InfoQ

Presentation

Recorded at:
Recorded at

Secure Programming with Static Analysis

Posted by Brian Chess on Aug 06, 2008 09:44 AM

Community
Architecture
Topics
Code Analysis,
Security
Tags
Code Reviews,
Static Analysis,
QCon London 2008,
QCon
Summary
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.

Bio
Brian Chess is a founder and Chief Scientist of Fortify Software where his work focuses on practical methods for creating secure systems. His book, Secure Programming with Static Analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian holds a Ph.D. in computer engineering from the University of California at Santa Cruz.

About the conference
QCon is a conference that is organized by the community, for the community.The result is a high quality conference experience where a tremendous amount of attention and investment has gone into having the best content on the most important topics presented by the leaders in our community.QCon is designed with the technical depth and enterprise focus of interest to technical team leads, architects, and project managers.

RelatedVendorContent

Five Ways to Fail When You Scale

Offshore software development: Making it a success with Agile Practices

Efffective Design, DSLs in Practice, DDD, Cloud Computing and more tracks @ QCon SF Nov 19-21

The Future of Software Delivery According to visionaries Grady Booch & Erich Gamma

Testing Tools to Support Agile Software Delivery

2 comments

Reply

Video doesn't seem to work after approximately 30 mins by nik jan Posted Aug 7, 2008 7:35 PM
Re: Video doesn't seem to work after approximately 30 mins by Cristi Buta Posted Aug 8, 2008 8:14 AM
Sort by date descending

  1. Back to top

    Nice presentation but couldn't watch all.

    Reply

  2. Back to top

    I was able to watch the full presentation without any problem. Try dragging the progress indicator over the 30 mins and see what happens.

    Reply

Exclusive Content

Measuring Agile in the Enterprise: 5 Success Factors for Large-Scale Agile Adoption

Michael Mah analyzes the development process in 5 companies: 2 Agile (one of them BMC) and 3 classic. He presents the factors which contributed to the success of BMC's Agile adoption.

Tom Preston-Werner on Powerset, GitHub, Ruby and Erlang

In this interview filmed at RubyFringe 2008, Tom Preston-Werner talks about how both Powerset and GitHub use Ruby and Erlang, as well as tools like Fuzed, god, and more.

David Laribee on Alt.NET and its Mission

David Laribee discusses the purpose of ALT.NET, its mission and future.

Discover RailsKits and Stop Writing Redundant Code

Ruby on Rails has become a popular Ruby framework for creating web applications in recent years. An aspect of creating a web application is the need to repeatedly create the same base functionality.

A Formal Performance Tuning Methodology: Wait-Based Tuning

Steven Haines talks about tackling web application performance tuning by proposing a method called wait-based tuning.

Shaw and Fowler About Forging a New Alliance

Shaw and Fowler talk about the need for a new relationship between the business department and the IT department. Studies have shown that projects mostly fail due to miscommunication between the two.

How to GET a Cup of Coffee

In this article, Jim Webber, Savas Parastatidis and Ian Robinson show how to drive an application's flow through the use of hypermedia in a RESTful application.

Archaeopteryx: A Ruby MIDI Generator

Eccentric artist turned overnight anti-celebrity, Giles Bowkett captures the heart and soul of RubyFringe as he demonstrates his revolutionary Archaeopteryx MIDI drum pattern generator.