Secure coding practices versus safe coding techniques
Similar to the design principles, coding guidelines between safety and security have a high degree of correlation. Both safety and security engineering approaches aim to reduce code complexity to prevent defects and vulnerabilities. They both require the usage of language subsets to avoid risky features of the programming language that can introduce unexpected or unwanted behavior. This can be enforced by using static code analysis tools based on MISRA C, CERT C/C++, and AUTOSAR C++. Normally, the toolchains support the safety and security guidelines, allowing the developers to check for all coding rule violations in a single run. When it comes to defensive coding techniques, there is a high degree of overlap between several such techniques:
- Input validation requires all inputs from external sources to be validated to ensure they conform to the expected formats, ranges, and data types. This can help prevent working on implausible...
