The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.
Pointers are a dangerous feature provided by C/C++, and incorrect use of pointers is a common source of bugs and vulnerabilities. Most new languages lack pointers or severely restrict their capabilities. Nonetheless, many C/C++ programmers work with pointers safely, by maintaining an internal model of when memory accessed through pointers should be allocated and subsequently freed. This model is frequently not documented in the program. The Pointer Ownership Model (POM) can statically identify certain classes of errors involving dynamic memory in C/C++ programs. It works by requiring the developer to identify responsible pointers, whose objects must be explicitly freed before the pointers themselves may be destroyed. POM can be statically analyzed to ensure that the design is consistent and secure, and that the code correctly implements the design. Consequently, POM can be used to identify, and eliminate many dynamic memory errors from C programs.