Back To Schedule

Vulnerable C++

13:00 - 14:00 Saturday 2nd March 2024 UTC

Programming languages contain features that could cause code to behave badly. Either by creating hazards in safety critical software, or by creating entry points for attacks in security-critical software.

ISO SC22 WG23 working group collects common language vulnerabilities and provides standards that map the common vulnerabilities to specific programming languages and their mitigations.

This talk will give an overview of typical vulnerabilities and will demonstrate examples on how C++ maps to those generic vulnerabilities and how the upcoming standard 24772-10 provides advice for mitigation and avoidance.

View Slides

Peter Sommerlad

Peter Sommerlad - Better Software

Peter Sommerlad is a consultant and trainer for Safe Modern C++ and Agile Software Engineering. Peter was professor at and director of IFS Institute for Software at FHO/HSR Rapperswil, Switzerland until February 2020. Peter is co-author of POSA Vol.1 and Security Patterns. He inspired the C++ IDE Cevelop with a unique C++ feedback, refactoring, and code modernization experience. Peter is a member of MISRA-C++, Hillside, ACM, IEEE Computer Society, ACCU, ISO WG23 and the ISO WG21 C++ committee.