search menu icon-carat-right cmu-wordmark

Posts by David Keaton

Performance of Compiler-Assisted Memory Safety Checking

Performance of Compiler-Assisted Memory Safety Checking

• Blog
David Keaton

According to a 2013 report examining 25 years of vulnerabilities (from 1998 to 2012), buffer overflow causes 14 percent of software security vulnerabilities and 35 percent of critical vulnerabilities, making it the leading cause of software security vulnerabilities overall. As of July 2014, the TIOBE index indicates that the C programming language, which is the language most commonly associated with buffer overflows, is the most popular language with 17.1 percent of the market. Embedded systems,...

Read More
Helping Developers Address Security with the CERT C Secure Coding Standard

Helping Developers Address Security with the CERT C Secure Coding Standard

• Blog
David Keaton

By analyzing vulnerability reports for the C, C++, Perl, and Java programming languages, the CERT Secure Coding Team observed that a relatively small number of programming errors leads to most vulnerabilities. Our research focuses on identifying insecure coding practices and developing secure alternatives that software programmers can use to reduce or eliminate vulnerabilities before software is deployed. In a previous post, I described our work to identify vulnerabilities that informed the revision of the International...

Read More
Improving Security in the Latest C Programming Language Standard

Improving Security in the Latest C Programming Language Standard

• Blog
David Keaton

Buffer overflows--an all too common problem that occurs when a program tries to store more data in a buffer, or temporary storage area, than it was intended to hold--can cause security vulnerabilities. In fact, buffer overflows led to the creation of the CERT program, starting with the infamous 1988 "Morris Worm" incident in which a buffer overflow allowed a worm entry into a large number of UNIX systems. For the past several years, the CERT...

Read More

Contact the Author

David Keaton

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by David Keaton

View publications