[Editor's Note: Robert Seacord of NCC Group is a longstanding member of the C Standards Committee. In this blog post, he outlines a recently adopted change he proposed to the C Language Standard, to help eliminate double-free vulnerabilities being introduced to C code as a result of zero-sized reallocations of memory.] by Robert Seacord The … Continue reading C Language Standards Update – Zero-size Reallocations are Undefined Behavior
Earlier last month saw the publication an IETF draft NCC Group co-wrote with the UK's National Cyber Security Center titled 'Indicators of Compromise (IoCs) and Their Role in Attack Defence'
Verifiable Random Functions (VRFs) have recently seen a strong surge in popularity due to their usefulness in blockchain applications. Earlier I wrote about what VRFs are, where they can be used, and a few dozen things to consider when reviewing them. In this follow-on blog post, I am pleased to introduce actual working code that … Continue reading Exploring Verifiable Random Functions in Code
This blog post describes my history with the C Standards Committee, the work standards organizations are currently doing in software security, and the future of NCC Group's work in improving software security by working with the C Standards Committee and other standardzation efforts. Past I became involved with the C Standards Committee (more formally, ISO/IEC … Continue reading Improving Software Security through C Language Standards
Introduction We’ve seen a sharp rise in the last five years or so in the amount of security assurance and research activities we’re asked to undertake in the embedded system space. This has naturally led us to working increasingly with the Internet of Things (IoT) in a variety of different guises. In response to this … Continue reading Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond