Development Tools and Libraries

• Secure C compiler research
  The CERT Program’s secure C compiler will eventually eliminate important classes of vulnerabilities, including writing outside the bounds of an object, reading outside the bounds of an object, and arbitrary reads/writes.
• Integral security
  Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. We have been working on a number of solutions for addressing the issue of integral security, including the AIR prototype.
• Automated analysis tools
  The CERT Program is working with analyzer vendors and researchers to advance the state of the practice in vulnerability discovery.