Entries Tagged as 'Secure Coding '

Improving Security in the Latest C Programming Language Standard

Secure Coding 1 Comment »

By David Keaton,
Researcher
The CERT Secure Coding Program

David KeatonBuffer overflows—an all too common problem that occurs when a program tries to store more data in a buffer, or temporary storage area, than it was intended to hold—can cause security vulnerabilities. In fact, buffer overflows led to the creation of the CERT program, starting with the infamous 1988 “Morris Wormincident in which a buffer overflow allowed a worm entry into a large number of UNIX systems. For the past several years, the CERT Secure Coding team has contributed to a major revision of the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standard for the C programming language. Our efforts have focused on introducing much-needed enhancements to C and its standard library to address security issues, such as buffer overflows. These security enhancements include (conditional) support for bounds-checking interfaces, (conditional) support for analyzability, static assertions, “no-return” functions, support for opening files for exclusive access, and the removal of the insecure gets() function. This blog posting explores two of the changes—bounds-checking interfaces and analyzability—from the December 2011 revision of the C programming language standard, which is known informally as C11 (each revision of the standard cancels and replaces the previous one, so there is only one C standard at a time).

Read more...

The Growing Importance of Sustaining Software for the DoD

Architecture Documentation , Common Operating Platform Environments (COPEs) , Secure Coding , Service-Oriented Architecture , Software Product Lines , Software Sustainment , System of Systems , Team Software Process (TSP) , Ultra Large Scale Systems 7 Comments »

Part 2: SEI R&D Activities Related to Sustaining Software for the DoD
By Douglas C. Schmidt,
Deputy Director, Research, and Chief Technology Officer

Douglas C. SchmidtSoftware sustainment is growing in importance as the inventory of DoD systems continues to age and greater emphasis is placed on efficiency and productivity in defense spending. In part 1 of this series, I summarized key software sustainment challenges facing the DoD.  In this blog posting, I describe some of the R&D activities conducted by the SEI to address these challenges.

Read more...