- Peter Sommerlad - Better Software
Peter Sommerlad is a consultant and trainer for Safe Modern C++ and Agile Software Engineering. Peter was professor at and director of IFS Institute for Software at FHO/HSR Rapperswil, Switzerland until February 2020. Peter is co-author of POSA Vol.1 and Security Patterns. He inspired the C++ IDE Cevelop with a unique C++ feedback, refactoring, and code modernization experience. Peter is a member of MISRA-C++, Hillside, ACM, IEEE Computer Society, ACCU, ISO WG23 and the ISO WG21 C++ committee.
C++ programmers suffer from the language's complexity as well as from its "super power" of backward compatibility that manifests known and sometimes lesser known deficiencies in language and standard library design. In application areas where human live or capital is at risk, safe and secure code is a must, but even in other domains the internal quality of C++ programs is an important factor for programmers' effectiveness. Writing safe and secure code is hard, and requires to circumvent undefined behavior and also portability issues, when development and target platforms differ. Knowing C++ vulnerabilities and potential mitigations is a first step […]
Programming languages contain features that could cause code to behave badly. Either by creating hazards in safety critical software, or by creating entry points for attacks in security-critical software. ISO SC22 WG23 working group collects common language vulnerabilities and provides standards that map the common vulnerabilities to specific programming languages and their mitigations. This talk will give an overview of typical vulnerabilities and will demonstrate examples on how C++ maps to those generic vulnerabilities and how the upcoming standard 24772-10 provides advice for mitigation and avoidance.