CERT
 
Publications CatalogHistorical Documents
 


The rising number of software security vulnerabilities discovered annually highlights the need to correct defects before the software ships. CERT is tackling this challenge in a number of ways. For instance, its secure coding initiative seeks to identify program errors most likely to cause security breaches and develop practices for avoiding them. CERT's work on Function Extraction (FX), a new, theory-based technology for automated calculation of the functional behavior of software, is leading toward a better understanding of program behavior. This understanding is essential for discovering errors and vulnerabilities, and also for improving software specification, architecture, design, implementation, the development processes that produce them.

Secure Coding

The primary cause of commonly exploited software vulnerabilities is software defects that could have been avoided. Through our analysis of thousands of vulnerability reports, the CERT/CC has observed that most of them stemmed from a relatively small number of root causes. If we can identify the root causes of vulnerabilities and develop secure coding practices for illustration, software producers may be able to take practical steps to prevent introduction of vulnerabilities into deployed software systems.

Secure Coding Area
Contains current secure coding projects, publications, presentations, and related vulnerabilities.

offsite Secure Coding standards web site
A collaborative site that provides rules and recommendations for secure coding practices in the C and C++ programming languages

Function Extraction for Malicious Code (FX/MC)

As the volatility of malicious code on the Internet increases, fast and reliable understanding of what the code is doing becomes critical for developing timely countermeasures. But malicious code analysis today requires laborious code reading by security experts that can take days of effort, delaying an effective response.

FX/MC Project
See details about FX/MC benefits, research approach, accomplishments, and future plans.

Vulnerability Remediation

Our vulnerability remediation work focuses on reducing the number and impact of security threats caused by software vulnerabilities. By analyzing the vulnerabilities and coordinating with vendors, we are able to provide accurate, neutral, and objective information about remediating and mitigating the vulnerabilities.

Vulnerability Remediation Work
Explains our remediation process and links to some of our vulnerability resources.

Fixes

documentSecuring Your Web Browser
documentHome Network Security
documentUNIX Configuration Guidelines
documentWindows Intruder Detection Checklist

more...