Secure Coding Research
Secure Coding team members are involved in the following areas of research.
Thread role analysis research focuses on flaws involving incorrect thread usage. These flaws lead to vulnerabilities such as race conditions and deadlock.
C and C++ are prone to errors that can lead to buffer overflows and other exploitable vulnerabilities. The Secure Coding team is researching how to solve these problems intelligently.
The Mobile Standards and Analysis research extends CERT Secure Coding Standards and our software analysis (SCALe) research and development to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8.
The API Usability and Security research studies how to design APIs that are usable by programmers for developing secure code.
The Secure Coding Initiative coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.
Incorrect use of pointers is a common source of bugs and vulnerabilities in C and C++. We are working on an approach that helps developers ensure that their designs and code are secure.
Integer overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. The Secure Coding team has worked on a number of solutions for addressing the issue of integer security.
Subscribe to Our eNewsletter
In July 2013, we began publishing an eNewsletter to provide timely information about updates to CERT secure coding standards, related news, and events.
Develop Coding Standards with Us
Contribute to the CERT Secure Coding Standards wiki to help develop standards that work in the real world.