Several weeks ago, I was invited by INTECO to attend the seminar 'Secure Coding in C and C++'. The event took place at INTECO's Cyber-Security headquarters in León, Spain.

It was a great coincidence because Robert, the person teaching this seminar, and I are part of the teams in SEI and Igalia collaborating on browser security.

As you may know, the mission of the National Institute for Communication Technologies (INTECO), located in León (Spain), is to strengthen cybersecurity, trust, and the protection of privacy with respect to services offered within the information society, providing value to the public, businesses, the Spanish Government, the Spanish academic and research network, the information technology sector and strategic sectors in general. It is a huge responsibility though.

This seminar was included in the Program on Excelence in Cibersecurity (PECS) in order to find and promote talent in Cibersecurity. The seminar focused on producing secure programs and designs using C and C++ languages. The seminar ran for four days providing a detailed explanation of common programming errors in C and C++.

Robert organized the material covering the following topics: string management, dynamic memory management, integral security, formatted output and file I/O. The lessons interleaved theory, practical exercises, mapping issues to CERT coding standards and debate around the flaws and vulnerabilities handled.

Robert is a person with long experience in Information Security. He is currently the Secure Coding Technical Manager in the CERT Program of Carnegie Mellon's Software Engineering Institute. I enjoyed a great time talking to him about the state of the art in Information Security, avoidable software defects and vulnerabilities.

At the end, I would like to thank to INTECO for hosting and organizing this event. They did a great job with the materials, infrastructure and organization. Congrats guys!


comments powered by Disqus

Recent Entries