Code Compliance & Security Center

Ship better software with shorter lead times, and get to market faster.

These online resources, provided by PRQA’s code compliance and security experts, show you everything you need to know to create code that’s secure, compliant, and in line with best practices.

Code-Compliance-&-Security -Center

Coding Standards and Industry Compliance

Coding Standards Add-Ons Overview

These add-ons automatically enforce coding standards that help developers produce code that is secure, reliable, maintainable, portable, and reusable.

Learn more >

MISRA

Rules and guidelines for the C language trusted by automotive and other industries using safety-critical embedded systems.

Learn more >

JSF AV C++

A rigorous coding standard that helps you develop code intended for use in air vehicles and other fault intolerant applications.

Learn more >

High Integrity C++

A highly respected coding standard for C++ originally developed by PRQA and completely overhauled in 2013.

Learn more >

In-House Coding Standards

Draw from peer reviewed and industry tested coding standards to create your own.

Learn more >

Application Security Standards

Eliminating Security Vulnerabilities Starts with Code

Embedded applications are highly vulnerable to security threats. The best approach for securing them is to find and address coding issues.

Learn more about Application Security >

CERT C, CERT C++, and CWE

Target insecure coding practices and undefined behaviors that can lead to exploitable vulnerabilities.

 
Learn more >

 

Keep scrolling

Coding Standard Compliance – Some Facts and Fallacies –

See Paul Burden, member of the MISRA Working Group, speak about common misconceptions of coding standards in 5 short videos:

What is the Purpose of a Coding Standard?

Coding standards help developers learn about and use a safer subset of a language. As a result, code safety, security, maintainability, testability, and portability all improve.

Fallacy 1: “Our compiler is very good. We just enable all the warnings.”

Compilers do a decent job of catching syntax and constraint errors. However, they don’t do a good job of identifying undefined behavior. Coding standards reduce the risk of introducing undefined behavior errors into your code.

Fallacy 2: “We don’t need a coding standard! We just need to catch bugs.”

Not all bugs are catchable, but it’s easier to find bugs within high-quality code. Coding standards exist to improve code quality by helping developers avoid constructs that introduce undefined behavior and other errors.

Fallacy 3: “Coding standards are dangerous! Making changes to code can introduce bugs.”

Code changes introduce new bugs about 15% of the time -- whether you’re fixing a bug or conforming to a coding standard. So, applying a coding standard to legacy code can be risky. However, it’s important and beneficial to do so selectively.

Fallacy 4 “Of course we have a coding standard. I’m sure I saw it only the other day.”

Many companies produce a coding standard that goes unused because it’s nearly impossible to manually enforce. However, automatic enforcement is fast, reliable, deterministic, and non-confrontational.

Fallacy 5: “Apparently, it gives us 100% enforcement of the XXXX coding standard.”

Not true. Some rules are not statically enforceable. Each coding standard has rules that can’t be enforced and instead act as guidelines. Some rules aren’t well-specified. And, other rules are undecidable and responsible for a lot of false positives.
"Projects and products depending on the PRQA solution now extend to braking systems through to comfort controls, engine and transmission management, infotainment equipment and displays."

- Continental