programming
Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ …
Redefining the role of security in software development
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to …
Project Springfield: Cloud-based fuzz testing for uncovering million-dollar bugs
This Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while. David Molnar and …
Fresh Bluetooth Developer Toolkit line tackles IoT security, interoperability
The Bluetooth Special Interest Group (SIG) released several updates to its developer toolkit line-up, which enables developers to build smarter when creating things like …
Connected devices riddled with badly-coded APIs, poor encryption
The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI …
Linux kernel development: How fast it’s going and who is doing it
The Linux Foundation analyzed the work done by over 13,500 developers over more than a decade, to provide insight into the Linux kernel development trends and methodologies …
Build serverless, secure apps in the cloud
Swirlds released the SDK for the hashgraph distributed consensus platform, which is free for download (the registration fields are optional). This software development …
Flawed code hooking engines open endpoints to compromise
Six common security issues stemming from the incorrect implementation of code hooking and injection techniques have been unearthed by EnSilo researchers in over 15 different …
Microsoft creates Checked C extension to prevent common coding errors
Fixing vulnerabilities in completed software and systems is all good and well, but with Checked C, an extension for the C programming language, Microsoft researchers want to …
How programmers can be tricked into running bad code
Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The …
Improving software security through a data-driven security model
The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along …
OWASP set to address API security risks
OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security. The new OWASP API Security Project …