IT products developed without due consideration of security issues have caused many security accidents over the last ten years. As a result, the importance of security in software development is increasing. It is impo...
详细信息
ISBN:
(纸本)9783642271410
IT products developed without due consideration of security issues have caused many security accidents over the last ten years. As a result, the importance of security in software development is increasing. It is important to ensure that no known vulnerabilities remain in the design, development, and test stage, in order to develop secure IT products. Even when an IT product is designed securely, various security vulnerabilities can occur, such as buffer overflow, if the general coding technique is used at the development stage. Therefore, the introduction of securecoding rules becomes most critical in developing a robust information security product. This paper proposes a method of applying a securecodingstandard in the cc evaluation process. The proposed method is expected to contribute to improving the security of IT products in the cc evaluation process.
The article discusses the security in c programming language. critics claim that the decades-old c programming language is inherently insecure. The author disagrees. Programmers just have to use security tools to fix ...
详细信息
The article discusses the security in c programming language. critics claim that the decades-old c programming language is inherently insecure. The author disagrees. Programmers just have to use security tools to fix software *** in recent years has identified the root cause of many of the vulnerabilities typically found in c/c++ code. codingstandards such as the cert c secure coding standard help programmers avoid the associated pitfalls. However, without automated tools to check for non-compliance, it is, arguably, more or less impossible for a programmer to deliver fault-free code. Software analysis tools for staticcode analysis are available to enforce compliance with the guidelines recommended by these established codingstandards. They can perform in-depth, systemwide analysis of the code, and can utilise formal methods to ensure that system security is not compromised. Software tools enforce compliance with the guidelines recommended by established codingstandards.
暂无评论