Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Showing 1 - 10 of 18 results for the Type - technical report Secure Coding

Technical Note | April 2012 - Technical Note Source Code Analysis Laboratory (SCALe) By Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch

In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.

Technical Report | December 2010 - Technical Report Source Code Analysis Laboratory (SCALe) for Energy ... By Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch

In this report, the authors describe the Source Code Analysis Laboratory (SCALe), which tests software for conformance to CERT secure coding standards.

Technical Note | July 2014 - Technical Note Performance of Compiler-Assisted Memory Safety Checking By David Keaton, Robert C. Seacord

This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.

Technical Report | June 2008 - Technical Report Evaluation of CERT Secure Coding Rules through Integration ... By Stephen Dewhurst, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert C. Seacord, David Svoboda, Chris Taschner, Kazuya Togashi (JPCERT/CC)

In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.

Technical Report | November 2013 - Technical Report Mobile SCALe: Rules and Analysis for Secure Java and ... By Lujo Bauer (Carnegie Mellon University - Department of Electrical and Computer Engineering), Lori Flynn, Limin Jia (Carnegie Mellon University - Department of Electrical and Computer Engineering), Will Klieber, Fred Long, Dean F. Sutherland, David Svoboda

In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.

Technical Note | July 2012 - Technical Note Supporting the Use of CERT Secure Coding Standards in ... By Timothy Morrow, Robert C. Seacord, John K. Bergey, Philip Miller

In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.

Technical Note | July 2009 - Technical Note As-if Infinitely Ranged Integer Model By David Keaton, Thomas Plum (Plum Hall - Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.

Technical Report | May 2010 - Technical Report Java Concurrency Guidelines By Fred Long, Dhruv Mohindra, Robert C. Seacord, David Svoboda

In this report, the authors describe the CERT Oracle Secure Coding Standard for Java, which provides guidelines for secure coding in Java.

Technical Note | June 2014 - Technical Note Improving the Automated Detection and Analysis of Secure ... By Daniel Plakosh, Robert C. Seacord, Robert W. Stoddard, David Svoboda, David Zubrow

This technical note describes the accuracy analysis of the Source Code Analysis Laboratory (SCALe) tools and the characteristics of flagged coding violations.

Technical Report | July 2017 - Technical Report DidFail: Coverage and Precision Enhancement By Karan Dwivedi (No Affiliation), Hongli Yin (No Affiliation), Pranav Bagree (No Affiliation), Xiaoxiao Tang (No Affiliation), Lori Flynn, William Klieber, William Snavely

This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.