1

I have been asked so be the second on grading a paper a Student is going to write about "Creating a methodology for ensuring Code Security/Authenticity". Sadly this is not my field of expertise.

Now I'm looking for some basic information about methods or software that already exists, so I can get a baseline understanding of the Topic. These are the Questions that are currently on my mind:

  • Is there already an established best practices?
  • What are commonly used Methods?
  • What are the most important points when looking at Code Security?

The student will hopefully provide some basics in his paper but I would hate to go into this blind just to be fair to the student. I would be grateful if anyone could point me toward any good introductory material?

Jens Krüger
  • 113
  • 4

1 Answers1

2

David A. Wheeler has a collection of essays, including several on software security (particularly targeting Unix/Linux).

There are lots of tools around, including sophisticated checkers that are build on LLVM, like klee. You'll also find discussions like "Top 12 Open Source Security Tools" with a bit of searching.

There are lots of standards, look e.g. at "Security Standards in Software Development".

vonbrand
  • 604
  • 3
  • 6