Frank Büchner will give a presentation on this topic in October 18 at 15:05 o'clock. For more information check out CySecMed page.
The presentation will be held in German.
*****
Abstract
Two standards/guidelines aim to make software specifically "secure": ISO/IEC TS 17961 ("C secure") and the SEI CERT C Coding Standard from Carnegie Mellon University. The specifications of both standards refer to the programming language C and are of course also applicable to medical technology software, as long as it is written in C. Both standards are introduced and also briefly the numbering systems Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE). The comparison of the two standards for Security with the specifications from MISRA associated with Safety shows that there are only minor differences between Safety and Security. Finally, some examples (buffer overflow, dirty data, fixed password) are used to discuss which security vulnerabilities can be found by static analysis tools (and which rather not) and whether the vulnerabilities are more a security or a safety problem.