Re: Reason behind MISRA rule 111



Hi David,

On 5/16/2011 1:50 AM, David Brown wrote:
*Personally*, I abhor "closed" and "for pay" standards -- if what
you have is so wonderful (and really little more than a piece of
electronic paper), why horde it?

I assume that you don't charge for the work you do for customers.

There are plenty of different business models for different types of
work. I have no issues with standards developers making money out of
their work (though I think state sponsorship of standards committees is
a better model in many cases). I just think that a better way to make
that money is by publishing the standards freely and spreading them as
wide as possible, then selling services (trademark licensing,
consultancy, certification, etc.).

As I mention elsewhere, recall that we aren't talking about
a "Standard" for interoperability, here. It's not like needing
to come to concensus about how to enumerate a USB device, etc!

The "value added", in this particular case, is someone sat down and
codified a set of rules (most of which are obvious to a student
in a formal language course) regarding what you should *avoid*
when writing code. [note that this is less severe than saying
you *must* avoid -- as MISRA does in many cases]

Spend an evening searching for "C coding standards" and you'll find
at least a dozen that address the same sorts of issues. And none
of those web sites will require a PayPal account to access the
content...

If MISRA wants to try to elevate their status to something
comparable to ISO 9000 certification, they need to add far more
value than "codifying the obvious". (and, they'll have to be
able to defend their claims more aggressively to gain that
level of acceptance -- like DoD's Ada)

Maybe I'm naive here, and the sums wouldn't work out in the end. But
Misra charge £10 for their pdf - it's absurd. Give it out free, and
charge £100 for a Misra rule checker program.

What are the *costs* associated with it? Besides "order takers",
what ongoing costs can they claim? "Certification costs"?? Pass
those on to the vendors being certified (so that the vendor can
make an economic decision as to the *value* of that certification).
Charging to distribute a PDF is just silly. It suggests that
they can't command a high enough premium from *vendors* to
cover their overhead (which implies that vendors don't consider
it worthwhile).

I wonder how widespread PDF's would be if every *reader* had
to be *purchased* from Adobe? (yet, obviously they fare well
enough charging for *writers*!)
.



Relevant Pages

  • Re: threat/attack nomenclature/reporting [was Re: IDS Correlation]
    ... How many of the IDS vendors ... >the fact that vendors do not always buy into these standards, ... we had customers with money who wanted a solution. ... some of the IDS vendors are making it harder to get at their data ...
    (Focus-IDS)
  • Re: Modernizing Common Lisp
    ... >> I think the benefits for vendors far outweigh the remote possibility ... Having good interface standards ... >> system across multiple organizations in Lisp today unless everybody is ... > large scale projects. ...
    (comp.lang.lisp)
  • Re: why thx certified?
    ... THX certification involves quality-control and compatibility ... standards for hardware and software, ... On principle I refuse to purchase any THX ... Look at it this way, whatever one might think of the THX parameters, one will certainly not get a dud product if what they purchase is so certified. ...
    (rec.audio.opinion)
  • Re: [Full-disclosure] How secure is software X?
    ... test suite with some new fuzzing, and I find a sexy bug, don't the ... PoC code and vulnerabilities has a bigger chance at ... The product vendors play a role, but I see it as the task of the people ... creating the standards to avoid it being a vendor platform only. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] How secure is software X?
    ... test suite with some new fuzzing, and I find a sexy bug, don't the ... PoC code and vulnerabilities has a bigger chance at ... The product vendors play a role, but I see it as the task of the people ... creating the standards to avoid it being a vendor platform only. ...
    (Full-Disclosure)