SEI Blog » Archives

Home
Authors

Entries by 'David Svoboda'

Mar 25
2013

Using the Pointer Ownership Model to Secure Memory Management in C and C++

Secure Coding 1 Comment »

By David Svoboda
CERT Secure Coding Team

David Svoboda This blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++. Memory problems in C and C++ can lead to serious software vulnerabilities including difficulty fixing bugs, performance impediments, program crashes (including null pointer deference and out-of-memory errors), and remote code execution.

Read more...

Jun 25
2012

The CERT Perl Secure Coding Standard

Secure Coding 21 Comments »

David Svoboda
Software Security Engineer
CERT Secure Coding Initiative

David Svoboda As security specialists, we are often asked to audit software and provide expertise on secure coding practices. Our research and efforts have produced several coding standards specifically dealing with security in popular programming languages, such as C, Java, and C++. This posting describes our work on the CERT Perl Secure Coding Standard, which provides a core of well-documented and enforceable coding rules and recommendations for Perl, which is a popular scripting language.

Read more...

Search
SEI Links
Categories
- Acquisition (30)
- Acquisition Dynamics (6)
- Agile (21)
- Architecture (8)
- Architecture Analysis & Design Language (AADL) (4)
- Architecture Centric Engineering (ACE) (4)
- Architecture Documentation (5)
- Architecture Driven Design (ADD) (2)
- Architecture Tradeoff Analysis Method (ATAM) (3)
- Artificial Intelligence (1)
- Automated remediation (1)
- Autonomy (1)
- Binaries (4)
- CERT (13)
- Cloud Computing (5)
- CMMI (8)
- Common Operating Platform Environments (COPEs) (7)
- Concurrency Analysis (2)
- Cyber-physical Systems (8)
- Data Quality (1)
- Fuzzy Hashing (3)
- Handheld Devices (5)
- Insider Threat (11)
- Interoperability (1)
- Lean (3)
- Machine Learning (1)
- Malware (11)
- Measurement & Analysis (8)
- Multicore Processors (1)
- Operational Resilience (3)
- Quality Attribute Workshop (3)
- Readiness & Fit Analysis (1)
- Real-Time Scheduling (2)
- Reflections on Software Architecture (4)
- Resilience Management Model (RMM) (6)
- Safety-Related Requirements (5)
- Secure Coding (6)
- Security-Related Requirements (5)
- SEI Research (53)
- Service-Oriented Architecture (4)
- Smart Grid Maturity Model (3)
- Software Assurance (2)
- Software Cost Estimates (6)
- Software Product Lines (2)
- Software Sustainment (6)
- Strategic Planning (3)
- System of Systems (2)
- Systems Engineering (1)
- Tactical Systems (4)
- Team Software Process (TSP) (12)
- Technical Debt (5)
- Testing (3)
- Ultra Large Scale Systems (5)
Authors
Archives
Subscribe

Subscribe below to receive email notification of new blog posts. You may unsubscribe at any time.

Recent Posts

The Value of Systems Engineering
5-20-2013
Don’t Sign that Applet!
5-13-2013
Common Testing Problems: Pitfalls to Prevent and Mitigate
5-6-2013
AADL Tools: Leveraging the Ecosystem
4-29-2013
The Latest Research from the SEI
4-22-2013

Recent Comments

Marie Nithya: Java applets are good for people who value security, atleast as far as i am...
Joel Stottlemire: I'm fascinated with the word "ecosystem" used to describe the...
Jack Sunderland: Very insightful indeed. Thanks for sharing AADL community wiki link. I will...
Enrique Cruz: Thanks a lot for answer Grace!

Subscribe to our RSS feeds

Contact | Locations | Legal

© 2013 Carnegie Mellon University