Welcome to the Summer 2016 Edition of the CERT Secure Coding Standards eNewsletter!
Another season is upon us, and we have been busy with the upcoming and recent events and activities described in this newsletter. We hope you had a great summer and are getting ready for the fall (and new fiscal year for some).
Register Now!
Our Secure Coding Symposium is scheduled for 8 September 2016 in the Arlington, VA area. We will have great speakers from government, industry, and academia who will talk about future trends affecting Secure Coding, including keynotes from Dr. Peter Fonash of DHS and Mary Ann Davidson of Oracle. Registration for the symposium is still open; there are fewer than 20 seats still available!
C++ Standard Reviewers Needed
The SEI CERT C++ Coding Standard is entering the final technical review stage before its pending publication later this Fall. Anyone interested in the content of the standard should review topics and mention any issues or suggestions as a comment on the rules pages so that we can address all issues and respond to questions. We are focusing on the rules (not the recommendations) at this time. We plan to publish the CERT C++ Coding Standard as a free PDF, similar to the release of the SEI CERT C Coding Standard. We appreciate all help in making sure that the standard reflects the best practices of the community. All constructive contributors will be recognized in the standard when published. CERT Secure Coding in Java Professional Certificate Released
In these certificate programs, students take two courses of self-paced, online material and complete a required examination. The certificate programs are especially helpful for providing secure coding training for very large groups of developers, or for individuals or small teams of developers. We also offer instructor-led training at customer sites, designed for groups of 15-30 per delivery session.
Upcoming Events
Don't forget to register for our Secure Coding Symposium on 8 September, 2016 in the Arlington VA area.
CERT, the Software Engineering Institute, and Carnegie Mellon University are hosting the upcoming ISO WG14/PL22.11 C Standard meeting in Pittsburgh on 17-21 October 2016. Several members of our team will be participating, including Dan Plakosh, Aaron Ballman, and David Svoboda. Lori Flynn is chair of the SPLASH co-hosted workshop, Mobile! 2016, which will take place 31 October, 2016 in Amsterdam, The Netherlands. Please consider submitting a paper or just attending this workshop on mobile application development and analysis. David Svoboda will give three presentations at JavaOne 2016 in September:
Mark Sherman presented "Risks in the Software Supply Chain," at Abstractions on 18-20 August 2016 in Pittsburgh, PA.
SEI CERT Secure Coding Standard Updates
CERT C Coding Standard
Editors: Aaron Ballman, SEI/CERT
Martin Sebor, Red Hat, Inc.
Changed
No C rules were added or removed.
New Clang Checkers
CERT C++ Secure Coding Standard
Editors: Aaron Ballman, SEI/CERT
Martin Sebor, Red Hat, Inc.
Added
Changed
Removed
New Clang Checkers
CERT Oracle Secure Coding Standard for Java
Editors: David Svoboda, SEI/CERT
Brad Senetza, Oracle
Changed
No Java rules were added or removed.
CERT Secure Coding Standard for Android
Editors: Fred Long, Aberystwyth University
Lori Flynn, SEI/CERT
No Android rules were added, removed, deprecated, or substantively changed.
CERT Perl Secure Coding Standard
Editor: David Svoboda, SEI/CERT
No Perl rules were added, removed, deprecated, or substantively changed.
Our People
In the eNewsletter, we highlight the staff members behind our secure coding research. This issue we feature Aaron Ballman.
Aaron Ballman is a Software Security Engineer at CERT. He is an active developer on the Clang open source C/C++/Objective-C compiler, focusing primarily on front-end development. Aaron has over a decade of experience writing commercial compilers for various programming languages, as well as developing cross-platform C and C++ frameworks. He is the author of Ramblings on REALbasic (2009), the CERT C++ Coding Standard (Coming Soon!), and one of the authors of the CERT C Coding Standard (2014). He is currently a voting member of ISO/IEC JTC1/SC22/WG21, the C++ standards committee.
When he's not writing code, Aaron is a Women's Flat Track Roller Derby official who skates under the name Flash Drive, a director for Penobscot Community Health Care, and the caretaker of two dogs, two cats, and six chickens.
|