Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Conference Talks – February/March 2021

Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), & Kay Williams (Microsoft), "Frontiers in Securing the Open Source Ecosystem," to be presented at FOSS Backstage (Virtual - February 10-12 2021)Robert Seacord (NCC Group) & … Continue reading Conference Talks – February/March 2021

Past, Present and Future of Effective C

Dennis Ritchie and Ken Thompson invented the C Programming Language at Bell Telephone Laboratories  in 1972 [Ritchie 1993]. The C Language is a highly successful system programming language that can work with a wide range of computing hardware and architectures. Nearly 50 years later, C remains as vital and popular as ever. System languages are … Continue reading Past, Present and Future of Effective C

Story of a Hundred Vulnerable Jenkins Plugins

Jenkins is an open source tool supporting building, deploying and automating software development and delivery, and can be extended by plugins to introduce additional functionalities like Active Directory authentication, or solve reoccurring tasks such as executing a static code analyser or copying a compiled software to a CIFS share. Similar to WordPress, the core framework … Continue reading Story of a Hundred Vulnerable Jenkins Plugins

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction We’ve seen a sharp rise in the last five years or so in the amount of security assurance and research activities we’re asked to undertake in the embedded system space. This has naturally led us to working increasingly with the Internet of Things (IoT) in a variety of different guises. In response to this … Continue reading Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond