26 January 2015: 0900-1700 CST
27 January 2015: 0900-1700 CST
PLACE: Kemah Boardwalk Inn, Kemah, Texas
Stephen Michell – Convenor, Canada
Erhard Ploedereder – Liaison WG 9
Larry Wagoner – Editor IS 17960, US
David Keaton – Liaison WG 9, US
Tatsuaki Takebe – Liaison SC 27 WG 3, Japan
Clive Pygott – Liaison Misra C++, UK
Santiago Urueña Pascual – Spain
Tullio Vardanega – Italy
Robert Karlin – Liaison COBOL, US
Dan Nagle – Liaison Fortran, US
Chris Tandy – Canada, COBOL
Posted as document N499, 2 issues from David.
TBD (possibly SC 22 or SC 7)
(BSI and somewhere for Saturday)
New Delhi, India with SC 27
Madrid with Ada Europe
Teleconference, 2000 UTC
Teleconference, 2000 UTC
Teleconference, 2000 UTC
Teleconference, 2100 UTC
Annex in V3 but needs changes to reflect vulnerability changes for V3. Major concurrency feature is coarrays. Planning on a draft of the Fortran annex for WG 5 meeting in August.
The US NB has terminated PL22.4. All standards functions related to COBOL are now handled by PL22. Work on COBOL is now being led by SC 22/WG 4, but there are no scheduled meetings at this time. Some WG 4 members are working on producing an annex for TR24772.
Ada is currently working on a technical corrigendum and defect report for the language. The HRG is waiting for responses from WG 23 to begin work on revising the Ada annex.
Working on defect report for C secure coding rules TS17961. Considering mapping C coding rules to TR 24772.
V3 of MISRA C is published – doing maintenance work. Looking into beginning work on V4 to take into account C:11 changes. Considering security issues because of concerns about communications outside the vehicle.
Commenced working on MISRA C++ revision. Targetting the 2011 version of C++ with an eye to 2014 version for the future. Trying to realign better with MISRA C. Discussed leading C++ annex for TR 24772. General impression is that it looks manageable.
No report. Tullio to attempt to contact Florian Schanda and Angela Wallenburg (AI)
Tatsuaki reported from WG 3 and discussed with group. Slide set N0507. Revised with WG 23 responses included in slides.
Document progressing to FDIS. Any technical comments at this point will be used to generate defect reports or to generate work plans for maintenance of the IS.
Work Plan, Multipart document
We first discussed whether the main part (clauses 1-8) should be all in part 1, or if there should be a further subdivision. The consensus was that all current clauses that are not language-specific annexes will remain in part 1. Ada will become -2, C -3, etc.
We discussed how to maintain the annexes and the main document. The main concern is that annexes will not proceed apace, and hence there will be times when annexes refer to old versions of the main document. To help readers, we commit to creating a new annex B which is a taxonomy of changes by section so that readers can understand what has changed in a relevant section from the old (referenced) main document and the up-to-date version. The rate of change that we predict is about 25% over this iteration, so we expect to need to document changes to about 15 clauses.
Main document – Larry, support from Erhard
Part 2 Ada – Erhard
Part 3 C – Clive
Part 4 Python – Santiago with help from the group.
Part 5 Ruby – Tatsuaki
Part 6 Spark – Tullio with help from Altran.
Part 7 PHP – Kevin Coyne (possible)
Part 8 Fortran – Dan Nagle
Part 9 COBOL – Robert Karlin, Chris Tandy
Part 10 C++ – Clive
Differences between Draft V3 and Ada Annex (Erhard)
Reviewed. Notes from discussion in N0503.
Review of Tucker Taft's submission N0507 on changes needed to Annex C (or part 2) for Ada 2012
Reviewed. Notes from discussion in document. We note a couple of possible additions to general language vulnerabilities, or possibly new vulnerabilities.
Review of N0501 rework spreadsheet, where we need to confirm or change the recommendations in N0501, assign responsibility and decide how to adjust the TR to match the decisions confirmed.
AI – editor to populate section 6.26.5 with JSF rules for further analysis (or capture in a separate document with the 26.6.5 and the JSF rules).
AI – David – compare XZI with CWE rules and rationalize. (done).
Discussion of COBOL Annex
C++ Annex – Led by Clive Pygott and MISRA C++ - target first draft October 2015.
We presently do not have an active project that justifies keeping the WG alive. The business plan sets out the projects underway and what the WG needs from the SC to help it set up the correct projects and organize the work. In the case of WG 23, we have the following needs:
We need a project creation at plenary to maintain the TR.
We need a project split to create
TR 24772-1 (definitions, vocabulary and general concepts) (just a suggestion for discussion)
TR 24772-3 Ada-specific vulnerability analysis
TR 24772-4 C-specific vulnerability analysis
We need an editor assigned for each part following the assignments above.
We Review the guidance comparison spreadsheet (N0507) to confirm/deny the observations, and to develop consensus on the approach to issues identified. The issues and approaches identified are in the edited document N0509.
The next step is to integrate the issues identified and proposed resolutions into a copy of the TR Ed 3 (N0461) and send them to the editor for preliminary integration and review. We part partition the main document as follows for the updates of the main sections of the document:
6.3- 6.12 : David Keaton.
6.13-6.22: Clive Pygott
6.23-6.32: Tullio Vardanega
6.33-6.42: Erhard Ploedereder
6.43-6.52: Santiago Urueña Pascual
6.53-6.57: Tatsuaki Takebe
6.58 – 6.65: Stephen Michell – initial writeups.
Assignees are requested to work proposed changes from analysis spreadsheet into their respective sections using Word change mode. Following that, update the spreadsheet (local copy) with changes. Also change recommendations to Annex providers to make them not antagonistic. Also look at your sections for improvements (add to spreadsheet with open status). Word files to Larry, spreadsheets to Stephen. Target date next meeting, Feb 23rd.
At next meeting, discuss how we give guidance to annex developers to incorporate guidance from relevant main sections – I.e applies, qualified “applies”, applies in modified form, or does not apply. We want to be consistent.
AI – Erhard – proposal, with Steve's help.
We discuss 6.64, notion of system function in C, and realize that some language can identify vulnerabilities that are completely within one language domain. We therefore decide to add another section to the language-specific (annex/part) to capture such vulnerabilities and invite our partners to populate them.
AI - Steve to rewrite Annex B to capture ISO demands for the documentation style of new language-specific “parts”.
We discussed working with SC 27. We are co-locating with SC 27/WG 3 in October 2015, hence we will see what transpires out of the meeting. SC 27/WG 3 already has FDIS 17960 and draft TR 24772 ed3 for member review.
We discussed working with SC 7. We presently have no active liaison with SC 7. The first step is to try to re-establish liaison with SC 7 and investigate if they are thinking about how vulnerabilities can be addressed during the development life-cycle.
We discussed investigating other agencies doing vulnerabilities (Mitre, CERT)
How to avoid vulnerabilities in the software life cycle, such as
when is the appropriate time to use certain tools (for example – continuous integration needs continuous execution of static analysis tools, quality analysis tools such as code formatters, CM tools, sonarqube.org, test tools, etc). We note that there is overlap with SC 7 in terms of development processes and tooling.
source code annotation tools (javadoc, MS SAL). Thought – Maybe we could use SAL as the beginning of a documentation standard Class project – investigate SAL.
Stephen and Tullio to investigate if appropriate to develop position paper for workshop in April. Follow-up: Stephen submitted the concurrency vulnerabilities in 2011 and the deliberations of IRTAW were useful in finishing the write-ups. Any further work is language-specific, so no position paper will be submitted.
Discussion of embedded systems, low power systems such as sensors,
and the difficulty in hardening them using gating-based security.
Hardening the code in the first place is fundamental. Approach other
JTC 1 SC's and WG's doing sensor networks, etc. -
Looking at section 7, there may be a space to create a standard to avoid vulnerabilities. We note that section 6 work presents difficulties in producing coding standards because we step on the toes of language developers. We noted that section 6 of the TR is supported by the language-dependent Annexes to bring them closer to the user. No such support exists for section 7. While language-specific annexes for section 7 seem inappropriate, other dimensions such as application domain or operating system might be a better match. A proposal by Larry to produce an annex of rules derived from section 7 seems a promising alternative. It also might appeal to people mostly interested in user guidelines.
We will go away and consider how we may do this. Discuss at the
AI – all, review section 7 vulnerabilities and consider what form and content could be put in a standard for coding guidelines, design guidelines, etc.
Robert Karlin – SC 22/WG 4 COBOL
Dan Nagle – SC 22/WG 5 Fortran
Erhard Ploedereder – SC 22/WG 9 Ada
David Keaton – SC 22/WG 14 C
(void) - – SC 22/WG 21 C++
Tatsuaki Takebe – SC 27/WG 3
(void) – SC 7/WG 19 UML
Clive Pygott – MISRA C++
Florian Schanda – Altran Spark
(void) – Ecma International
Editor / Editing Group
We have assigned primary editing roles to the various documents
Larry Wagoner – TR 24772-1 (main document before language specific annexes)
Adjourned at 1700, 27 January 2015.