Regular readers of this blog/website may have noticed that something has changed! The site is now secure.
For some time I have been considering migrating this blog from HTTP to HTTPS… but expected making the change would be quite a hassle, and not worth the effort.
Thankfully, my hosting provider has helped, by providing an SSL certificate for the site… and the changes were quite straightforward.
The only area of difficulty was that the existing social media sharing widget did not work fully under HTTPS, so it has been replaced by a new plugin – the Social Media and Share Icons plugin (from Ultimate Social Media). This looks to be quite an improvement, so will have to play with the settings!
While it is widely considered that MISRA C provides best practice guidelines for the development of safety-related systems, the publication of “C Secure” has generated discussion on the applicability of MISRA C for secure applications.
In response, the MISRA C Working Group are pleased to announce the publication of two Addenda to the MISRA C:2012 guidelines.
The 2nd edition of MISRA C:2012 Addendum 2 (Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 “C Secure”) updates the 1st edition to include coverage provided by Amendment 1 (Additional security guidelines for MISRA C:2012).
MISRA C:2012 Addendum 3 (Coverage of MISRA C:2012 against CERT C) provides an analysis of the overage provided by MISRA C:2012 (including Amendment 1) against the recommendations provided by CERT C
Together, these two documents demonstrate that MISRA C provides best practice guidelines for the development of secure applications, as well as the widely considered applicability of MISRA C for safety-related systems.
Future work within the MISRA C Working Group on the Standard Library for Hosted Applications, and to add the new features of C11 are underway, and will enhance the coverage of MISRA C in these areas.
I am pleased to announce that I will be Speaking as part of the British Standards Institution led panel session “How robotics and automation are transforming manufacturing systems” at the Manufacturing In Motion (MACH 2018) event at Birmingham’s National Exhibition Centre.
The panel consists of:
Professor Stephen Cameron (of Oxford University) – Robot Ethics
Robert Garbett (Chief Executive, Drone Major Group) – Drones & UAS
Ruptesh Pattanayak (Industry Solutions Executive, Microsoft) – AI transforming manufacturing
Dan Palmer (Head of Market Development, BSI) – Standards Development
Since the publication of MISRA C:2012 and its adoption by industry and the wider C community, a number of issues have arisen, both from discussions within the MISRA C Working Group and in response to feedback via the MISRA C Forum on this bulletin board.
In response to this, the MISRA C Working Group has published Technical Corrigendum 1 – this document provides clarification on these issues, and should be read in conjunction with the original MISRA C:2012 document.
I am pleased to announce the publication of ISO/IEC 20246:2017 (Software and systems engineering — Work product reviews), which sits alongside the ISO/IEC/IEEE 29119 family.
This Standard establishes a generic framework for Work Product Reviews that can be referenced and used by all organisations involved in the management, development, test and maintenance of systems and software.
It contains a generic process, activities, tasks, review techniques and documentation templates that are applied during the review of a work product. A work product is any artefact produced by a process.
This document defines work product reviews that can be used during any phase of the life cycle of any work product; it is intended for, but not limited to, project managers, development managers, quality managers, test managers, business analysts, developers, testers, customers and all those involved in the development, testing and maintenance of systems and software.
Recently there have a been a spate of hack-attacks that, thankfully, have not affected me. However, I awoke this morning to find one that did… the KFC Colonel's Club… so yet another Big Company has failed in its duty to protect its consumers' personal data.
Although (at the time of publishing) there is no mention of this on the website (either the main page, or the Colonel's Club sub-site, nor on their social media feeds) the incident is widely reported by the media… including curiously the Daily Mirror which reported it four days before KFC deigned to contact us.
But this brings me to my main gripe: we are constantly being told not to click dubious looking links, or to trust emails from unexpected sources…
Dubious-looking Email Header?
So how much trust should we place in an email that comes from:
and with a return-path as
But there is more… the email helpfully contains a link to kfc.co.uk to enable us to change your password… but the actual URL in the email is
Yes, I'm internet-savvy to know how to check URLs… but how is someone less savvy supposed to differentiate between important messages, and phishing messages, when (supposedly) reputable companies such as KFC send messages that tick all the warnings?
Please KFC: next time you send out an email, make sure it comes from a KFC server… and make sure any URLs are unambiguously KFC related. In the UK that means using the kfc.co.uk domain-name.
I am pleased to announce that, following confirmation by the BSI parent committee IST/15 (Software and Systems Engineering), I have succeeded Dr Stuart Reid as Chairman of BSI committee IST/015/-/26 on Software Testing, the UK Mirror Panel to ISO/IEC JTC1/SC7/WG26.
I am grateful for the encouragement offered by Dr Reid, who remains Convenor of the International panel, and look forward to further success of the ISO/IEC 29119 family.