CMU and SEI’s CERT Division to Host Fall ISO/IEC International C Programming Language Standards Committee
• Article
October 17, 2016—The Secure Coding Team of the SEI’s CERT Division will host the fall 2016 meeting of the ISO/IEC International C Programming Language Standards Committee (JTC1/SC22/WG14) and the U.S. C Programming Language committee (INCITS PL22.11) October 17—21 at Carnegie Mellon University. For the past several years, members of the Secure Coding Team have served on the standards committee and worked to introduce much-needed security enhancements to the C programming language and standard library. CERT committee members also contributed to the recent major revision of the ISO/IEC standard for the C programming language. CERT staff members currently serving on the standards committees include Daniel Plakosh, Aaron Ballman, and David Svoboda.
Dan Plakosh, Enterprise Sector Manager of the SEI’s Software Solutions Division and secretary of the ISO/IEC committee, said “Our fall meeting will continue our efforts to make software better and more secure by improving the C programming language with more function and better security while maintaining performance for use in demanding applications, such as embedded control systems."
The SEI CERT Division is a voting member of INCITS PL22.11 Programming Language C, INCITS PL22.16 Programming Language C++, and INCITS PL22 Programming Languages, their Environments, and System Software Interfaces.
Robert Schiela, Technical Manager of Secure Coding at SEI’s CERT Division, said “CERT’s engagement with the ISO C and C++ committees has been a great opportunity for us to be directly aware of future plans and developments for the languages. It also allows us to influence the language standards to ensure security considerations as part of the proposed changes. For example, Aaron Ballman, one of our team members, has several proposals on the agenda for this meeting that would improve the security of the language.”
For more information about the CERT Secure Coding Team’s work on ISO/IEC programming standards, visit http://www.cert.org/secure-coding/standards/index.cfm.