Robert C. Seacord

Last updated
Robert C. Seacord Rcs-bust.jpg
Robert C. Seacord

Robert C. Seacord (born June 5, 1963) is an American computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.

Contents

Education

Seacord earned a Bachelor's degree in computer science from Rensselaer Polytechnic Institute in December 1983. He has also completed graduate-level courses at Carnegie-Mellon University in software design, creation and maintenance; user interfaces; software project management; formal methods; human factors; operating systems; and entrepreneurship.[ citation needed ]

Career

Seacord began programming professionally for IBM in 1984, working in processor development, then communications and operating system software, and software engineering. He led the Secure Coding Initiative in the CERT Division of Carnegie Mellon University's Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania until 1991, working on the User Interface Project. [1] He also has worked at the X Consortium in Cambridge, Massachusetts, where he developed and maintained code for the Common Desktop Environment and the X Window System. He returned to SEI in 1996, working on component-based software engineering and joined CERT in 2003. [2] He left CERT and the SEI and joined NCC Group in 2015, [3] as a Technical Director.

Seacord was an adjunct professor in the Carnegie Mellon School of Computer Science and in the Information Networking Institute. [3] He was also a part-time faculty member at the University of Pittsburgh. [4]

Seacord is on the Advisory Board for the Linux Foundation [5] and convenor for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language. [6] He co-wrote the 2016 Facebook osquery audit. [7]

In February 2022 Seacord joined Woven by Toyota, Inc., where he is Standardization Lead, working with Toyota and its suppliers on quality software development. [8]

Selected publications

Books

Videos

Selected articles

Related Research Articles

<span class="mw-page-title-main">Ada (programming language)</span> High-level programming language first released in 1980

Ada is a structured, statically typed, imperative, and object-oriented high-level programming language, inspired by Pascal and other languages. It has built-in language support for design by contract (DbC), extremely strong typing, explicit concurrency, tasks, synchronous message passing, protected objects, and non-determinism. Ada improves code safety and maintainability by using the compiler to find errors in favor of runtime errors. Ada is an international technical standard, jointly defined by the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). As of May 2023, the standard, called Ada 2022 informally, is ISO/IEC 8652:2023.

<span class="mw-page-title-main">Martin Fowler (software engineer)</span> American software developer, author and public speaker

Martin Fowler is a British software developer, author and international public speaker on software development, specialising in object-oriented analysis and design, UML, patterns, and agile software development methodologies, including extreme programming.

In computer programming and software design, code refactoring is the process of restructuring existing computer code—changing the factoring—without changing its external behavior. Refactoring is intended to improve the design, structure, and/or implementation of the software, while preserving its functionality. Potential advantages of refactoring may include improved code readability and reduced complexity; these can improve the source code's maintainability and create a simpler, cleaner, or more expressive internal architecture or object model to improve extensibility. Another potential goal for refactoring is improved performance; software engineers face an ongoing challenge to write programs that perform faster or use less memory.

<span class="mw-page-title-main">Software Engineering Institute</span> Federally funded research center in Pittsburgh, Pennsylvania, United States

Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University. The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.

<span class="mw-page-title-main">James Gosling</span> Canadian computer scientist

James Gosling is a Canadian computer scientist, best known as the founder and lead designer behind the Java programming language.

In software engineering, a design pattern describes a relatively small, well-defined aspect of a computer program in terms of how to write the code.

Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf . A malicious user may use the %s and %x format tokens, among others, to print data from the call stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf and similar functions to write the number of bytes formatted to an address stored on the stack.

Watts S. Humphrey was an American pioneer in software engineering who was called the "father of software quality."

Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U.S. Government contracts, especially in software development. CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization.

In the context of software engineering, software quality refers to two related but distinct notions:

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

In computer science, attack patterns are a group of rigorous methods for finding bugs or errors in code related to computer security.

<span class="mw-page-title-main">LDRA</span> Software companies of the United Kingdom

LDRA is an independent, privately owned, provider of software analysis, test, and requirements traceability tools for the Public and Private sectors.

ECLAIR is a commercial static code analysis tool developed by BUGSENG, LLC for automatic analysis, verification, testing and transformation of C and C++ programs.

<span class="mw-page-title-main">ThreadSafe</span>

ThreadSafe is a source code analysis tool that identifies application risks and security vulnerabilities associated with concurrency in Java code bases, using whole-program interprocedural analysis. ThreadSafe is used to identify and avoid software failures in concurrent applications running in complex environments.

Bill Curtis is a software engineer best known for leading the development of the Capability Maturity Model and the People CMM in the Software Engineering Institute at Carnegie Mellon University, and for championing the spread of software process improvement and software measurement globally. In 2007 he was elected a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to software process improvement and measurement. He was named to the 2022 class of ACM Fellows, "for contributions to software process, software measurement, and human factors in software engineering".

The SEI CERT Coding Standards are software coding standards developed by the CERT Coordination Center to improve the safety, reliability, and security of software systems. Individual standards are offered for C, C++, Java, Android OS, and Perl.

CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

Nancy Rose Mead is an American computer scientist. She is known for her contributions to security, software engineering education and requirements.

References

  1. "Robert C. Seacord | US-CERT". www.us-cert.gov. Retrieved 2018-10-10.
  2. Chisnall, David; Seacord, Robert C. (2008-12-15). Robert Seacord on the CERT C Secure Coding Standard.
  3. 1 2 "Renowned secure coding expert and author joins NCC Group's US team". www.nccgroup.trust. 4 November 2015. Retrieved 28 January 2018.
  4. "CoMeT : Dangerous Optimizations and a Loss of Causality. Speaker bio". halley.exp.sis.pitt.edu. September 11, 2010. Retrieved 2020-12-20.
  5. "Core Infrastructure Initiative Advisory Board". The Linux Foundation. 2020. Retrieved December 19, 2020.
  6. "New Convenor" . Retrieved 14 September 2023.
  7. Salas, Ralph; Rahimi, Andrew; Seacord, Robert (March 11, 2016). "OSQuery Application Security Assessment" (PDF). NCCGROUP.
  8. "Secure Coding and Integers (Show notes)". cppcast.com. 2022-03-03. Retrieved 2022-04-14.