Return to SwATips
Software Assurance Tips Archive
20210405 -
COTS, GOTS, and NOTS software in RMF for the Army
20210412 -
Sticking with a RAII Standard
20210419 -
Heap Inspection
20210426 -
Polymorphic Catch Performance in C#
20210503 -
Downloading Package Dependencies for Offline Installs in Debian-based Distributions
20210510 -
Homoglyphs аnd Homogrаphic Аttаcks
20210517 -
Secure Pseudo-Random Number Generation
20210524 -
Side-Channel Attacks
20210614 -
Secure Compilation
20210621 -
Living off the Land
20210628 -
Coverity and Integer Overflows
20210705 -
A Pedigree of S-BOMs
20210719 -
File-by-File Scanning for Ada
20210726 -
Compounding a Classic TOCTOU Mistake
20210802 -
Stripping: An Inefficient Obfuscation Technique
20210809 -
Ada
Low
High Integrity Profiles
20210816 -
The Password that Cannot Be Spoken
20210830 -
A CWE-499 Breakdown: Serializing Sensitive Data
20210906 -
When Code Analysis Fails
20210913 -
Static Header Paths
20211004 -
Perls of Wisdom: Use of Two-Argument Form of open()
20211101 -
Additional Risks to DevSecOps Pipelines
20211129 -
Malicious Injection of Source Code
20211220 -
GCC as a Static Analysis Tool
20220131 -
So you put an Unclassified CD in a Classified Machine
20220321 -
The Death of CentOS on DoD Networks
20220328 -
Ever-Changing Encryption Standards
20220418 -
Improper Resource Access Authorization
20220613 -
Don't Limit your CWEs
20220919 -
Commercial National Security Algorithm (CNSA) Suite 2.0
20221017 -
Java, Inner Classes, and Checkmarx Unused Variable Findings
20230403 -
Coverity BAD_CAST
20230410 -
Ada Unchecked Conversions
20230515 -
Checkmarx: Use of Obsolete Function
20230918 -
A History of Verification, Validation, and Code Scanning
20240212 -
Assess Only v. Assess and Authorize
20240527 -
Sorry Root, You're Not the Boss of Me!
20240610 -
The Zero Trust Paradox: Second Guessing the Good Guys
20240902 -
Back to the Building Blocks: Codifying Complacency