http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Secure Codingen-usMon, 06 Jan 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2024/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents the top 10 most-visited posts of 2024, highlighting our work in software acquisition, artificial intelligence, large language models, secure coding, and more.Bill ScherlisMon, 06 Jan 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2024/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingInsider ThreatArtificial Intelligence EngineeringMachine LearningAI Engineering and Machine LearningAcquisition Transformationhttps://www.sei.cmu.edu/blog/evaluating-static-analysis-alerts-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLLMs show promising initial results in adjudicating static analysis alerts, offering possibilities for better vulnerability detection. This post discusses initial experiments using GPT-4 to evaluate static analysis alerts.William Klieber, Lori FlynnMon, 07 Oct 2024 00:00:00 -0400https://www.sei.cmu.edu/blog/evaluating-static-analysis-alerts-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic AnalysisAI Engineering and Machine LearningSecure Codinghttps://www.sei.cmu.edu/blog/redemption-a-prototype-for-automated-repair-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.David SvobodaMon, 10 Jun 2024 00:00:00 -0400https://www.sei.cmu.edu/blog/redemption-a-prototype-for-automated-repair-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingTestingStatic Analysishttps://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesKey features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE workLori FlynnMon, 25 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesContinuous Deployment of CapabilitySCALE: A Static Analysis Auditing ToolSecure CodingMachine LearningStatic AnalysisStatic Analysis Classification and PrioritizationSecure DevelopmentArtificial IntelligenceSource Code Analysis Integrated Framework Environment (SCAIFE)https://www.sei.cmu.edu/blog/automated-code-repair-to-ensure-memory-safety/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMemory-safety vulnerabilities are among the most common and most severe types of software vulnerabilities. In early 2019, a memory vulnerability in the iPhone iOS....William KlieberMon, 24 Feb 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/automated-code-repair-to-ensure-memory-safety/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure Developmenthttps://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....David SvobodaMon, 01 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity-Related RequirementsSecure CodingCyber Risk and Resilience ManagementStatic AnalysisCybersecuritySecure DevelopmentCyber MissionsBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/using-the-sei-cert-coding-standards-to-improve-security-of-the-internet-of-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....David SvobodaMon, 11 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/using-the-sei-cert-coding-standards-to-improve-security-of-the-internet-of-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity-Related RequirementsSecure CodingSecure DevelopmentCyber MissionsInternet of Thingshttps://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer must....Lori Flynn, Ebonie McNeilMon, 17 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSCALE: A Static Analysis Auditing ToolSecure CodingStatic Analysis Classification and PrioritizationSecure DevelopmentCyber Missionshttps://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExperience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....Lori FlynnMon, 24 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure DevelopmentStatic Analysis Classification and PrioritizationCyber MissionsSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/obsidian-a-new-more-secure-programming-language-for-blockchain/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBillions of dollars in venture capital, industry investments, and government investments are going into the technology known as blockchain....Eliezer KanalTue, 04 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/obsidian-a-new-more-secure-programming-language-for-blockchain/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingCybersecuritySecure DevelopmentHuman-Machine InteractionsAdvanced ComputingBlockchainhttps://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....Tom ScanlonMon, 20 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsCybersecuritySecure CodingSecurity-Related RequirementsSoftware and Information AssuranceTestingVulnerability AnalysisSecure Developmenthttps://www.sei.cmu.edu/blog/ipv6-adoption-4-questions-and-answers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIPv6 deployment is on the rise. Google reported that as of July 14 2018, 23.94 percent of users accessed its site via IPv6, up 6.16 percent from that same date in 2017....Joseph MayesMon, 13 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/ipv6-adoption-4-questions-and-answers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBest Practices in Network SecurityCyber MissionsSecure CodingSecurity-Related RequirementsIPV6Secure Developmenthttps://www.sei.cmu.edu/blog/test-suites-as-a-source-of-training-data-for-static-analysis-alert-classifiers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNumerous tools exists to help detect flaws in code. Some of these are called flaw-finding static analysis (FFSA) tools because they identify flaws by analyzing code without running it....Lori Flynn, Zachary KurtzMon, 30 Apr 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/test-suites-as-a-source-of-training-data-for-static-analysis-alert-classifiers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure DevelopmentSecure Codinghttps://www.sei.cmu.edu/blog/inference-of-memory-bounds-preventing-the-next-heartbleed/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about research aimed at detecting intended memory bounds of given pointers, helping to prevent vulnerabilities like HeartBleed in this SEI Blog post.William KlieberMon, 04 Dec 2017 00:00:00 -0500https://www.sei.cmu.edu/blog/inference-of-memory-bounds-preventing-the-next-heartbleed/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure DevelopmentSecure CodingAutonomy and Counter-Autonomyhttps://www.sei.cmu.edu/blog/cert-c-secure-coding-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post highlights distinctive rules from the SEI CERT C++ Coding Standard, a freely downloadable guide for secure C++ coding practices.David SvobodaMon, 17 Apr 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/cert-c-secure-coding-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceSecure DevelopmentSecure Codinghttps://www.sei.cmu.edu/blog/prioritizing-security-alerts-a-dod-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDetailing collaboration with the DoD, the second post in this SEI series highlights field testing of the organization's analysis of 100M lines of code.Lori FlynnMon, 23 Jan 2017 00:00:00 -0500https://www.sei.cmu.edu/blog/prioritizing-security-alerts-a-dod-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingAutonomy and Counter-AutonomySoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure Developmenthttps://www.sei.cmu.edu/blog/automated-code-repair-in-the-c-programming-language/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post describes research on automated code repair for faster, cheaper elimination of security vulnerabilities in C and other programming languages.William KlieberMon, 16 Jan 2017 00:00:00 -0500https://www.sei.cmu.edu/blog/automated-code-repair-in-the-c-programming-language/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure DevelopmentSecure CodingAutonomy and Counter-Autonomyhttps://www.sei.cmu.edu/blog/resilience-secure-coding-data-science-insider-threat-and-scheduling-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the SEI's recently released publications on resilience, effective cyber workforce development, secure coding, data science, and insider threat.Douglas SchmidtMon, 17 Oct 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/resilience-secure-coding-data-science-insider-threat-and-scheduling-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure Developmenthttps://www.sei.cmu.edu/blog/secure-coding-in-c11-and-c14/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI blog post advises on avoiding deprecated functions in C++11 and C++14 to prevent vulnerabilities, and provides guidance on identification and replacement.Aaron BallmanMon, 26 Sep 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/secure-coding-in-c11-and-c14/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure DevelopmentSecure Codinghttps://www.sei.cmu.edu/blog/prioritizing-alerts-from-static-analysis-to-find-and-fix-code-flaws/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores the importance of prioritizing alerts from static analysis tools to effectively identify and fix code flaws in software development.Lori FlynnMon, 06 Jun 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/prioritizing-alerts-from-static-analysis-to-find-and-fix-code-flaws/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingAutonomy and Counter-AutonomySoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure Development