Manually fixing coding errors is time- and money-consuming. As a result, teams charged to make the fixes can eliminate few vulnerabilities; and fixing errors often breaks the working code, adding unwanted delay in testing. The SEI has developed a tool to detect and automatically repair integer overflow and reads of stale sensitive data, two pervasive software flaws. You can find more on SEI's technique for automated code repair in "Inference of Memory Bounds: Preventing the Next Heartbleed" at https://insights.sei.cmu.edu/sei_blog.... For more information, write to [email protected].

Ver todos los episodios