Fred Long
Software Engineering Institute
Publications by Fred Long
-
Mobile SCALe: Rules and Analysis for Secure Java and Android Coding
November 08, 2013 • Technical Report
Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering)Lori FlynnLimin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering)
In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.
read -
Java Coding Guidelines for Reliability
September 27, 2013 • Article
Fred Long (Aberystwyth University)Dhruv MohindraRobert C. Seacord
In this sample chapter, the authors describe how to avoid obscure techniques and code that is difficult to understand and maintain when programming in Java.
read -
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
August 05, 2013 • Book
Fred LongDhruv MohindraRobert C. Seacord
In this book, Robert Seacord brings together expert guidelines, recommendations, and code examples to help you use Java code to perform mission-critical tasks.
read -
The CERT Oracle Secure Coding Standard for Java: Input Validation and Data Sanitization
October 24, 2011 • Article
Fred Long (Aberystwyth University)David SvobodaDhruv Mohindra
In this sample chapter, the authors provide rules, assesses their risk, and provide noncompliant and compliant code and solutions to validate and sanitize the data.
read -
The CERT Oracle Secure Coding Standard for Java
September 08, 2011 • Book
Fred LongDhruv MohindraRobert C. Seacord
In this book, the authors provide the first comprehensive compilation of code-level requirements for building secure systems in Java.
read -
Java Concurrency Guidelines
May 01, 2010 • Technical Report
Fred LongDhruv MohindraRobert C. Seacord
In this report, the authors describe the CERT Oracle Secure Coding Standard for Java, which provides guidelines for secure coding in Java.
read -
Specifications for Managed Strings, Second Edition
May 01, 2010 • Technical Report
Hal BurchFred LongRaunak Rungta
In this report, the authors describe a managed string library for the C programming language.
read -
Ranged Integers for the C Programming Language
September 01, 2007 • Technical Note
Jeff GennariShaun HedrickFred Long
In this 2007 report, the authors describe an extension to the C programming language to introduce the notion of ranged integers.
read -
Specifications for Managed Strings
May 01, 2006 • Technical Report
Hal BurchFred LongRobert C. Seacord
This report has been superseded by Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018).
read -
Software Vulnerabilities in Java
October 01, 2005 • Technical Note
Fred Long
In this report, Fred Long briefly describes potential software vulnerabilities in Java version 5.
read -
Information Technology: Programming Languages, Their Environments and System Software Interfaces: Specification for Managed Strings
August 19, 2005 • White Paper
Fred LongRobert C. Seacord
In this paper, the authors present a standard specification for managed strings.
read -
Volume II: Technical Concepts of Component-Based Software Engineering, 2nd Edition
May 01, 2000 • Technical Report
Felix BachmannLen BassCharles Buhman
The objective of this study is to determine whether CBSE has the potential to advance the state of software engineering practice and, if so, whether the SEI can contribute to this advancement.
read -
Volume I: Market Assessment of Component-Based Software Engineering Assessments
May 01, 2000 • Technical Note
Len BassCharles BuhmanSantiago Comella-Dorda
This 2001 report examines software component technology from a business perspective.
read -
Securing Internet Sessions with Sorbet
July 01, 1999 • Technical Note
Fred LongScott HissamRobert C. Seacord
To secure communications media connections, mechanisms must be built on top of the underlying facilities. This 1999 report discusses one such security mechanism and describes an implementation using CORBA-based interceptors.
read -
An Overview of PCTE: A Basis for a Portable Common Tool Environment
March 01, 1993 • Technical Report
Fred LongEdwin J. Morris
This 1993 report details the history and currentstatus of PCTE and PCTE-based environments.
read