The school year is well underway, so David Svoboda, Dean Sutherland, and Robert Seacord all escaped to the JavaOne 2013 conference where we enjoyed San Francisco and gave several talks:
All three presentations were well attended, well-received, and recorded. These recordings will be made available on the JavaOne website soon.
JavaOne contained many fascinating presentations about the use of Java in the cloud, on the desktop, and in embedded devices. One of the new features of Java 8, lambda functions, has many people excited and will doubtless provide some interesting security ramifications. There were also many talks about alternative languages, such as Scala, running on the JVM.
Our presentations were part of a new track: *Securing Java*. This track contained many other fascinating talks ranging from malware analysis to upcoming security features in Java 8.
Security in Java is a top priority at Oracle, who has delayed the release of Java 8 to address a number of security issues in Java 7. Oracle has invited David Svoboda from CERT to meet with Oracle's security staff at an event organized for its Security Customer Advisory Council (SCAC), an advisory board established by Oracle to discuss security assurance policies and practices, including Java platform security concerns and mitigation practices.
CERT is also promoting Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, which was the best-selling book at the JavaOne conference. Our previous book, The CERT Oracle Secure Coding Standard for Java, sold out at the conference book store.
We are still working hard to complete the second edition of the CERT C Secure Coding Standard, which will be published in a forthcoming published by Addison-Wesley and available in Spring, 2014. To do so, we need your help in reviewing the content and submitting comments on the wiki or by email. Please provide your comments by as as soon as possible, so that we will have time to incorporate them before publication. If you would like to contribute to this or other efforts, and want to contact us privately, please send email to [email protected].
New Feature! As a reader of this eNewsletter, we want to hear from you. How are you using CERT Secure Coding Standards?
Write to us and we may feature your work.