Supply Chain Security Begins with Secure Software Development

by Robert C. Seacord Component-based Software Development Supply chain security is a complex problem that needs to be solved to before we can gain confidence in the quality of the software systems we depend upon. In July 2001, Addison-Wesley Professional  published the Building Systems from Commercial Components book I coauthored with Kurt Wallnau and Scott Hissam. Building software … Continue reading Supply Chain Security Begins with Secure Software Development

The Future of C Code Review

I gave a short talk on the Future of C Code Review at our internal (Not) NCC Con Conference this year (held virtually due to Covid-19) and recorded it for posterity.In this short talk, I focus on optimizations resulting from pointer provenance-based alias analysis that can modify the behavior of code with undefined behaviors. https://www.youtube.com/watch?v=kX1sjaqorWcContinue reading The Future of C Code Review

Past, Present and Future of Effective C

Dennis Ritchie and Ken Thompson invented the C Programming Language at Bell Telephone Laboratories  in 1972 [Ritchie 1993]. The C Language is a highly successful system programming language that can work with a wide range of computing hardware and architectures. Nearly 50 years later, C remains as vital and popular as ever. System languages are … Continue reading Past, Present and Future of Effective C

Improving Software Security through C Language Standards

This blog post describes my history with the C Standards Committee, the work standards organizations are currently doing in software security, and the future of NCC Group's work in improving software security by working with the C Standards Committee and other standardzation efforts. Past I became involved with the C Standards Committee (more formally, ISO/IEC … Continue reading Improving Software Security through C Language Standards