Blog Posts
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
• By Garret Wassermann, David Svoboda
In Secure Development
Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
• By Joseph Sible, David Svoboda
In Secure Development
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications
The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....
• By David Svoboda
In Secure Development
Using the SEI CERT Coding Standards to Improve Security of the Internet of Things
The Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....
• By David Svoboda
In Secure Development
CERT C++ Secure Coding Guidelines
Software vulnerabilities typically cost organizations an average of $300,000 per security incident. Efforts aimed at eliminating software vulnerabilities must focus on secure coding, preventing the vulnerabilities from being deployed into …
• By David Svoboda
In Secure Development
Is Java More Secure than C?
When we began writing the SEI CERT Oracle Coding Standard for Java, we thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because …
• By David Svoboda
In Secure Development
Java Zero Day Vulnerabilities
A zero-day vulnerability refers to a software security vulnerability that has been exploited before any patch is published. In the past, vulnerabilities were widely exploited even when a patch was …
• By David Svoboda
In Secure Development
Using the Pointer Ownership Model to Secure Memory Management in C and C++
This blog post describes a research initiative aimed at eliminating vulnerabilities resulting from memory management problems in C and C++. Memory problems in C and C++ can lead to serious …
• By David Svoboda
In Secure Development
Anatomy of Java Exploits
On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits....
• By Art Manion, David Svoboda
In CERT/CC Vulnerabilities
The CERT Perl Secure Coding Standard
As security specialists, we are often asked to audit software and provide expertise on secure coding practices. Our research and efforts have produced several coding standards specifically dealing with security …