Integrity static analysis of COTS/SOUP

This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme

The European Regulatory Framework and its implementation in influencing organic inspection and certification systems in the EU

The report presents a review of the most important European and international legislation that set the framework for organic certification, of reports prepared by international agencies working with organic standard setting and certification, and of relevant scientific literature. It discusses problems, future challenges of the organic control systems in Europe leading to suggestions for improvement. Food quality assurance is of key importance for the future development of the Common Agricultural Policy of the EU. A large number of mandatory and voluntary assurance and certification schemes exist for agriculture and in the food industry leading to the risk of increased costs for producers and confusion of consumers. Such schemes include the setting of requirements and bodies that undertake control and provide certificates. Requirements can be divided into statutory regulations regarding food safety and good agricultural practice and standards for voluntary attributes. Basic requirements of food safety, animal health and animal welfare are controlled by the Official Food and Feed Control (OFFC) systems, governed by Council Regulation (EC) 882/2004. Third party certification provides credibility to claims related to voluntary standards and is communicated to the consumers through the use of certification marks. The EU has developed a legislative basis for quality claims in relation to geographical indications, traditional specialities and organic farming and considers introducing labelling rules in relation to animal welfare, environmental impact and the origin of raw materials. Organic certification is one of a number of overlapping and competing schemes. The development of organic standards and certification in Europe started with private standards and national rules, leading to Regulation (EEC) 2092/1991. The requirements for competent authorities, control bodies and operators in this regulation regarding the control systems are reviewed. The discussion highlights the low level of knowledge among consumers of the requirements of organic certification, a weak emphasis of the control system on operator responsibility for organic integrity, issues of competition and surveillance of control bodies, a lack of consideration of risk factors in designing the inspection systems and a lack of transparency. A total revision of the European Regulations on organic production began in 2005. One important change introduced by the new Council Regulation (EC) 834/2007 for Organic Food and Farming is that the organic control system is placed under the umbrella of Council Regulation (EC) 882/2004 on Official Food and Feed Controls. Regulation (EC) 834/2007 also requires that control bodies have to be accredited according to general requirements for bodies operating product certification systems (ISO Guide 65/EN 45011). From July 2010 packaged organic products will have to carry the new EU logo as well as the compulsory indication of the control body. The report reviews the requirements for competent authorities, control bodies and operators from the various legal sources. The discussion highlights a lack of clarity on the impact of the OFFC regulation on the organic control system including how risk based inspections are to be implemented and the potential for in-consistencies in the enforcement of the regulation. A number of international initiatives concerned with the harmonisation of organic standards and to a lesser extent certification are reviewed, such as the International Task Force on Harmonisation and Equivalence (ITF)1 Two main alternative guarantee systems for organic production have been developed and researched by a number of organisations including IFOAM, ISEAL, FAO and the EU Commission. Smallholder Group Certification based on an Internal Control System (ICS) and Participatory Guarantee Systems (PGS) could also represent ways to minimize certification costs also for European farmers, in particular for operators that market directly or through very short supply chains. Both systems also illustrate examples of certification systems with a focus on system development and improvement. , the European Organic Certifiers Council (EOOC), the International Social and Environmental Accreditation and Labelling Alliance (ISEAL) and the Anti-Fraud Initiative (AFI). The multilateral initiatives have led to a better understanding of current problems and the scope and limitations for harmonisation. They have also contributed to the sharing of tools and methods and the identification of best practice. Apart from organic farming the European Union has two other food quality schemes: Regulation (EC) 510/2006 on geographical indications and Regulation (EC) 509/2006 on traditional specialities. The report explores the potential for combining these with organic certification, and draws lessons for organic certification based on Italian experience. The final chapter summarises problems and challenges from the previous chapters. Suggestions for improvements of the organic control system focus on two issues: the need for further harmonisation of the surveillance of control bodies and enforcement of the regulation and how operators’ responsibility for further development of organic systems could be supported in the control and certification system

Audit report on the City of Mount Union, Iowa for the year ended June 30, 2006

Audit report on the City of Mount Union, Iowa for the year ended June 30, 200

Automatic detection of safety and security vulnerabilities in open source software

Growing software quality requirements have raised the stakes on software safety and security. Building secure software focuses on techniques and methodologies of design and implementation in order to avoid exploitable vulnerabilities. Unfortunately, coding errors have become common with the inexorable growth tendency of software size and complexity. According to the US National Institute of Standards and Technology (NIST), these coding errors lead to vulnerabilities that cost the US economy $60 billion each year. Therefore, tracking security and safety errors is considered as a fundamental cornerstone to deliver software that are free from severe vulnerabilities. The main objective of this thesis is the elaboration of efficient, rigorous, and practical techniques for the safety and security evaluation of source code. To tackle safety errors related to the misuse of type and memory operations, we present a novel type and effect discipline that extends the standard C type system with safety annotations and static safety checks. We define an inter-procedural, flow-sensitive, and alias-sensitive inference algorithm that automatically propagates type annotations and applies safety checks to programs without programmers' interaction. Moreover, we present a dynamic semantics of our C core language that is compliant with the ANSI C standard. We prove the consistency of the static semantics with respect to the dynamic semantics. We show the soundness of our static analysis in detecting our targeted set of safety errors. To tackle system-specific security properties, we present a security verification framework that combines static analysis and model-checking. We base our approach on the GCC compiler and its GIMPLE representation of source code to extract model-checkable abstractions of programs. For the verification process, we use an off-the-shelf pushdown system model-checker, and turn it into a fully-fledged security verification framework. We also allow programmers to define a wide range of security properties using an automata-based specification approach. To demonstrate the efficiency and the scalability of our approach, we conduct extensive experiments and case studies on large scale open-source software to verify their compliance with a representative set of the CERT standard secure coding rules

Fair Labor Association 2006 Annual Public Report

Introduction concerns effects of globalization. Examines changes from 2005-2006 as companies are encouraged to move towards self compliance, with a concentration on corporate responsibility. Data is broken down by company

City of Nevada, Independent Auditor's Reports, Basic Financial Statements and Supplemental Information, Schedule of Findings, June 30, 2004

City Audit Repor

Audit report on the City of Union, Iowa for the year ended June 30, 2012

Audit report on the City of Union, Iowa for the year ended June 30, 201