Four Secure Coding Publications
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Establishing Coding Requirements for Non-Safety-Critical C++ Systems
C++ is used extensively throughout the DoD, including major weapons systems such as the Joint Strike Fighter. Existing C++ coding standards fail to address security, subset the language (e.g., MISRA C++: 2008) or are outdated and unprofessional (e.g., C++ Coding Standard referenced in DISA’s Application Security and Development STIG).
Prioritizing Alerts from Static Analysis with Classification Models
The project created alert classification models using features derived from multiple static analysis tools, code base metrics, and archived audit determinations. The results are accurate predictors of alert validity, intended for use in automatic prioritization of alerts from static analysis tools that minimizes the number of alerts needing human assessment.
Automated Code Repair
This project focused on integer overflow in calculations of how much memory to allocate and calculations related to array bounds. Through this work, we will reduce a typical number of unhandled violations to a number small enough for a development team to mitigate all of them.
Common Exploits and How to Prevent Them
This talk was given at the Secure Coding Symposium in Arlington, Virginia in September 2016. At this event, software development and assurance professionals discussed current challenges in the areas of secure coding practice adoption and software assurance.
Collection Items
Establishing Coding Requirements for Non-Safety-Critical C++ Systems
• Presentation
By Aaron Ballman
Developed checkers, rules, and rule organization for secure C++ code.
Learn MorePrioritizing Alerts from Static Analysis with Classification Models
• Presentation
By Lori Flynn
In this presentation, Lori Flynn describes work toward an automated and accurate statistical classifier, intended to efficiently use analyst effort and to remove code flaws.
Learn MoreCommon Exploits and How to Prevent Them
• Presentation
By David Svoboda
This presentation was given at the 2016 Secure Coding Symposium, where attendees discussed challenges in secure coding and software assurance.
Learn MoreAutomated Code Repair
• Presentation
By William Klieber
This work aims to develop techniques to eliminate security vulnerabilities at a lower cost than manual repair.
Learn More