AndrewBanks goes HTTPS

Regular readers of this blog/website may have noticed that something has changed!  The site is now secure.

For some time I have been considering migrating this blog from HTTP to HTTPS… but expected making the change would be quite a hassle, and not worth the effort.

Thankfully, my hosting provider has helped, by providing an SSL certificate for the site… and the changes were quite straightforward.

The only area of difficulty was that the existing social media sharing widget did not work fully under HTTPS, so it has been replaced by a new plugin – the Social Media and Share Icons plugin (from Ultimate Social Media). This looks to be quite an improvement, so will have to play with the settings!

Posted in Website News | Comments Off on AndrewBanks goes HTTPS

MISRA C:2012 Addendum 2 and Addendum 3

While it is widely considered that MISRA C provides best practice guidelines for the development of safety-related systems, the publication of “C Secure” has generated discussion on the applicability of MISRA C for secure applications.

In response, the MISRA C Working Group are pleased to announce the publication of two Addenda to the MISRA C:2012 guidelines.

  • The 2nd edition of MISRA C:2012 Addendum 2 (Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 “C Secure”) updates the 1st edition to include coverage provided by Amendment 1 (Additional security guidelines for MISRA C:2012).
  • MISRA C:2012 Addendum 3 (Coverage of MISRA C:2012 against CERT C) provides an analysis of the overage provided by MISRA C:2012 (including Amendment 1) against the recommendations provided by CERT C

Together, these two documents demonstrate that MISRA C provides best practice guidelines for the development of secure applications, as well as the widely considered applicability of MISRA C for safety-related systems.

Future work within the MISRA C Working Group on the Standard Library for Hosted Applications, and to add the new features of C11 are underway, and will enhance the coverage of MISRA C in these areas.

Posted in MISRA, Standards | Comments Off on MISRA C:2012 Addendum 2 and Addendum 3

MACH 2018

Manufacturing in Motion Event 2018

Manufacturing in Motion 2018

I am pleased to announce that I will be Speaking as part of the British Standards Institution led panel session “How robotics and automation are transforming manufacturing systems” at the Manufacturing In Motion (MACH 2018) event at Birmingham’s National Exhibition Centre.

The panel consists of:

  • Professor Stephen Cameron (of Oxford University) – Robot Ethics
  • Robert Garbett (Chief Executive, Drone Major Group) – Drones & UAS
  • Ruptesh Pattanayak (Industry Solutions Executive, Microsoft) – AI transforming manufacturing
  • Dan Palmer (Head of Market Development, BSI) – Standards Development
  • plus me ….
Posted in BSI | 1 Comment

IET SSCS 2018

I knew that my presentation was being videoed for IET.TV – so here it is…

https://tv.theiet.org/EmbedPlayer.aspx?videoid=11347

Posted in Standards | Comments Off on IET SSCS 2018

MISRA C:2012 Technical Corrigendum 1

Since the publication of MISRA C:2012 and its adoption by industry and the wider C community, a number of issues have arisen, both from discussions within the MISRA C Working Group and in response to feedback via the MISRA C Forum on this bulletin board.

In response to this, the MISRA C Working Group has published Technical Corrigendum 1 – this document provides clarification on these issues, and should be read in conjunction with the original MISRA C:2012 document.

TC1 can be freely downloaded from the MISRA Forum.

Posted in MISRA | Comments Off on MISRA C:2012 Technical Corrigendum 1

Publication of ISO/IEC 20246:2017

I am pleased to announce the publication of ISO/IEC 20246:2017 (Software and systems engineering — Work product reviews), which sits alongside the ISO/IEC/IEEE 29119 family.

This Standard establishes a generic framework for Work Product Reviews that can be referenced and used by all organisations involved in the management, development, test and maintenance of systems and software.

It contains a generic process, activities, tasks, review techniques and documentation templates that are applied during the review of a work product. A work product is any artefact produced by a process.

