secure programming


Visible to the public Collaborative: Development and Testing of a Secure Programming Clinic

This capacity building project will create Secure Programming Clinic to enhance student learning and expertise in writing robust, secure software, analogous to a writing clinic in an English department or law school. It provides continual reinforcement of the mechanisms, methods, technologies, and need for programming with security and robustness considerations throughout a student's undergraduate coursework. The clinic would augment courses, not replace them or their content.


Visible to the public EDU: Deploying and Evaluating Secure Programming Education in the IDE

A number of researchers have advocated that secure programming instruction be integrated across a computing curriculum but there have been relatively few efforts examining how to successfully do so. The proposed research expands upon a previous project by focusing on advanced computing students and courses. The proposed activities include expanding ESIDE tool implementation to support a broader range of security guidelines and code, providing increased contextualization of the instructional materials within the tool, and developing materials and practices for faculty adopting the tool.


Visible to the public TWC: Small: Collaborative: Discovering Software Vulnerabilities through Interactive Static Analysis

Software development is a complex and manual process, in part because typical software programs contain more than hundreds of thousands lines of computer code. If software programmers fail to perform critical checks in that code, such as making sure a user is authorized to update an account, serious security compromises ensue. Indeed, vulnerable software is one of the leading causes of cyber security problems. Checking for security problems is very expensive because it requires examining computer code for security mistakes, and such a process requires significant manual effort.