mailing list archives
Re: Robert Seacord on the CERT C Secure Coding Standard
From: Robert Seacord <rcs () cert org>
Date: Wed, 17 Dec 2008 10:09:39 -0500
You can also look at www.securecoding.cert.org. This is a wiki, where we (CERT and the community) are developing secure
coding standards for C, C++, and Java). We also have a project on secure design patterns, which is not public yet but
will hopefully be made public early next year. Anyone can create an account and comment on any of the publically
available coding standards.
As I mentioned in the article, we are also working on a security annex for the next revision of the C standard. I
would love to see more involvement from the security community in the evolution of the C programming language. In
particular, I am planning to circulate a draft proposal for this annex in January.
From: wishi [mailto:brouce () gmx net]
Sent: Wednesday, December 17, 2008 9:22 AM
To: Robert Seacord
Subject: Re: [Dailydave] Robert Seacord on the CERT C Secure Coding Standard
Robert Seacord schrieb:
informIT published an interview with me written by David Chisnall:
David asked some interesting questions about security and the future of the C programming language.
Interesting article. I recently searched for detailed information regarding secure programming in C.
I found (http://www.cert.org/secure-coding/) which focuses white papers or books by Gary McGraw and Robert Seacord.
I personally think that secure coding, especially in C, is essential and extremely important, because ~60% of all
exploits I see are buffer overruns. Which is a problem, that's not solving itself.
Does anyone know where to find more information how to write secure code and how to develop "bulletproof program
concepts"? I never found anything focusing this aspect on a pure technical level.
Many courses, lots of material, teaches exploiting techniques. Most often this isn't very constructive, because the
answers to these exploitations isn't better code. Firewalls i. e. are a network based answer to a pure software based
Dailydave mailing list
Dailydave () lists immunitysec com
Re: Faster, smashter. (fwd) sinan . eren (Dec 11)
Re: Faster, smashter. (fwd) Robert Lemos (Dec 12)
Re: Faster, smashter. (fwd) Thorsten Holz (Dec 10)