Entries for month: March 2013

Using the Pointer Ownership Model to Secure Memory Management in C and C++

Secure Coding 1 Comment »

By David Svoboda
CERT Secure Coding Team

David SvobodaThis blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++.  Memory problems in C and C++ can lead to serious software vulnerabilities including difficulty fixing bugs, performance impediments, program crashes (including null pointer deference and out-of-memory errors), and remote code execution.


Mitigating Agile Adoption Risks: Organization Climate

Agile , Readiness & Fit Analysis 1 Comment »

Second in a Series on Readiness Fit Analysis for Adoption of Agile Methods
By Suzanne Miller
Senior Member of the Technical Staff
Acquisition Support Program

Suzanne MillerThe adoption of new practices, such as agile or any new practice for that matter, is a task that is best undertaken with both eyes open. There are often disconnects between the adopting organization’s current practice and culture and the new practices being adopted. This posting is the second installment in a series on Readiness & Fit Analysis (RFA), which is a model and method for understanding risks when contemplating or embarking on the adoption of new practices, in this case agile methods. The RFA method helps organizations understand the barriers and enablers to successful adoption that are present when an analysis is performed. The first post in this series outlined the principles of RFA and described the Acquisition Support Program’s work in extending RFA to support profiling and adoption risk identification to organizations that are adopting agile methods. This blog post continues the discussion with a more in-depth dive into one more of the six RFA categories that we have identified.


Introduction to the Architecture Analysis & Design Language

Architecture , Architecture Analysis & Design Language (AADL) No Comments »

By Julien Delange
Member of the Technical Staff
Research Technology & System Solutions

Julien DelangeWhen a system fails, engineers too often focus on the physical components, but pay scant attention to the software. In software-reliant systems ignoring or deemphasizing the importance of software failures can be a recipe for disaster.  This blog post is the first in a series on recent developments with the Architecture Analysis Design Language (AADL) standard. Future posts will explore recent tools and projects associated with AADL, which provides formal modeling concepts for the description and analysis of application systems architecture in terms of distinct components and their interactions. As this series will demonstrate, the use of AADL helps alleviate mismatched assumptions between the hardware, software, and their interactions that can lead to system failures.


Standards in Cloud Computing Interoperability

Cloud Computing No Comments »

By Grace Lewis
Technical Lead,
Edge-Enabled Tactical Systems Research

Grace Lewis In 2011, Col. Timothy Hill, director of the Futures Directorate within the Army Intelligence and Security Command, urged industry to take a more open-standards approach to cloud computing. “Interoperability between clouds, as well as the portability of files from one cloud to another, has been a sticking point in general adoption of cloud computing,” Hill said during a panel at the AFCEA International 2011 Joint Warfighting Conference. Hill’s view has been echoed by many in the cloud computing community, who believe that the absence of interoperability has become a barrier to adoption.  This posting reports on recent research exploring the role of standards in cloud computing and offers recommendations for future standardization efforts.