Why Can’t Johnny Program Securely?

October, 2022

The October 2022 tech talk was presented by Robert Seacord

Abstract

Secure coding (unsurprisingly) is hard. Our educational systems have failed to properly prepare students, and our assessments have overestimated their abilities. Analysis and testing is useful but inadequate. This presentation will discuss the gap in qualified secure coders and what we can do to eliminate it.

About the Presenter 

Robert C. Seacord is the Standardization Lead at Woven Planet, where he works on the software craft. Robert was previously a Technical Director at NCC Group, Secure Coding Manager at Carnegie Mellon’s Software Engineering Institute, and an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University.

He is the author of seven books, including Effective C: An Introduction to Professional C Programming (No Starch Press, 2020), The CERT C Coding Standard, Second Edition (Addison-Wesley, 2014) Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), and Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2014). He has also published more than 50 papers on software security, component- based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert has been teaching secure coding in C and C++ to private industry, academia, and government since 2005. He started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering; he  also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert is on the advisory board for the Linux Foundation and is an expert at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.

Past Presentations

Application of Statistical and Other Quantitative Techniques in Software

The February 2023 tech talk was presented by Stephen ShookAbstractThe CMMI has long emphasized use of “statistical and other quantitative techniques” as a best practice for software work. Many organizations struggle with how to apply those techniques. (The ISHPI AIS...

Implementing a Strategy for Excellence

The January 2023 tech talk was presented by Seemin SuleriAbstractIn our pursuit of excellence, we built a strategy that matched the ambition of a competitive e-commerce business. The problem was, where do we start the work: A struggling software department with high...

NAVAIR Process Dashboard Introduction Workshop

Abstract: NAVAIR has hundreds of engineers/professionals using Team Software Process (TSP) or Team Integration Process (TPI) methodologies to plan and track their projects. NAVAIR teams following TSP/TPI use the Process Dashboard tool to implement the methodologies....

Team Process Integration: Half-Day Course

Abstract: This half-day course covers all aspects of the Team Process Integration (TPI) framework. The TPI methodology integrates disciplined project practices that can be applied by many product teams (e.g., software, systems, and test). It is a framework that...

How to Increase Team Performance : A Tale of Two Teams

The June 2022 tech talk was presented by Seemin SuleriAbstract:This is a story of two software teams: one in a large blue-chip corporate environment and another in a small company. This is a tale of how people came together to face challenges and show incredible...

Rules and Submissions for the Watts Humphrey Process Achievement Award

The August 2022 tech talk was presented by Isabel Margarido.AbstractWatts Humphrey was a practitioner and advocate of Software Engineering good practices, also known as the “Father of Software Quality”. His work “laid ground for” CMM, CMMI and he proved the entire...

SEA 2022 Virtual Summit

Software Excellence Alliance professionals from around the world met to celebrate our accomplishments from 2021 and to set the Alliance's 2022 direction for changing the world of software engineering.Jim Over delivered the keynote presentation, sharing his personal...

The Digital Transformation Spiral Model

The March 2022 tech talk was presented by Dr. Barry DwolatzkyAbstract:Digital transformation has become an imperative for organisations in the 21st Century irrespective of size, sector, or geographic location. Studies have shown that a very high percentage of digital...

Changing the Engines without Landing the Plane

The January 2022 tech talk was presented by Robert BentallAbstract:Technical debt is like adding useless ballast to a speeding jet. It just slows everything down. Yet, in most environments, technical debt reduction, infrastructure upgrades, and process improvement...

Being a Leader and Coder – A Survival Guide

The December 2021 tech talk was presented by Dylan GreinerAbstract:Being both a technical leader and an active software engineer at the same time raises many challenges. I present the various techniques and approaches I have both learned and gathered from various...

High-Maturity Scrum with the Process Dashboard

The October 2021 tech talk was presented by David TumaAbstract:Scrum is a popular Agile development method that enables rapid customer feedback and continuous delivery of value. Earned value is a high-maturity planning technique that helps teams to create realistic...

Training Coco – Agile Lessons with a Puppy

The September 2021 tech talk was presented by Jeff PulciniAbstract:Does training a 10-week-old puppy have any relation to Agile and Agile teams? Can training basic commands like sit, stay, and down be useful to Agile teams? What about potty training? Join us as we...

Making SAFe Better from the Bottom Up: Mixing Methods and Tools

The August 2021 Tech Talk was presented by Kimberly WadeAbstract:The Scaled Agile Framework (SAFe) is the leading method for scaling lean and agile practices to large solution delivery. Using SAFe allows large organizations with multiple programs and projects to...

Empowering Virtual Working Groups for Success

Abstract: We’ve all worked on teams where it is impossible to find the latest files, emails get lost, people get left off (or on!) meeting notices and email chains, and worse. Things get even more chaotic when team members are all volunteers and everything is virtual....

SAFe vs. Reality: How Will We Solve the Conflict?

The June 2021 tech talk was presented by Francisco Javier Ruvalcaba MoyaAbstract:“SAFe is the new standard in the software industry; you must code faster.” “You already implemented SAFe, so why are you delaying the release?” Multiple questions appear when SAFe is...

How Owning My Data Leveled Up My Life

The May 2021 Tech Talk was presented by Alex PowellAbstract:People are often pressured to deliver a plan in line with schedules created by inaccurate estimates. As we know, this leads to products that under-deliver and are over-budget. Applying solid methodologies,...

Share This