Mar 15
Loading video player...
Why can the same code pass OWASP security checks but fail MISRA coding guidelines? In this Sonar Summit 2026 session, we explore how different secure coding standards—OWASP, MISRA, CERT, and Sonar Way—evaluate code differently, and why those differences matter even more in the age of AI-generated code. As AI coding assistants generate increasing volumes of software, developers often rely on automated tools and static analysis rules to enforce code quality and security standards. However, different standards are built on different philosophies about safety, maintainability, and reliability. In this talk, you’ll learn: - The key differences between OWASP, MISRA, CERT, and Sonar Way coding standards - Why the same code pattern may pass one standard but fail another - How static analysis tools enforce different coding guidelines - Why coding standards remain critical in the era of AI-generated code - How development teams can choose the right standards for their environment Using real examples and recent data on AI-generated code, this session explains how coding standards influence what developers see in their IDEs and how they help maintain strong code quality and security across modern software systems. Timestamps: 00:00 — Introduction 00:17 — Rules, Standards, and Why They Matter 00:50 — From Writing Rules to Managing Standards 01:11 — What “Standards” Really Cover 02:09 — How Standards Differ in Scope and Strictness 04:41 — OWASP ASVS: Security Standards as a Contract 06:04 — MISRA: Safe Subsets of C++ for Critical Systems 08:22 — Sonar Way: Actionable Code Health Rules 09:37 — Rules as Tools, Not Absolute Truth 12:18 — One Cast, Three Different Standards 13:58 — What AI Changes — and What It Doesn’t 15:23 — New Risks from AI-Generated Code 17:30 — Key Takeaways on Standards, Rules, and AI #SonarSummit #SecureCoding #OWASP #MISRA #SoftwareQuality