bannera

Book A.
Introduction

Book B.
7150 Requirements Guidance

Book C.
Topics

Tools,
References, & Terms

SPAN
(NASA Only)

Link
Leave blank if none exists

Title
This is the text which will be hyperlinked, if a link exists

NESC report on Alternative Software Programming for Human Spaceflight,

SWE or Topic

SWE-061, SWE-185,

Citation
This contains additional information, which will appear after the title, separated by a comma

Michael Aguilar, NASA Engineering and Safety Center, October 21, 2014.

Notes
More specific directions where to look in the resource for relevant content

Example Reference as it will appear to end user:

  1. Title, Citation

where:


Quotes used in SWEs and Topics

  • SWE-061 - Coding Standards - tab 3 - from slide show content
    • Q1: 

      "Coding standards are the ‘materials and manufacturing standards’ for implemented software...
      Human-rated certification and mission-critical software both require applying a recognized coding standard, one that is supported by automated analysis tools, for all software required to be certified for human spaceflight and mission-critical applications. Manual verification is all but impossible.

      The reduction in effort by simply adhering to a coding standard that can be tested through automation is the one certification process that truly has no other efficient verification method. ... As security becomes an issue, security coding standards should also be applied.”

    • Q2: 

      “The CERT C Secure Coding Standard is composed of 89 rules and 132 recommendations for producing secure code.  It is recommended that compliance with a standard like CERT C be performed by a static analyzer, depending on program size and complexity.  A source code static analysis tool meeting ISO/IEC TS 17961 conformance is recommended.

      The following quote from the author of the second edition of the CERT C Coding Standard describes what static analysis for conformance can imply.

      While the application of these rules and recommendations does not guarantee the security of a software system, it does tell you ...that the software was developed to a set of industry-standard rules and recommendations developed by the leading experts in the field. ... that ...time and effort went into producing code that is free from the common coding errors that have resulted in numerous vulnerabilities ...over the past two decades ... that the software developers who produced the code have done so with a real knowledge of the types of vulnerabilities that can exist and the exploits that can be used against them, and consequently have developed the software with a real security mindset.”