
Sign up to save your podcasts
Or
Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this SEI podcast, David Svobodaand Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations Directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.
4.5
1818 ratings
Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this SEI podcast, David Svobodaand Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations Directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.
272 Listeners
1,847 Listeners
361 Listeners
627 Listeners
0 Listeners
630 Listeners
273 Listeners
201 Listeners
7,861 Listeners
167 Listeners
187 Listeners
0 Listeners
117 Listeners
33 Listeners
47 Listeners
428 Listeners
82 Listeners