run for the Phyllis Tuckwell Hospice

On Sunday 14th December, I will be taking part in the annual Santa Fun Run in aid of the Phyllis Tuckwell Hospice.

As all who know me will confirm, I am not built for running…

But sometimes, one must escape from the comfort zone, and do something silly…

How to Support

JustGiving - Sponsor me now! Please help me raise money for the Phyllis Tuckwell Hospice, by clicking on the JustGiving logo.

You can also donate by TXTing ADBX74 to 70070.

The Phyllis Tuckwell Hospice

The Phyllis Tuckwell Hospice is the only adult Hospice across the whole of West Surrey and part of North East Hampshire, supporting and caring for terminally ill people and their families, both at the Hospice and in the community.

For more information, please visit their website.

PTH_logo

Posted in Charity Fundraising | Leave a comment