
Blog Posts
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
• By Garret Wassermann, David Svoboda
In Secure Development


Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
• By Joe Sible, David Svoboda
In Secure Development


Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
• By Scott Hissam
In Secure Development

11 Leading Practices When Implementing a Container Strategy
While containers are frequently lauded in the latest software development trends, switching from using virtual machines and deploying an organization-wide container strategy remains non-trivial.
• By Andrew O. Mellinger, William Nichols, Jay Palat
In Secure Development


Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems
Key features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE work
• By Lori Flynn
In Secure Development

A Technique for Decompiling Binary Code for Software Assurance and Localized Repair
The DoD has a significant amount of software available only in binary form. It is impractical to ensure that this software is free from vulnerabilities and malicious code.
• By William Klieber
In Secure Development

Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
• By Scott Hissam
In Secure Development

A Public Repository of Data for Static-Analysis Classification Research
This blog post describes a new repository of labeled data that CERT is making publicly available for many code-flaw conditions. Researchers can use this dataset along with the associated code …
• By Lori Flynn
In Secure Development

Automated Code Repair to Ensure Memory Safety
Memory-safety vulnerabilities are among the most common and most severe types of software vulnerabilities. In early 2019, a memory vulnerability in the iPhone iOS....
• By William Klieber
In Secure Development

An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts
In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.
• By Lori Flynn, Ebonie McNeil
In Secure Development

