Robert C. Seacord (born June 5, 1963) is an American computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.
Robert C. Seacord (born June 5, 1963) is an American computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.
Seacord earned a Bachelor's degree in computer science from Rensselaer Polytechnic Institute in December 1983. He has also completed graduate-level courses at Carnegie-Mellon University in software design, creation and maintenance; user interfaces; software project management; formal methods; human factors; operating systems; and entrepreneurship.[ citation needed ]
Seacord began programming professionally for IBM in 1984, working in processor development, then communications and operating system software, and software engineering. He led the Secure Coding Initiative in the CERT Division of Carnegie Mellon University's Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania until 1991, working on the User Interface Project. [1] He also has worked at the X Consortium in Cambridge, Massachusetts, where he developed and maintained code for the Common Desktop Environment and the X Window System. He returned to SEI in 1996, working on component-based software engineering and joined CERT in 2003. [2] He left CERT and the SEI and joined NCC Group in 2015, [3] as a Technical Director.
Seacord was an adjunct professor in the Carnegie Mellon School of Computer Science and in the Information Networking Institute. [3] He was also a part-time faculty member at the University of Pittsburgh. [4]
Seacord is on the Advisory Board for the Linux Foundation [5] and convenor for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language. [6] He co-wrote the 2016 Facebook osquery audit. [7]
In February 2022 Seacord joined Woven by Toyota, Inc., where he is Standardization Lead, working with Toyota and its suppliers on quality software development. [8]
Ada is a structured, statically typed, imperative, and object-oriented high-level programming language, inspired by Pascal and other languages. It has built-in language support for design by contract (DbC), extremely strong typing, explicit concurrency, tasks, synchronous message passing, protected objects, and non-determinism. Ada improves code safety and maintainability by using the compiler to find errors in favor of runtime errors. Ada is an international technical standard, jointly defined by the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). As of May 2023, the standard, called Ada 2022 informally, is ISO/IEC 8652:2023.
Martin Fowler is a British software developer, author and international public speaker on software development, specialising in object-oriented analysis and design, UML, patterns, and agile software development methodologies, including extreme programming.
Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University. The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.
James Arthur Gosling is a Canadian computer scientist, best known as the founder and lead designer behind the Java programming language.
Software design pattern refers to a reusable, proven solution to a specific, recurring problem typically focused on component-level design, though they can sometimes span multiple components. Design patterns address specific issues related to object creation, interaction, or behavior.
Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf . A malicious user may use the %s and %x format tokens, among others, to print data from the call stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf and similar functions to write the number of bytes formatted to an address stored on the stack.
Watts S. Humphrey was an American pioneer in software engineering who was called the "father of software quality."
Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U.S. Government contracts, especially in software development. CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization.
In the context of software engineering, software quality refers to two related but distinct notions:
Herb Sutter is a prominent C++ expert. He is also an author of several books on C++ and was a columnist for Dr. Dobb's Journal.
Secure by design, in software engineering, means that software products and capabilities have been designed to be foundationally secure.
Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).
The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.
In computing, a zip bomb, also known as a decompression bomb or zip of death (ZOD), is a malicious archive file designed to crash or render useless the program or system reading it. The older the system or program, the less likely it is that the zip bomb will be detected. It is often employed to disable antivirus software, in order to create an opening for more traditional malware.
In computer science, attack patterns are a group of rigorous methods for finding bugs or errors in code related to computer security.
LDRA, previously known as the Liverpool Data Research Associates, is a privately held company producing software analysis, testing, and requirements traceability tools for the public and private sectors. It is involved static and dynamic software analysis.
ECLAIR is a commercial static code analysis tool developed by BUGSENG, LLC for automatic analysis, verification, testing and transformation of C and C++ programs.
ThreadSafe is a source code analysis tool that identifies application risks and security vulnerabilities associated with concurrency in Java code bases, using whole-program interprocedural analysis. ThreadSafe is used to identify and avoid software failures in concurrent applications running in complex environments.
The SEI CERT Coding Standards are software coding standards developed by the CERT Coordination Center to improve the safety, reliability, and security of software systems. Individual standards are offered for C, C++, Java, Android OS, and Perl.
CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.
| International | |
|---|---|
| National | |
| Academics | |
| Other | |
