Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Showing 1 - 9 of 9 results for the Type - technical note Secure Coding

Technical Note | July 2012 - Technical Note Supporting the Use of CERT Secure Coding Standards in ... By Timothy Morrow, Robert C. Seacord, John K. Bergey, Philip Miller

In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.

Technical Note | June 2014 - Technical Note Improving the Automated Detection and Analysis of Secure ... By Daniel Plakosh, Robert C. Seacord, Robert W. Stoddard, David Svoboda, David Zubrow

This technical note describes the accuracy analysis of the Source Code Analysis Laboratory (SCALe) tools and the characteristics of flagged coding violations.

Technical Note | July 2014 - Technical Note Performance of Compiler-Assisted Memory Safety Checking By David Keaton, Robert C. Seacord

This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.

Technical Note | April 2012 - Technical Note Source Code Analysis Laboratory (SCALe) By Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch

In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.

Technical Note | July 2009 - Technical Note As-if Infinitely Ranged Integer Model By David Keaton, Thomas Plum (Plum Hall - Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.

Technical Note | January 2005 - Technical Note A Structured Approach to Classifying Security Vulnerabilities By Robert C. Seacord, Allen D. Householder

In this 2005 report, the authors propose a classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities.

Technical Note | October 2005 - Technical Note Software Vulnerabilities in Java By Fred Long

In this report, Fred Long briefly describes potential software vulnerabilities in Java version 5.

Technical Note | September 2007 - Technical Note Ranged Integers for the C Programming Language By Jeff Gennari, Shaun Hedrick, Fred Long, Justin Pincar, Robert C. Seacord

In this 2007 report, the authors describe an extension to the C programming language to introduce the notion of ranged integers.

Technical Note | April 2010 - Technical Note As-If Infinitely Ranged Integer Model, Second Edition By Roger Dannenberg (School of Computer Science - Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall - Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.