Ideally, the best application-security solutions would be built with security in mind from the ground up. To do this, you must start with a secure coding platform. Mainstream programming languages such as Java and C++ are inherently flawed with vulnerabilities derived from integer overflow and underflow, math errors from floating point floors and ceilings, and loss of information in type conversions. The languages we use were not designed for developing secure code.
The Secure Coding Framework (SCF) corrects these flaws and prevents developers from silently triggering errors that lead to cyber vulnerabilities. It also adds new features such as built-in range checking and exception handling to data types that enhance secure coding efforts. This presentation covers the development and use of the SCF as a secure coding platform. SCF makes it easy for developers to write secure code in mainstream programming languages. It supports the concept of building in security from the beginning rather than as an afterthought. Kertis will discuss the business drivers, software quality attributes, design and implementation, details of the APIs, and the patent-pending technology behind the product.