* Faculty       * Staff       * Students & Alumni       * Committees       * Contact       * Institute Directory
* Undergraduate Program       * Graduate Program       * Courses       * Institute Catalog      
* Undergraduate       * Graduate       * Institute Admissions: Undergraduate | Graduate      
* Colloquia       * Seminars       * News       * Events       * Institute Events      
* Overview       * Lab Manual       * Institute Computing      
No Menu Selected

* News


The CERT Secure Coding Initiative

Robert C. Seacord
Software Engineering Institute and Computer Sciences department
Carnegie Mellon University

Tuesday, April 3, 2007

Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. The CERT/CC has observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.
The CERT Secure Coding Initiative works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors before they are deployed. Our principal goals are to identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, educate software developers, and to advance the state of the practice in secure coding.
This presentation provides an overview of the CERT Secure Coding Initiative with a more detailed look at the CERT Secure Coding standards for the C and C++ programming languages.

Bio: Robert C. Seacord is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) located at Carnegie Mellon University in Pittsburgh, PA. Seacord is the author of Secure Coding in C and C++ (Addison-Wesley, 2005) and coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003). Seacord has also authored more than 40 papers on topics including software security, component-based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Seacord is an adjunct professor for the CMU School of Computer Science and a part time faculty member at the University of Pittsburgh.
Seacord started programming professionally for IBM in 1982, where he specialized in communications and operating system software, processor development, and software engineering. Seacord has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He also is actively involved in the JTC1/SC22/WG14 international standardization working group for the C programming language.
Seacord received a B.S. in computer science from Rensselaer Polytechnic Institute in 1983.

Host: David Spooner (x6890)
Administrative support: Chris Coonrad (x8412)