2025
2024
2023
- Apr 03 - Coverity BAD_CAST
- Apr 10 - Ada Unchecked Conversions
- May 15 - Checkmarx: Use of Obsolete Function
- Sep 18 - A History of Verification, Validation, and Code Scanning
2022
- Jan 31 - So you put an Unclassified CD in a Classified Machine
- Mar 21 - The Death of CentOS on DoD Networks
- Mar 28 - Ever-Changing Encryption Standards
- Apr 18 - Improper Resource Access Authorization
- Jun 13 - Don't Limit your CWEs
- Sep 19 - Commercial National Security Algorithm (CNSA) Suite 2.0
- Oct 17 - Java, Inner Classes, and Checkmarx Unused Variable Findings
2021
- Apr 05 - COTS, GOTS, and NOTS software in RMF for the Army
- Apr 12 - Sticking with a RAII Standard
- Apr 19 - Heap Inspection
- Apr 26 - Polymorphic Catch Performance in C#
- May 03 - Downloading Package Dependencies for Offline Installs in Debian-based Distributions
- May 10 - Homoglyphs аnd Homogrаphic Аttаcks
- May 17 - Secure Pseudo-Random Number Generation
- May 24 - Side-Channel Attacks
- Jun 14 - Secure Compilation
- Jun 21 - Living off the Land
- Jun 28 - Coverity and Integer Overflows
- Jul 05 - A Pedigree of S-BOMs
- Jul 19 - File-by-File Scanning for Ada
- Jul 26 - Compounding a Classic TOCTOU Mistake
- Aug 02 - Stripping: An Inefficient Obfuscation Technique
- Aug 16 - The Password that Cannot Be Spoken
- Aug 30 - A CWE-499 Breakdown: Serializing Sensitive Data
- Sep 06 - When Code Analysis Fails
- Sep 13 - Static Header Paths
- Oct 04 - Perls of Wisdom: Use of Two-Argument Form of open()
- Nov 01 - Additional Risks to DevSecOps Pipelines
- Nov 29 - Malicious Injection of Source Code
- Dec 20 - GCC as a Static Analysis Tool