In today’s connected economy, more and more systems are controlled by software-based systems. These systems provide functions ranging from basic to highly sophisticated, from applications such as basic servo actuation in a public water delivery system to crash avoidance systems in the latest generation of automobiles to robotic surgery systems.
Given these increased needs, demands, and their associated safety and security requirements, many industry vertical applications have created development best practices, guidelines, and certification processes. Today, several secure coding standards have been adopted by various industries, including the following: DO-178B/C (Aerospace), IEC 61508 and IEC 62443 (Industry / Energy), ISO 26262 (Automotive), and IEC 62304 (Medical).
Central to each of these secure coding standards is the security, risk, and safety of software. The risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity. The risk is reduced to a tolerable level by applying secure coding best practices, the elimination of defects/warnings that can increase likelihood, and safety functions which may consist of E/E/PES and/or other technologies.