Entries by 'David Svoboda'

Using the Pointer Ownership Model to Secure Memory Management in C and C++

Secure Coding 1 Comment »

By David Svoboda
CERT Secure Coding Team

David SvobodaThis blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++.  Memory problems in C and C++ can lead to serious software vulnerabilities including difficulty fixing bugs, performance impediments, program crashes (including null pointer deference and out-of-memory errors), and remote code execution.


The CERT Perl Secure Coding Standard

Secure Coding 21 Comments »

David Svoboda
Software Security Engineer
CERT Secure Coding Initiative

David SvobodaAs security specialists, we are often asked to audit software and provide expertise on secure coding practices. Our research and efforts have produced several coding standards specifically dealing with security in popular programming languages, such as C, Java, and C++. This posting describes our work on the CERT Perl Secure Coding Standard, which provides a core of well-documented and enforceable coding rules and recommendations for Perl, which is a popular scripting language.