This document defines work product reviews that can be used during any phase of the life cycle of any work product; it is intended for, but not limited to, project managers, development managers, quality managers, test managers, business analysts, developers, testers, customers and all those involved in the development, testing and maintenance of systems and software.

This Standard can be purchased through National Bodies, or directly from ISO.

 

Posted in BSI, WG26 | Comments Off on Publication of ISO/IEC 20246:2017

KFC Colonel’s Club

Recently there have a been a spate of hack-attacks that, thankfully, have not affected me.  However, I awoke this morning to find one that did… the KFC Colonel's Club… so yet another Big Company has failed in its duty to protect its consumers' personal data.

Although (at the time of publishing) there is no mention of this on the website (either the main page, or the Colonel's Club sub-site, nor on their social media feeds) the incident is widely reported by the media… including curiously the Daily Mirror which reported it four days before KFC deigned to contact us.

But this brings me to my main gripe: we are constantly being told not to click dubious looking links, or to trust emails from unexpected sources…

Dubious-looking Email Header?

So how much trust should we place in an email that comes from:

colonelsclub.com@cmail2.com

and with a return-path as

TheColonelsClub-ykjjtkc1hduhditthl1r@cmail2.com

Dubious-looking URL?

But there is more… the email helpfully contains a link to kfc.co.uk to enable us to change your password… but the actual URL in the email is

http://kfcuk.cmail2.com/t/r-e-ykjjtkc-hduhditthl-j !!!

Internet Security 101

Yes, I'm internet-savvy to know how to check URLs… but how is someone less savvy supposed to differentiate between important messages, and phishing messages, when (supposedly) reputable companies such as KFC send messages that tick all the warnings?

Please KFC: next time you send out an email, make sure it comes from a KFC server… and make sure any URLs are unambiguously KFC related.  In the UK that means using the kfc.co.uk domain-name.

 

 

Posted in Cybersecurity, Social Media | Comments Off on KFC Colonel’s Club

BSI Committee IST/015/-/26 on Software Testing

I am pleased to announce that, following confirmation by the BSI parent committee IST/15 (Software and Systems Engineering), I have succeeded Dr Stuart Reid as Chairman of BSI committee IST/015/-/26 on Software Testing, the UK Mirror Panel to ISO/IEC JTC1/SC7/WG26.

I am grateful for the encouragement offered by Dr Reid, who remains Convenor of the International panel, and look forward to further success of the ISO/IEC 29119 family.

Posted in BSI, WG26 | Comments Off on BSI Committee IST/015/-/26 on Software Testing

Device Developer Conference – MISRA C Chairman’s Presentation

As a personal first, my presentation is now vailable on YouTube!

Or, if you prefer, you can just to read the slides!

Posted in MISRA | Comments Off on Device Developer Conference – MISRA C Chairman’s Presentation

MISRA clarifies safe and secure uses of the C language

The MISRA C Working Group is pleased to announce the launch of four new documents, at the forthcoming Device Developer Conference:

  • Guidelines on achieving MISRA Compliance:

    • MISRA Compliance 2016
    • MISRA-C:2004 Permits
       
  • Enhancements for Security Coding

    • MISRA C:2012 Addendum 2 – Coverage of MISRA C:2012 against ISO 17961
    • MISRA C:2012 Amendment 1 – Additional Security Guidelines

These enhancements to MISRA C:2012 reinforce its position as an industry leading publication, both in safety-critical and security-critical software.

 

Download the Full Press Release

Download the Full Press Release

About MISRA C

MISRA C was first published in 1998. Now in its third edition, MISRA C "Guidelines for the use of the C language in critical systems" was established to provide a "restricted subset of a standardized structured language" as required in the 1994 MISRA Guidelines, for automotive systems being developed to meet the requirements of Safety Integrity Level (SIL) 2 and above.

Subsequently, it has been adopted and used across a wide variety of industries and applications including the rail, aerospace, military and medical sectors.

Posted in MISRA | Comments Off on MISRA clarifies safe and secure uses of the C language