Conferences and supporting programme
Navigating the Jungle of the Secure Coding Standards
In a world where software can be found everywhere and potential security holes can be exploited at any time to gain unprivileged access to important systems, most organizations make some efforts to ensure the software they produce is safe and secure. Usually this is done in the form of black-box testing or penetration testing, which is great, but an even better way is of course to produce software that is more secure and reliable in the first place. To do so, it is helpful to leverage industry coding standards, but there is a veritable jungle of information to tackle, including security coding standards (i.e. CERT, OWASP, CWE) and numerous domain-specific standards (i.e. MISRA, AUTOSAR, and a whole family of IEC 61508-based standards). It can be challenging to determine the set of coding standards that should be applied to a specific project, and even more challenging to do so in the middle of software development, when the already-existing software needs to suddenly be tuned to comply to such a standard. In this presentation, we will narrow the path to domain-specific secure coding techniques and standards. In addition to identifying their differentiators and how they can complement each other, we will present techniques for choosing the right set of coding standards and dealing with a large number of violations when the coding standard is applied to the existing code base.
--- Date: 26.02.2019 Time: 10:00 AM - 10:30 AM Location: Conference Counter NCC Ost