CERT has completed the development of an integer module for our "Secure Coding
in C" course. A demo course set up at http://oli.web.cmu.edu Enter the course
key: seccode
The course is open and free. If you want to use the course at your University,
College, Corporation, or other organization yo
,
rCs
Java Concurrency Guidelines
Fred Long, Dhruv Mohindra, Robert Seacord, & David Svoboda
CMU/SEI-2010-TR-015
An essential element of secure coding in the Java programming language is
well-documented and enforceable coding standards. Coding standards
Neil,
I teach two software security classes at Carnegie Mellon:
CS 15392 Secure Programming - Undergraduate Computer Science
https://www.securecoding.cert.org/confluence/display/sci/S08+15392+Secure+Programming
INI 14735 Secure Software Engineering - Graduate Course in Information
Networkin
The Secure Coding Initiative at CERT has published a new Technical Note
CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model".
Abstract:
Integer overflow and wraparound are major causes of software vulnerabilities in
the C and C++ programming languages. In this paper we
Brad,
You can also look at The CERT Sun Microsystems Secure Coding Standard for Java
at:
https://www.securecoding.cert.org/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java
Which has many examples of secure/insecure Java source code.
rCs
-Original Message
I might as well plug the podcast Julia did with me as well, "Mainstreaming
Secure Coding Practices". It is available at
http://www.cert.org/podcast/show/20090317seacord.html
rCs
-Original Message-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On
Behalf
Sean,
I think you would want to provide this guarantee through some sort of static
assertion. For example, if you want to ensure that text controlled by FRED is
not included in a release build, you could include an #error preprocessor
directive as part of the controlled text that will generate
informIT published an interview with me written by David Chisnall:
http://www.informit.com/articles/article.aspx?p=1315064
David asked some interesting questions about security and the future of the C
programming language.
rCs
___
Secure Coding mai
Pete,
I think your best bet is the work being done by ISO/IEC JTC 1/SC 22/ WG 23
Programming Language Vulnerabilities. The website for this work is
http://www.aitcnet.org/isai/.
The latest Editor's draft of PDTR 24772, prepared by John Benito, is N0138
which can be found here:
http://www.ait
The CERT C Secure Coding Standard has been published by Addison-Wesley. More
information is available at:
http://www.informit.com/store/product.aspx?isbn=0321563212
Thanks to all the "lurkers" on SC-L who helped us develop and review the
content.
Thanks,
rCs
10 matches
Mail list logo