The primary cause of commonly exploited software vulnerabilities is software defects that could have been avoided. Through our analysis of thousands of vulnerability reports, the CERT/CC has observed that most of them stemmed from a relatively small number of root causes. If we can identify the root causes of vulnerabilities and develop secure coding practices for illustration, software producers may be able to take practical steps to prevent introduction of vulnerabilities into deployed software systems.

Secure Coding Area
Contains current secure coding projects, publications, presentations, and related vulnerabilities.

Secure Coding standards web site A collaborative site that provides rules and recommendations for secure coding practices in the C and C++ programming languages

As the volatility of malicious code on the internet increases, fast and reliable understanding of what the code is doing becomes critical for developing timely countermeasures. But malicious code analysis today requires laborious code reading by security experts that can take days of effort, delaying an effective response. Our work focuses on techniques for analyzing malicious code more efficiently.

Our vulnerability analysis work focuses on addressing the number of vulnerabilities in software that is being developed and the number of vulnerabilities in software that is already deployed. Our efforts are divided into two areas: vulnerability discovery and vulnerability remediation.

Vulnerability Analysis Work
Explains the scope of our work and links to more information about our vulnerability discovery and vulnerability remediation efforts, as well as some of our vulnerability resources.