
Why Can’t Johnny Program Securely?

The October 2022 tech talk was presented by Robert Seacord
Abstract
Secure coding (unsurprisingly) is hard. Our educational systems have failed to properly prepare students, and our assessments have overestimated their abilities. Analysis and testing is useful but inadequate. This presentation will discuss the gap in qualified secure coders and what we can do to eliminate it.
About the Presenter
Robert C. Seacord is the Standardization Lead at Woven Planet, where he works on the software craft. Robert was previously a Technical Director at NCC Group, Secure Coding Manager at Carnegie Mellon’s Software Engineering Institute, and an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University.
He is the author of seven books, including Effective C: An Introduction to Professional C Programming (No Starch Press, 2020), The CERT C Coding Standard, Second Edition (Addison-Wesley, 2014) Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), and Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2014). He has also published more than 50 papers on software security, component- based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert has been teaching secure coding in C and C++ to private industry, academia, and government since 2005. He started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering; he also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert is on the advisory board for the Linux Foundation and is an expert at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.