Secure Development
Secure development refers to the set of tools, practices, and approaches created by the SEI to reduce vulnerabilities by eliminating coding errors.
Subscribe to this topicBlog Posts
AI-Powered Memory Safety with the Pointer Ownership Model
This post highlights work to automate C Code Security with AI-Powered memory safety.
Read More•By David Svoboda, Lori Flynn
In Secure Development
Managing Security and Resilience Risks Across the Lifecycle
This post introduces the Security Engineering Framework, a schema of software-focused engineering practices that acquisition programs can use to manage security and resilience risks across the lifecycle.
Read More•By Christopher J. Alberts, Charles M. Wallen, Carol Woody, Michael S. Bandor
In Secure Development
Detection and Repair: The Cost of Remediation
This year, we plan on making some exciting updates to the SEI CERT C Coding Standard. This blog post is about one of our ideas for improving the standard.
Read More•By David Svoboda
In Secure Development
Measurement Challenges in Software Assurance and Supply Chain Risk Management
This SEI Blog post examines the current state of measurement in software assurance and supply chain management, with a particular focus on open source software, and highlights promising measurement approaches.
Read More•By Nancy R. Mead, Carol Woody, Scott Hissam
In Secure Development
What Recent Vulnerabilities Mean to Rust
In recent weeks several vulnerabilities have rocked the Rust community causing many to question its safety. This post examines two such vulnerabilities.
Read More•By David Svoboda
In Secure Development
The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain
This post presents a framework to promote the use of SBOMs and establish practices and processes that organizations can leverage as they build their programs.
Read More•By Christopher J. Alberts, Michael S. Bandor, Charles M. Wallen, Carol Woody
In Secure Development
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
Read More•By Garret Wassermann, David Svoboda
In Secure Development
Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
Read More•By Joe Sible, David Svoboda
In Secure Development
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
Read More•By Scott Hissam
In Secure Development
11 Leading Practices When Implementing a Container Strategy
While containers are frequently lauded in the latest software development trends, switching from using virtual machines and deploying an organization-wide container strategy remains non-trivial.
Read More•By Andrew O. Mellinger, William Nichols, Jay Palat
In Secure Development
