By David Svoboda on October 5, 2015 9:00 AM| 2 Comments
By David Svoboda Senior Member of the Technical Staff CERT Division Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When we began writing the SEI CERT Oracle...
By David Svoboda on December 8, 2014 6:54 PM| No Comments
A zero-day vulnerability refers to a software security vulnerability that has been exploited before any patch is published. In the past, vulnerabilities were widely exploited even when a patch was available, which means they were not zero-day. Today, zero-day vulnerabilities...
By David Svoboda on March 25, 2013 3:05 PM| No Comments
This blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++. Memory problems in C and C++ can lead to serious software vulnerabilities including difficulty fixing bugs, performance impediments, program crashes...
By David Svoboda on June 25, 2012 4:22 PM| No Comments
As security specialists, we are often asked to audit software and provide expertise on secure coding practices. Our research and efforts have produced several coding standards specifically dealing with security in popular programming languages, such as C, Java, and C++....
Visit the SEI Digital Library for other publications by David
Toll Free: 888-201-4479
4500 Fifth Avenue
Pittsburgh, PA 15213-2612