Secure Coding Research

Secure Coding team members are involved in the following areas of research.

Thread Role Analysis

Thread role analysis research focuses on flaws involving incorrect thread usage. These flaws lead to vulnerabilities such as race conditions and deadlock.

Compiler-Enforced Buffer Overflow Elimination

C and C++ are prone to errors that can lead to buffer overflows and other exploitable vulnerabilities. The Secure Coding team is researching how to solve these problems intelligently.

Mobile Standards and Analysis

The Mobile Standards and Analysis research extends CERT Secure Coding Standards and our software analysis (SCALe) research and development to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8. 

API Usability and Security

The API Usability and Security research studies how to design APIs that are usable by programmers for developing secure code.

Secure Coding Standards

The Secure Coding Initiative coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

Pointer Ownership Model

Incorrect use of pointers is a common source of bugs and vulnerabilities in C and C++. We are working on an approach that helps developers ensure that their designs and code are secure.

Integer Security

Integer overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. The Secure Coding team has worked on a number of solutions for addressing the issue of integer security.

Subscribe to Our eNewsletter

In July 2013, we began publishing an eNewsletter to provide timely information about updates to CERT secure coding standards, related news, and events.

Subscribe

 

Develop Coding Standards with Us

Contribute to the CERT Secure Coding Standards wiki to help develop standards that work in the real world.