CERT Secure Coding team have recently released a freely available tool capable of analysing the leakage of sensitive information from an Android app. CERT researchers claim their tool "is the most precise taint-flow static analysis tool for Android apps."
OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.
CERT Secure Coding team, part of the Software Engineering Institute at Carnegie Mellon University, have recently released secure coding guidelines specific to Java's application in the Android platform. InfoQ interviews Lori Flynn, one of the researchers who authored them.
The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.