awesome-safety-critical VS analyze

https://awesome-safety-critical.readthedocs.io/en/latest/#so...

awesome-safety-critical: https://awesome-safety-critical.readthedocs.io/en/latest/

FDA > Medical Devices > Cybersecurity:

awesome-safety-critical > Coding Guidelines: https://awesome-safety-critical.readthedocs.io/en/latest/

Rust SAST and DAST tools would be great for all, too.

From https://news.ycombinator.com/item?id=35565960 :

> Additional lists of static analysis, dynamic analysis, SAST, DAST, and other source code analysis tools: https://news.ycombinator.com/item?id=24511280 https://analysis-tools.dev/tools?languages=c++

https://awesome-safety-critical.readthedocs.io/en/latest/#co...

Predict; software quality, career success

By well-rounded do you mean the ACM Computer Science Curriculum; or a strong liberal arts program which emphasizes critical thinking and effective communication; or Emotional Intelligence, Servant Leadership, and Project Management?

InfoSec; Computer Security > Careers: https://en.wikipedia.org/wiki/Computer_security#Careers

The NIST NICE Framework describes Categories (7),

For a low level view, as how the code actually should look like, I found the JPL C coding guidelines very useful. It had an effect on me on how I wrote C after reading it.

Here's a github hosted version https://github.com/stanislaw/awesome-safety-critical/blob/ma...

https://news.ycombinator.com/item?id=28709239 :

> From "Ask HN: Is it worth it to learn C in 2020?" https://news.ycombinator.com/item?id=21878372 : (which discusses [bounded] memory management)

> There are a number of coding guidelines e.g. for safety-critical systems where bounded running time and resource consumption are essential. *These coding guidelines and standards are basically only available for C, C++, and Ada.*

> awesome-safety-critical > Software safety standards: https://awesome-safety-critical.readthedocs.io/en/latest/#so...

> awesome-safety-critical > Coding Guidelines: https://awesome-safety-critical.readthedocs.io/en/latest/#co...

Critical systems: https://en.wikipedia.org/wiki/Critical_system

> There are four types of critical systems: safety critical, mission critical, business critical and security critical.

Safety-critical systems > "Software engineering for safety-critical systems" https://en.wikipedia.org/wiki/Safety-critical_system#Softwar...

awesome-safety-critical lists very many resources for safety critical systems: https://awesome-safety-critical.readthedocs.io/en/latest/

There are many certification programs for software and other STEM fields. One test to qualify applicants does not qualify as a sufficient set of controls for safety critical systems that must be resilient, fault-tolerant, and redundant.

There are heuristics for memory-unsecure C: https://awesome-safety-critical.readthedocs.io/en/latest/

How do you conclude that? The instructions here:

https://github.com/naivesystems/analyze/wiki/How-to-run-on-m...

say docker is required.

If you are interested in this, take a look at NaiveSystems Analyze [0] which is a free and open source static analyzer for checking MISRA compliance etc.

Disclaimer: I'm the founder.

It has been battle tested with real customers in automotive, medical devices, and semiconductors. AFAIK this is the first FOSS tool that achieves commercial use standards (extensive ruleset coverage, low false positives based symbolic execution (which Coverity relies heavily on) and SMT solver, ...)

[0]: https://github.com/naivesystems/analyze