The primary cause of commonly exploited software vulnerabilities is software defects that could have been
avoided. Through our analysis of thousands of vulnerability reports, the CERT/CC has observed that most of them stemmed from a relatively small number of root causes. If we can
identify the root causes of vulnerabilities and develop secure coding practices for illustration, software producers may be able to take practical steps to prevent introduction of
vulnerabilities into deployed software systems.
Secure Coding Area
Contains current secure coding projects, publications,
presentations, and related vulnerabilities.
||Secure Coding standards web site|
A collaborative site that provides rules and recommendations
for secure coding practices in the C and C++ programming languages
Malicious Code Analysis
As the volatility of malicious code on the internet
increases, fast and reliable understanding of what the code is doing becomes critical for developing timely countermeasures.
But malicious code analysis today requires laborious code reading by security experts that can take days of effort, delaying
an effective response. Our work focuses on techniques for analyzing malicious code more efficiently.
Our vulnerability analysis work focuses on addressing the number of
vulnerabilities in software that is being developed and the number of
vulnerabilities in software that is already deployed. Our efforts are
divided into two areas: vulnerability discovery and vulnerability
Vulnerability Analysis Work
Explains the scope of our work and links to more information about our
vulnerability discovery and vulnerability remediation efforts, as well
as some of our vulnerability resources.