search menu icon-carat-right cmu-wordmark

June/July 2014 Edition of the Secure Coding Newsletter

June 2014 Newsletter

The CERT Secure Coding Team announces various news, such as the release of the DidFail tool and a new SEI technical report about SCALe.

Publisher:

CERT Division

Abstract

In this edition of the newsletter, Secure Coding team members describe a new tool, DidFail, which analyzes Android apps that might leak sensitive information from a sensitive source to a restricted sink.

The team also released a new technical report, Improving the Automated Detection and Analysis of Secure Coding Violations, which describes the accuracy analysis of the SCALe tools and the characteristics of flagged coding violations.

Team members also describe presentations they made at events such as ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis and their plans to update the C++ Secure Coding Standard after attending successful Standards meetings in Europe.

Work has continued on developing the Android secure coding standard on the Android Secure Coding wiki. The team has also performed SCALe assessments, an effort that has led to the team incorporating many improvements to the CERT Oracle Secure Coding Standard for Java.

Read the newsletter >