Interpreting the BSIMM: A SAFECode Perspective on Leveraging Descriptive Software Security Initiatives
نویسنده
چکیده
There are a number of similarities between our work at the Software Assurance Forum for Excellence in Code (SAFECode) and the BSIMM effort. Both SAFECode and the BSIMM are focused on improving software security. Both have published documents1 about software security practices that offer approaches to advancing secure software development. And both the SAFECode and BSIMM papers can be used as part of efforts to
منابع مشابه
Safecode: a Platform for Developing Reliable Software in Unsafe Languages
Many computing systems today are written in weakly typed languages such as C and C++. These languages are known to be “unsafe” as they do not prevent or detect common memory errors like array bounds violations, pointer cast errors, etc. The presence of such undetected errors has two major implications. The first problem is that it makes systems written in these languages unreliable and vulnerab...
متن کاملHunting for Aardvarks: Can Software Security Be Measured?
When you are in charge of building software from the ground up, software security can be encouraged through the use of secure software development methodologies. However, how can you measure the security of a given piece of software that you didn’t write yourself? In other words, when looking at two executables, what does “a is more secure than b” mean? This paper examines some approaches to me...
متن کاملIntel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches
Memory-safety violations are a prevalent cause of both reliability and security vulnerabilities in systems software written in unsafe languages like C/C++. Unfortunately, all the existing software-based solutions to this problem exhibit high performance overheads preventing them from wide adoption in production runs. To address this issue, Intel recently released a new ISA extension—Memory Prot...
متن کاملDoes “Flattening the Curve” Affect Critical Care Services Delivery for COVID-19? A Global Health Perspective
During this coronavirus disease 2019 (COVID-19) global pandemic, nations are taking bold measures to mitigate the spread of Severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infections in order to avoid the overwhelming its critical care facilities. While these “flattening the curve” initiatives are showing signs of impeding the potential surge in COVID-19 cases, it is not known whet...
متن کاملThe Security Twin Peaks
The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect’s choice. This paper provides a practical perspect...
متن کامل