This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).
Is CERT code included? I think there is a group working on a secure version of C++ as well. I’m not convinced that shifting experienced programmers to mew less familiar syntax will improve software quality. Improving the language rather than changing to another might be a better approach.
I guess assembly also ought to be avoided since all of the power/flaws of C are extant in it as well.
Is CERT code included? I think there is a group working on a secure version of C++ as well. I’m not convinced that shifting experienced programmers to mew less familiar syntax will improve software quality. Improving the language rather than changing to another might be a better approach.
I guess assembly also ought to be avoided since all of the power/flaws of C are extant in it as well.