Secure Development
Blog Posts
A Public Repository of Data for Static-Analysis Classification Research
This blog post describes a new repository of labeled data that CERT is making publicly available for many code-flaw conditions. Researchers can use this dataset along with the associated code …
• By Lori Flynn
In Secure Development
Automated Code Repair to Ensure Memory Safety
Memory-safety vulnerabilities are among the most common and most severe types of software vulnerabilities. In early 2019, a memory vulnerability in the iPhone iOS....
• By Will Klieber
In Secure Development
An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts
In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.
• By Lori Flynn, Ebonie McNeil
In Secure Development
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications
The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....
• By David Svoboda
In Secure Development
Using the SEI CERT Coding Standards to Improve Security of the Internet of Things
The Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....
• By David Svoboda
In Secure Development
SCALe v. 3: Automated Classification and Advanced Prioritization of Static Analysis Alerts
Static analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer …
• By Lori Flynn, Ebonie McNeil
In Secure Development
IPV6 Adoption: Is your ISP ready to support IPv6?
If you're considering migrating to IPv6, you may be asking, Am I ready? That's a good question to ask, but you also have to ask, Is my ISP ready? If …
• By Joseph Mayes
In Secure Development
SCALe: A Tool for Managing Output from Static Analysis Tools
Experience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....
• By Lori Flynn
In Secure Development
Obsidian: A New, More Secure Programming Language for Blockchain
Billions of dollars in venture capital, industry investments, and government investments are going into the technology known as blockchain....
• By Eliezer Kanal
In Secure Development
Decision-Making Factors for Selecting Application Security Testing Tools
In the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....
• By Thomas Scanlon
In Secure Development
