Blog Posts
A Technique for Decompiling Binary Code for Software Assurance and Localized Repair
The DoD has a significant amount of software available only in binary form. It is impractical to ensure that this software is free from vulnerabilities and malicious code.
• By Will Klieber
In Secure Development
Automated Code Repair to Ensure Memory Safety
Memory-safety vulnerabilities are among the most common and most severe types of software vulnerabilities. In early 2019, a memory vulnerability in the iPhone iOS....
• By Will Klieber
In Secure Development
Inference of Memory Bounds: Preventing the Next Heartbleed
Invalid memory accesses are one of the most prevalent and serious of software vulnerabilities. Leakage of sensitive information caused by out-of-bounds reads is a relatively new problem that most recently …
• By Will Klieber
In Secure Development
Automated Detection of Information Leaks in Mobile Devices
Exfiltration of sensitive data on mobile devices is a major concern for the DoD, other organizations, and individuals. Colluding apps in public use have been discovered by security researchers. The …
• By Lori Flynn, Will Klieber
Automated Code Repair in the C Programming Language
By Will Klieber CERT Secure Coding TeamThis blog post is co-authored by Will Snavely. Finding violations of secure coding guidelines in source code is daunting, but fixing them is an …
• By Will Klieber
In Secure Development
An Enhanced Tool for Securing Android Apps
Each software application installed on a mobile smartphone, whether a new app or an update, can introduce new, unintentional vulnerabilities or malicious code. These problems can lead to security challenges …
• By Lori Flynn, Will Klieber
In Secure Development
Two Secure Coding Tools for Analyzing Android Apps
Although the Android Operating System continues to dominate the mobile device market (82 percent of worldwide market share in the third quarter of 2013), applications developed for Android have faced …