Скачать или смотреть Updating Risk Assessment in the CERT Secure Coding Standard

Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.

#cybersecurity, #securecoding, #cyber, #riskk ‪@TheSEICMU‬

The SEI Podcast Series is available sei.cmu.edu/podcasts and on the following channels:
Apple Podcasts: https://podcasts.apple.com/us/podcast...
TuneIn: https://tunein.com/podcasts/Technolog...
SoundCloud:   / cmu-sei-podcasts  
Spotify: https://open.spotify.com/show/1CAKTiV...