CERT Oracle Secure Coding Standard for Java, The

About David SvobodaDean SutherlandDhruv MohindraFred LongRobert Seacord

Ve>Fred Long is a senior lecturer and director of learning and teaching in the Department of Computer Science Aberystwyth University in the United Kingdom. He lectures on formal methods; Java C++ and C programming paradigms and programming-related security issues. He is chairman of the British Computer Societys Mid-Wales Sub-Branch. Fred has been a Visiting Scientist at the Software Engineering Institute since 1992. Recently his research has involved the investigation of vulnerabilities in Java. Dhruv Mohindra is a senior software engineer at Persistent Systems Limited India where he develops monitoring software for widely used enterprise servers. He has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv has also worked for Carnegie Mellon University where he obtained his master of science degree in information security policy and management. He holds an undergraduate degree in computer engineering from Pune University India where he researched with Calsoft Inc. during his academic pursuit. A writing enthusiast Dhruv occasionally contributes articles to technology magazines and online resources. He brings forth his experience and learning from developing and securing service oriented applications server monitoring software mobile device applications web-based data miners and designing user-friendly security interfaces. Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security legacy system modernization and component-based software engineering. Robert manages the Secure Coding Initiative at CERT located in Carnegie Mellons Software Engineering Institute in Pittsburgh Pennsylvania. CERT among other security-related activities regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute. Robert started programming professionally for IBM in 1982 working in communications and operating system software processor development and software engineering. Robert also has worked at the X Consortium where he developed and maintained code for the Common Desktop Environment and the X Window System. Robert has a bachelors degree in computer science from Rensselaer Polytechnic Institute. Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia he spent 14 years working as a professional software engineer at Tartan Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group was a key instigator of the design and deployment of a new software development process for Tartan led R&D projects and provided both technical and project leadership for the 12-person compiler back-end group. David Svoboda is a software security engineer at CERT. David has been the primary developer on a diverse set of software development projects at Carnegie Mellon since 1991 ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software developed in 1996 is still in production use at Caterpillar. He has over 13 years of Java development experience starting with Java 2 and his Java projects include Tomcat servlets and Eclipse plug-ins. David is also actively involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/ SC22/WG21 group for C++.