MISRA C: struggle for code quality and security https://pvs-studio.com/en/blog/posts/cpp/0866/
PVS-Studio
MISRA C: struggle for code quality and security
A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients...
Creating Roslyn API-based static analyzer for C# https://pvs-studio.com/en/blog/posts/csharp/0867/
PVS-Studio
Creating Roslyn API-based static analyzer for C#
After you read this article, you'll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the sou…
Why we need dynamic code analysis: the example of the PVS-Studio project https://pvs-studio.com/en/blog/posts/cpp/0868/
Pvs-Studio
Why we need dynamic code analysis: the example of the PVS-Studio…
In May 2021, CppCast recorded a podcast called ABI stability (CppCast #300). In this podcast, Marshall Clow and the hosts discussed rather old news — Visual Studio compilers support the Add…
Applications that use unverified data are often vulnerable to a wide variety of attacks: SQL Injection, XSS, Path Traversal, etc. Taint analysis is a technology that helps detect potential vulnerabilities caused by the use of unverified data.
In this video, we'll talk about how taint analysis works and how it can help you keep applications secure.
https://t.co/eFwDQWXD1L?amp=1
In this video, we'll talk about how taint analysis works and how it can help you keep applications secure.
https://t.co/eFwDQWXD1L?amp=1
YouTube
How Can Taint Analysis Protect You from Attacks? [SQL Injenctions] [Path Traversal]
Applications that use unverified data are often vulnerable to a wide variety of attacks: SQL Injection, XSS, Path Traversal, etc. Taint analysis is a technology that helps detect potential vulnerabilities caused by the use of unverified data. In this video…
CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis? https://pvs-studio.com/en/blog/posts/0869/
Pvs-Studio
CWE Top 25 2021. What is it, what is it for and how is it useful…
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you …
Rob and Jason are joined by Amir Kirsh and Avi Lachmish from Incredibuild. They first discuss Idle, a new C++ framework, the September ISO mailing and an Algorithm Intuition Chart. Then they talk to Amir and Avi about the recent CoreCpp conference, Bjarne’s keynote and other talks from the conference.
https://cppcast.com/corecpp-amir-avi/
https://cppcast.com/corecpp-amir-avi/
The software development intensifies from year to year. That's why developers often need various 'assistants' - programs that control code quality. Such assistants include static code analyzers that can find and fix flawed code (bugs, typos, vulnerabilities) at the early stages of development.
This article is a brief overview on popular static analyzers for Java code.
https://dzone.com/articles/protect-your-code-from-bugs-an-overview-of-five-st
This article is a brief overview on popular static analyzers for Java code.
https://dzone.com/articles/protect-your-code-from-bugs-an-overview-of-five-st
dzone.com
Protect Your Code From Bugs - DZone Java
Developers often need various "assistants" — these include static code analyzers which can find and fix flawed code at the early stages of development.
Rob and Jason are joined by Remi Coulom from Kayufu. They first discuss another blog posts about the ongoing ABI problems in C++ and another on common mistakes with comparison functions. Then they talk to Remi about Joedb, the Journal-Only Embedded Database.
https://cppcast.com/joedb/
https://cppcast.com/joedb/
Text broadcast of CppCast 293: One Lone Coder https://pvs-studio.com/en/blog/posts/cpp/0870/
Pvs-Studio
Text broadcast of CppCast 293: One Lone Coder
On this episode, Rob Irving and Jason Turner are joined by David Barr. First, they discuss Microsoft open-source calculator and an update to CMake. Then they talk about David's YouTube chan…
Detecting errors in the LLVM release 13.0.0 https://pvs-studio.com/en/blog/posts/cpp/0871/
PVS-Studio
Detecting errors in the LLVM release 13.0.0
Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let′s see what PVS-Studio found in the source code of the LLVM 13.0.0 project.
PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine https://pvs-studio.com/en/blog/posts/0872/
Pvs-Studio
PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine
We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and …
No project is perfect - whichever open-source project you examine, you can find a bug, or two - or... Welcome to our new video series where we study cases like this one.
Let's start with MuseScore: we downloaded and inspected the project's source code. Now sit back and relax while we talk about the peculiar code fragments we found.
https://www.youtube.com/watch?v=SAVbpFTj81I
Let's start with MuseScore: we downloaded and inspected the project's source code. Now sit back and relax while we talk about the peculiar code fragments we found.
https://www.youtube.com/watch?v=SAVbpFTj81I
YouTube
Short-lived music [MuseScore code analysis]
No project is perfect - whichever open-source project you examine, you can find a bug, or two - or... Welcome to our new video series where we study cases like this one. Let's start with MuseScore: we downloaded and inspected the project's source code. Now…
C++ tools evolution: static code analyzers https://pvs-studio.com/en/blog/posts/cpp/0873/
PVS-Studio
C++ tools evolution: static code analyzers
Modern applications have lots of code. And the C++ language doesn′t get easier. Nowadays, code reviews are not enough to fully analyze program code. Here′s where static code analysis comes …
Rob and Jason are joined by Brandon Duick and Billy Sisson from Exyn Technologies. They first discuss the upcoming CppCon hybrid conference and a new tuple library for C++20. Then they talk to Brandon and Billy about the autonomous UAS/Drone software they work on at Exyn Technologies.
https://cppcast.com/autonomous-uas/
https://cppcast.com/autonomous-uas/
How to check code for compliance with OWASP ASVS using PVS-Studio https://pvs-studio.com/en/blog/posts/0874/
Pvs-Studio
How to check code for compliance with OWASP ASVS using PVS-Studio
The PVS-Studio static analyzer allows you to automatically find various problems in the source code. It can also detect code fragments that do not comply with the OWASP Application Security…
Rob and Jason are joined by Joël Falcou and Denis Yaroshevskiy. They first talk about the 6.2 release of Qt and the range-based for loop bug that won’t be getting fixed in C++23. Then they talk to Joel and Denis about EVE, a C++20 SIMD library that evolved from Boost.SIMD. https://cppcast.com/eve/
What's new in C# 10: overview https://pvs-studio.com/en/blog/posts/csharp/0875/
Pvs-Studio
What's new in C# 10: overview
This article covers the new version of the C# language - C# 10. Compared to C# 9, C# 10 includes a short list of enhancements. Below we described the enhancements and added explanatory code…
OWASP Top Ten and Software Composition Analysis (SCA) https://pvs-studio.com/en/blog/posts/csharp/0876/
Pvs-Studio
OWASP Top Ten and Software Composition Analysis (SCA)
The OWASP Top Ten 2017 category A9 (which became A6 in OWASP Top Ten 2021) is dedicated to using components with known vulnerabilities. To cover this category in PVS-Studio, developers have…
How we sympathize with a question on StackOverflow but keep silent https://pvs-studio.com/en/blog/posts/cpp/0877/
Pvs-Studio
How we sympathize with a question on StackOverflow but keep sile…
On the stackoverflow.com website, we frequently see questions about how to look for bugs of a certain type. We know that PVS-Studio can solve the problem. Unfortunately, we have to keep sil…
When you are just starting to learn how to code, sometimes you may need practical tips from more experienced developers. What is a best practice for a specific scenario? What do you need to avoid? How to write better code? We took it upon us to help you out. Here's a selection of 8 tips for beginner C++ developers.
https://www.youtube.com/watch?v=KvCmvcnOJdo
https://www.youtube.com/watch?v=KvCmvcnOJdo
YouTube
C++ for Beginners: Tips to Write Better Code
When you are just starting to learn how to code, sometimes you may need practical tips from more experienced developers. What is a best practice for a specific scenario? What do you need to avoid? How to write better code? We took it upon us to help you out.…