, etc. I am open to both publicly
available standards as well as commercially available standards. So
far, I found
1. www.securecoding.cert.org http://www.securecoding.cert.org/ -
thanks to Robert C. Seacord,
http://krvw.com/pipermail/sc-l/2008/001401.html
2. http
Ken,
Comment below.
FYI, here's an interesting article (and follow-on discussions) about a
recent bug in the GCC compiler collection.
http://lwn.net/Articles/278137/
The bug, which has been documented in a CERT advisory, affects C code
in which, under some circumstances, buffer bounds
We would like to invite the community to review and comment on the
current version of the CERT C Secure Coding Standard available online at
www.securecoding.cert.org http://www.securecoding.cert.org before
Version 1.0 is published. To comment, you can create an account on the
Secure Coding wiki
(http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
___
Secure
available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Robert C. Seacord
Senior Vulnerability
Meunier at Purdue and by Dieter Gollmann
at Hamburg-Harburg; if you know of any others, I'd be glad to hear
about
those, too.
Kind regards from Germany,
Holger Peine
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
ljknews,
Yes, it is virtually impossible to get a serious runtime error in an Ada
program. For example:
http://www.youtube.com/watch?v=kYUrqdUyEpI
rCs
At 9:51 PM +0100 6/9/07, David Crocker wrote:
If instead we pay people to perform the more skilled tasks of establishing
requirements
of registration after this
date.
CO-CHAIRS OF THE CSSIS CLUSTER
Guido Schryen (RWTH Aachen University)
Jason A. Rafail(CERT/CC)
Address email to the Cluster Chairs to [EMAIL PROTECTED]
CO-CHAIRS OF THE CSAS MINITRACK
Jason A. Rafail (CERT/CC)
Robert C. Seacord (CERT/CC)
Dan Plakosh (CERT/CC
David,
Thanks for the explanation of mkdtemp(). I got confused reading the man
page because I wasn't expecting the function to return char *, but I
guess that makes sense.
I wish that the C standard body would update the C library and add
an exclusive create capability for fopen(), so that
I've seen advice here and there to use the mkdtemp() function to create
temporary directories, for example:
- Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
recommends them
- David Wheeler's Secure Programming for Linux and Unix HOWTO at
Crispin,
I think you may have over spoken below:
Seeking perfect correctness as an approach to security is a fool's
errand. Security is designing systems that can tolerate imperfect software.
I could go along with achieving perfect correctness as an approach to
security is a fool's belief but
Coding in C
and C++. I'm hoping to take this material and incorporate it into the
course. Once I get some experience teaching the material, I could help
turn it into a college text. (I've written three books already, so I'm
a proven threat. 8^)
Thanks,
rCs
--
Robert C. Seacord
Senior
Gadi,
Here are some searches from Derek Jones:
The new Google source code search page has opened up
some interesting research possibilities.
How many instances of:
if (...) ;
are there out there (skip the first half dozen unusual macro uses)?
2004. ISBN 0 9524156.
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo
. 8^)
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List
success or failure. The managed string library also protects against
improper data sanitization by (optionally) ensuring that all characters
in a string belong to a predefined set of safe characters.
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268
Does anyone have any experience of specific examples of vulnerabilities
resulting from the use of uninitialized or invalidated STL iterators or
other STL related vulnerabilities? I'm doing some research for a new
project (which I hope to announce here shortly).
Thanks,
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available
and maintenance
CO-CHAIRS
Sven Dietrich CERT[EMAIL PROTECTED]
Daniel Plakosh CERT/CC [EMAIL PROTECTED]
Robert C. Seacord CERT/CC [EMAIL PROTECTED]
PROGRAM COMMITTEE
Julia Allen SEI/CMU
Hal Burch CERT/CC
Brian Chess
19 matches
Mail list logo