Thanks to everyone who contributed to making this effort a success.
Major Contributors
Aaron Ballman is a Security Software Engineer at CERT. He is an active developer on the clang open source C/C++/Objective-C compiler, focusing primarily on frontend development. Aaron has over a decade of experience writing commercial compilers for various programming languages, as well as developing cross-platform C and C++ frameworks. He is the author of Ramblings on REALbasic (2009). |
---|
John Benito is an independent consultant providing software development, project management, and software testing. He is the current Convener of ISO/IEC JTC 1/SC 22/WG14, the ISO group responsible for Standard C, the initial Convener of ISO/IEC JTC 1/SC 22 WG 23 (was OWG Vulnerabilities), the project editor for the Technical Report 24772, and a member of the INCITS PL22.11 (ANSI C) technical committee. John previously was a member of INCITS PL22.16 (ANSI C++) and the ISO Java Study group. He has been in software development, project management, and testing for over 38 years. John has been participating in International Standard development for the past 24 years and is the recipient of the INCITS Exceptional International Leadership Award. |
---|
David Keaton is the chairman of the ANSI C Committee, the U.S. segment of the international committee that standardizes the C programming language. He has been a voting member of the committee since 1990. David has written compilers for everything from embedded systems to supercomputers. He has two patents related to compiler-assisted security mechanisms. |
---|
Dan Plakosh was the lead software engineer for the Systems Engineering Department at the Naval Surface Warfare Center (NSWCDD) before joining the SEI. Dan has over 15 years of software development experience in defense, research, and industry. Dan's principal areas of expertise include real-time distributed systems, network communications and protocols, systems engineering, real-time 2D and 3D graphics, and UNIX OS internals. Much of Dan's recent experience has been redesigning legacy-distributed systems to use the latest distributed communication technologies. |
---|
Robert C. Seacord is a the technical manager of the Secure Coding Initiative in the CERT® Division of the Software Engineering Institute (SEI) in Pittsburgh. Robert is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), as well as coauthor of five other books. Robert is an adjunct professor at Carnegie Mellon University and a technical expert for ISO/IEC JTC1/SC22/WG14, the international standardization working group for the programming language C. |
---|
Martin Sebor is a technical leader in the C and C++ compiler tool chain group in the Network Operating Systems Group at Cisco Systems, Inc., where he works on compilers and related development tools as well as the Cisco networking operating system IOS. Among Martin's responsibilities is leading the development and deployment of Cisco Secure Coding Standards. Martin's expertise includes the C and C++ languages and development tools and the POSIX standard. Martin is Cisco's representative to the C and C++ international standards committees (PL22.11 and PL22.16 subgroups of the INCITS technical committee for Programming Languages, PL22). |
---|
David Svoboda is a Software Security Engineer at CERT. He has been the primary developer on a diverse set of software development projects at Carnegie Mellon University since 1991. His projects have ranged from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production and use at Caterpillar. He has taught Secure Coding in C and C++ all over the world to various groups in the military, government, and banking industries. David is also involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/SC22/WG21 group for C++. |
---|
Contributors
Arbob Ahmad, Juan Alvarado, Dave Aronson, Abhishek Arya, BJ Bayha, Levi Broderick, Hal Burch, Steven Christey, Ciera Christopher, Geoff Clare, Joe Damato, Stephen C. Dewhurst, Susan Ditmore, Chad Dougherty, Mark Dowd, Xiaoyi Fei, William Fithen, Hallvard Furuseth, Jeffrey Gennari, Douglas A. Gwyn, Shaun Hedrick, Christina Johns, David Keaton, Takuya Kondo, Masaki Kubo, Richard Lane, Stephanie Wan-Ruey Lee, Jonathan Leffler, Fred Long, Gregory K. Look, Nat Lyle, Larry Maccherone, John McDonald, Dhruv Mohindra, Bhaswanth Nalabothula, Justin Pincar, Randy Meyers, David M. Pickett, Thomas Plum, Dan Saks, Chris Taschner, Ben Tucker, Fred J. Tydeman, Nick Stoughton, Wietse Venema, Alex Volkovitsky, Grant Watters, and Gary Yuan.
Reviewers
Kevin Bagust, Greg Beeley, Arjun Bijanki, John Bode, Stewart Brodie, G Bulmer, Kyle Comer, Sean Connelly, Ale Contenti, Tom Danielsen, Török Edwin, Brian Ewins, Justin Ferguson, Stephen Friedl, Samium Gromoff, Kowsik Guruswamy, Peter Gutmann, Richard Heathfield, Darryl Hill, Paul Hsieh, Ivan Jager, Steven G. Johnson, Anders Kaseorg, Matt Kraai, Jerry Leichter, Nicholas Marriott, Frank Martinez, Scott Meyers, Eric Miller, Ron Natalie, Adam O'Brien, Heikki Orsila, P.J. Plauger, Michel Schinz, Eric Sosman, Chris Tapp, Andrey Tarasevich, Josh Triplett, Pavel Vasilyev, Ivan Vecerina, Zeljko Vrba, David Wagner, Henry S. Warren, Colin Watson, Zhenyu Wu, Drew Yao, and Christopher Yeleighton.
Editors
Jodi Blake, Pamela Curtis, Ed Desautels, Carol Lallier, Osona Steave, and Barbara White.
Developers and Administrators
Rudolph Maceyko, Jason McCormick, Joe McManus, and Brad Rubbo
Special Thanks
Jeff Carpenter, Yurie Ito, Joe Jarzombek, Rich Pethia, Jason Rafail, Frank Redner, and Bob Rosenstein.
CERT Coding Standards CERT Coding Standards CERT C Coding Standard