[SC-L] free and open online secure coding in C course module

CERT has completed the development of an integer module for our "Secure Coding in C" course. A demo course set up at http://oli.web.cmu.edu Enter the course key: seccode The course is open and free. If you want to use the course at your University, College, Corporation, or other organization yo

[SC-L] recent technical reports from the CERT Secure Coding Initiative

, rCs Java Concurrency Guidelines Fred Long, Dhruv Mohindra, Robert Seacord, & David Svoboda CMU/SEI-2010-TR-015 An essential element of secure coding in the Java programming language is well-documented and enforceable coding standards. Coding standards

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

Neil, I teach two software security classes at Carnegie Mellon: CS 15392 Secure Programming - Undergraduate Computer Science https://www.securecoding.cert.org/confluence/display/sci/S08+15392+Secure+Programming INI 14735 Secure Software Engineering - Graduate Course in Information Networkin

[SC-L] As-if Infinitely Ranged Integer Model

The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model". Abstract: Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we

Re: [SC-L] Insecure Java Code Snippets

Brad, You can also look at The CERT Sun Microsystems Secure Coding Standard for Java at: https://www.securecoding.cert.org/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java Which has many examples of secure/insecure Java source code. rCs -Original Message

Re: [SC-L] Julia Allen podcast on BSIMM

I might as well plug the podcast Julia did with me as well, "Mainstreaming Secure Coding Practices". It is available at http://www.cert.org/podcast/show/20090317seacord.html rCs -Original Message- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf

Re: [SC-L] Conditional Compile statements-- coding standards, and code review

Sean, I think you would want to provide this guarantee through some sort of static assertion. For example, if you want to ensure that text controlled by FRED is not included in a release build, you could include an #error preprocessor directive as part of the controlled text that will generate

[SC-L] Robert Seacord on the CERT C Secure Coding Standard

informIT published an interview with me written by David Chisnall: http://www.informit.com/articles/article.aspx?p=1315064 David asked some interesting questions about security and the future of the C programming language. rCs ___ Secure Coding mai

Re: [SC-L] Language agnostic secure coding guidelines/standards?

Pete, I think your best bet is the work being done by ISO/IEC JTC 1/SC 22/ WG 23 Programming Language Vulnerabilities. The website for this work is http://www.aitcnet.org/isai/. The latest Editor's draft of PDTR 24772, prepared by John Benito, is N0138 which can be found here: http://www.ait

[SC-L] The CERT C Secure Coding Standard

The CERT C Secure Coding Standard has been published by Addison-Wesley. More information is available at: http://www.informit.com/store/product.aspx?isbn=0321563212 Thanks to all the "lurkers" on SC-L who helped us develop and review the content. Thanks, rCs