Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Webinar

Secure Coding

  • August 2009
  • By Robert C. Seacord
  • In this webinar, Robert Seacord discusses work to develop secure coding standards for commonly used programming languages such as C, C++, and Java.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Loading the video......
  • Abstract

    It is a frequent yet unintended mistake among software developers. In copying a string in memory, they unwittingly create a vulnerability that can be used to execute malicious code by an attacker.

    The malicious code may be used to spread a worm, or insert a back door on a machine, steal a user's identity, or steal sensitive information.

    In fact, a recent study found that 64 percent of vulnerabilities in the National Vulnerability Database were the result of coding errors. 

    Led by Robert Seacord, the Secure Coding Initiative (SCI) within CERT works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before software becomes operational.  SCI is developing secure coding standards for commonly used programming languages such as C, C++, and Java. These standards can be used to improve and assess the security and overall quality of software through training, automated analysis, code review, and other processes.

    About Robert Seacord

    Robert Seacord began programming (professionally) for IBM in 1982 and has been programming in C since 1985. Robert leads the Secure Coding Initiative at the CERT, located at Carnegie Mellon’s Software Engineering Institute (SEI). He is author of The CERT C Secure Coding Standard (Addison-Wesley, 2009), Secure Coding in C and C++ (Addison-Wesley, 2005), Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).

  • Slides