Dean F. Sutherland
Software Engineering Institute
Publications by Dean F. Sutherland
-
C/C++ Thread Safety Analysis
October 15, 2014 • Article
DeLesley Hutchins (Google, Inc.)Aaron BallmanDean F. Sutherland
In this paper, the authors describe Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs.
read -
Mobile SCALe: Rules and Analysis for Secure Java and Android Coding
November 08, 2013 • Technical Report
Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering)Lori FlynnLimin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering)
In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.
read -
Java Coding Guidelines for Reliability
September 27, 2013 • Article
Fred Long (Aberystwyth University)Dhruv MohindraRobert C. Seacord
In this sample chapter, the authors describe how to avoid obscure techniques and code that is difficult to understand and maintain when programming in Java.
read -
Don’t Be Pwned: A Short Course on Secure Programming in Java
September 24, 2013 • Video
Robert C. SeacordDean F. Sutherland
In this JavaOne 2013 video, developers of the CERT Oracle Secure Coding Standard for Java describe exploits that compromised Java programs in the field.
watch -
Don’t Be Pwned: A Short Course on Secure Programming in Java
September 24, 2013 • Presentation
Dean F. SutherlandRobert C. SeacordDavid Svoboda
In this presentation, the developers of the CERT Oracle Secure Coding Standard for Java present real exploits that have compromised Java programs in the field.
read -
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
August 05, 2013 • Book
Fred LongDhruv MohindraRobert C. Seacord
In this book, Robert Seacord brings together expert guidelines, recommendations, and code examples to help you use Java code to perform mission-critical tasks.
read -
The CERT Oracle Secure Coding Standard for Java: Input Validation and Data Sanitization
October 24, 2011 • Article
Fred Long (Aberystwyth University)David SvobodaDhruv Mohindra
In this sample chapter, the authors provide rules, assesses their risk, and provide noncompliant and compliant code and solutions to validate and sanitize the data.
read -
The CERT Oracle Secure Coding Standard for Java
September 08, 2011 • Book
Fred LongDhruv MohindraRobert C. Seacord
In this book, the authors provide the first comprehensive compilation of code-level requirements for building secure systems in Java.
read