Thursday, Aug 13, 2009 1-2 p.m. EDT
Secure Coding by Robert Seacord
Register
It is a frequent yet unintended mistake among software developers. In copying a string in memory, they unwittingly create a vulnerability that can be used to execute malicious code by an attacker.
The malicious code may be used to spread a worm, or insert a back door on a machine, steal a user's identity, or steal sensitive information.
In fact, a recent study found that 64 percent of vulnerabilities in the National Vulnerability Database were the result of coding errors.
Led by Robert Seacord, the Secure Coding Initiative (SCI) within CERT works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before software becomes operational. SCI is developing secure coding standards for commonly used programming languages such as C, C++, and Java. These standards can be used to improve and assess the security and overall quality of software through training, automated analysis, code review, and other processes.
To learn more about Robert's work and the Secure Coding Initiative at the SEI, sign up for this webinar.