Robert C. Seacord
Robert C. Seacord (born June 5, 1963) is an American computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.
Education
[edit]Seacord earned a Bachelor's degree in computer science from Rensselaer Polytechnic Institute in December 1983. He has also completed graduate-level courses at Carnegie-Mellon University in software design, creation and maintenance; user interfaces; software project management; formal methods; human factors; operating systems; and entrepreneurship.[citation needed]
Career
[edit]Seacord began programming professionally for IBM in 1984, working in processor development, then communications and operating system software, and software engineering. He led the Secure Coding Initiative in the CERT Division of Carnegie Mellon University's Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania until 1991, working on the User Interface Project.[1] He also has worked at the X Consortium in Cambridge, Massachusetts, where he developed and maintained code for the Common Desktop Environment and the X Window System. He returned to SEI in 1996, working on component-based software engineering and joined CERT in 2003.[2] He left CERT and the SEI and joined NCC Group in 2015,[3] as a Technical Director.
Seacord was an adjunct professor in the Carnegie Mellon School of Computer Science and in the Information Networking Institute.[3] He was also a part-time faculty member at the University of Pittsburgh.[4]
Seacord is on the Advisory Board for the Linux Foundation[5] and convenor for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.[6] He co-wrote the 2016 Facebook osquery audit.[7]
In February 2022 Seacord joined Woven by Toyota, Inc., where he is Standardization Lead, working with Toyota and its suppliers on quality software development.[8]
Selected publications
[edit]Books
[edit]- Seacord, Robert C. (2020). Effective C: An Introduction to Professional C Programming. San Francisco, California: No Starch Press. ISBN 9781718501041.
- Seacord, Robert. The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd Edition), Addison-Wesley Professional, 2014. ISBN 0-321-98404-8.
- Lon, Fred; Mohindra, Dhruv; Seacord, Robert; Sutherland, Dean F.; and Svoboda, David. Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, Addison-Wesley, 2014. ISBN 978-0321933157.
- Seacord, Robert. Secure Coding in C and C++, Second Edition, Addison Wesley, 2013. ISBN 0-321-33572-4
- Seacord, Robert; Long, Fred; Mohindra, Dhruv; Sutherland, Dean; Svoboda, David. The CERT® Oracle® Secure Coding Standard for Java, Addison Wesley, 2011. ISBN 0-321-803-957
- Seacord, Robert. The CERT® C Secure Coding Standard, Addison Wesley, 2008. ISBN 0-321-56321-2
- Seacord, Robert; Plakosh, Daniel; Lewis, Grace. Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices, Addison Wesley, 2003. ISBN 0-321-11884-7
- Seacord, Robert, Wallnau, Kurt; Hissam, Scott. Building Systems from Commercial Components, Addison Wesley, 2001. ISBN 0-201-70064-6
Videos
[edit]- Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code ISBN 978-0-13-312335-7
- Secure Coding Rules for Java LiveLessons, Part I ISBN 978-0-13-419119-5
- Secure Coding Rules for Java: Serialization LiveLessons (Video Training) ISBN 978-0-13-419120-1
Selected articles
[edit]- Seacord, Robert C. (2014-04-24), Accessing Shared Atomic Objects from within a Signal Handler in C, retrieved 2019-01-23
- Long, Fred; Mohindra, Dhruv; Seacord, Robert C.; Sutherland, Dean F.; Svoboda, David (2013-09-27), Java Coding Guidelines for Reliability, retrieved 2019-01-23
- Seacord, Robert C. (2013-06-26), C Secure Coding Rules: Past, Present, and Future, retrieved 2019-01-23
- Seacord, Robert C. (2013-06-12), Silent Elimination of Bounds Checks, retrieved 2019-01-23
- Kalev, Danny; Seacord, Robert C. (2013-04-18), Secure Coding in C and C++: An Interview with Robert Seacord, retrieved 2019-01-23
- Long, Fred; Svoboda, David; Mohindra, Dhruv; Seacord, Robert C.; Sutherland, Dean F. (2011-10-24), The CERT® Oracle® Secure Coding Standard for Java: Input Validation and Data Sanitization (IDS), retrieved 2019-01-23
- Chisnall, David; Seacord, Robert C. (2008-12-15), Robert Seacord on the CERT C Secure Coding Standard, retrieved 2019-01-23
- Seacord, Robert C. "Uninitialized Reads". cacm.acm.org. Retrieved 2019-01-23.
- Seacord, R. C. (2017). "Java Deserialization Vulnerabilities and Mitigations". 2017 IEEE Cybersecurity Development (SecDev). pp. 6–7. doi:10.1109/SecDev.2017.13. ISBN 978-1-5386-3467-7. S2CID 8023550.
References
[edit]- ^ "Robert C. Seacord | US-CERT". www.us-cert.gov. Retrieved 2018-10-10.
- ^ Chisnall, David; Seacord, Robert C. (2008-12-15). Robert Seacord on the CERT C Secure Coding Standard.
- ^ a b "Renowned secure coding expert and author joins NCC Group's US team". www.nccgroup.trust. 4 November 2015. Retrieved 28 January 2018.
- ^ "CoMeT : Dangerous Optimizations and a Loss of Causality. Speaker bio". halley.exp.sis.pitt.edu. September 11, 2010. Retrieved 2020-12-20.
- ^ "Core Infrastructure Initiative Advisory Board". The Linux Foundation. 2020. Retrieved December 19, 2020.
- ^ "New Convenor". Retrieved 14 September 2023.
- ^ Salas, Ralph; Rahimi, Andrew; Seacord, Robert (March 11, 2016). "OSQuery Application Security Assessment" (PDF). NCCGROUP.
- ^ "Secure Coding and Integers (Show notes)". cppcast.com. 2022-03-03. Retrieved 2022-04-14.
External links
[edit]- Secure Coding and Integers (audio, 45:46)
- Robert Seacord on Avoiding Defects in C Programming on YouTube (video, 1:12:24)
- Java Serialization: The Serial Killer - Robert Seacord on YouTube (video, 47:10)
- Robert Seacord on the intersection of DevOps and security (audio, 14:39)
- Dangerous Optimizations And The Loss Of Causality (video, 45:05)
- CERT® Secure Coding Initiative on YouTube (video, 4:30)
- osquery Application Security Assessment Public Report (public report commissioned by Facebook, March 2016)