Better Living Through Security Coding Standards
Security for IoT and embedded devices is essentially a mess. If you’re not aware of it by now, stop and take a minute to check out my IoT Hall-of-Shame. I still have a backlog of probably 20 hacks over the last few weeks to add to the list there. Finding out that some IoT device has been hacked is such a regular occurrence that it often gets no attention in the news.
I have often used the collage below as a kind of trick question in presentations. I’ll ask “which of these devices are hackable?” and of course the answer is all of them. In fact, the devices in this list aren’t just hackable, but have already been hacked. I started using this kind of picture a few years back with just a handful of devices. Today I can’t put them all in a single collage because they’d be too small- there are hundreds of them!
Devices that have been hacked
There are a lot of people who think that software and cybersecurity situation is inevitable – that the problem is just too difficult and basically it’s not going to get any better. I’m not one of those people, I happen to believe than we can do a better job at securing embedded devices and software systems in general. If you look at successful attacks, all too often you find that they’re not overly sophisticated, but rather exploit software vulnerabilities that have been well understood for years and for which there are very good mitigating strategies.
That’s where the SEI CERT Secure Coding Standard comes in. It outlines basic things you should do (or NOT do) when creating secure software. The way to check your code against a standard like CERT is to use a static analysis tool, like Parasoft C/C++test. Now I know that there are challenges in doing static analysis and software security, but I’ve got some pretty good ideas to make sure that what you’re doing will be a help rather than a burden.
I’m doing a joint webinar with David Svoboda from SEI CERT and we’re going to talk about what the SEI CERT Secure Coding Standard is, how to understand and use it, and how to successfully deploy static analysis to build security into your software rather than trying to test it in like people are doing today. Coding standards are the sound engineering basic for safe, secure, reliable software.
Join us on September 27th for this educational and entertaining webinar: register here.
Better Living Through Security Coding Standards originally appeared on Code Curmudgeon on September 19, 2018.
The post Better Living Through Security Coding Standards appeared first on Code Curmudgeon.
http://codecurmudgeon.com/wp Twitter: @codecurmudgeon
Source: https://codecurmudgeon.com/wp/2018/09/better-living-through-security-coding-standards/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).
| Online: | |
| Visits: | 1,599,604,682 |
| Stories: | 8,139,637 |
Whistler Blowers, Insiders
