November 14-16, Berlin, Germany
November 18-23, Wrocław, Poland
November 25, Wrocław, Poland
February 10-15, Hagenberg, Austria
March 19-21, Madrid, Spain
April 1-4, Bristol, UK
June 16-21, Sofia, Bulgaria
By Jordi Mon Companys | Jun 27, 2024 07:33 AM | Tags: safety
Sean Baxter demonstrates memory safe C++ using his Circle compiler
Safe C++
Sean Baxter
From the talk:
Does a subset of a superset of C++ exists that achieves similar safety guarantees to rust, is useful and expressive enough, and is compatible with today's C++? If so, is anyone mad enough to do it? There is an answer to that
By Jordi Mon Companys | Mar 27, 2023 10:02 PM | Tags: security safety c++20
An interview in Software Engineering Daily with Bjarne on the recent announcements by the NSA and the forthcoming CRA from the EU against the use of C++ based on security concerns.
Hardening C++ with Bjarne
Bjarne Stroustrup
From the interview:
Bjarne wishes for more support rather than calls to drop the use and teaching of C++ altogether. Especially in light of how much progress the C++ 17, 20 and 23 mean to the language but also how using the core guidelines and modern static analysis can reduce vulnerabilities considerably.
By Andrey Karpov | Mar 12, 2021 01:06 AM | Tags: static analyzer sei cert security sast safety pvs-studio owasp top 10 owasp misra c++ misra devsecops code quality autosar c++14 autosar
At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.
PVS-Studio 7.12 New Features for Finding Safety and Security Threats
by Nikolay Mironov, Paul Eremeev
From the article:
Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:
- New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
- Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
- The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
- New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
- New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.