Return to SwATips
Software Assurance Tips Archive
20210405 -
COTS, GOTS, and NOTS software in RMF for the Army
20210412 -
Sticking with a RAII Standard
20210419 -
Heap Inspection
20210426 -
Polymorphic Catch Performance in C#
20210503 -
Downloading Package Dependencies for Offline Installs in Debian-based Distributions
20210510 -
Homoglyphs аnd Homogrаphic Аttаcks
20210517 -
Secure Pseudo-Random Number Generation
20210524 -
Side-Channel Attacks
20210614 -
Secure Compilation
20210621 -
Living off the Land
20210628 -
Coverity and Integer Overflows
20210705 -
A Pedigree of S-BOMs
20210719 -
File-by-File Scanning for Ada
20210726 -
Compounding a Classic TOCTOU Mistake
20210802 -
Stripping: An Inefficient Obfuscation Technique
20210809 -
Ada
Low
High Integrity Profiles
20210816 -
The Password that Cannot Be Spoken
20210830 -
A CWE-499 Breakdown: Serializing Sensitive Data
20210906 -
When Code Analysis Fails
20210913 -
Static Header Paths
20211004 -
Perls of Wisdom: Use of Two-Argument Form of open()
20211101 -
Additional Risks to DevSecOps Pipelines
20211129 -
Malicious Injection of Source Code
20211220 -
GCC as a Static Analysis Tool
20220131 -
So you put an Unclassified CD in a Classified Machine
20220321 -
The Death of CentOS on DoD Networks
20220328 -
Ever-Changing Encryption Standards
20220418 -
Improper Resource Access Authorization
20220613 -
Don't Limit your CWEs
20220919 -
Commercial National Security Algorithm (CNSA) Suite 2.0
20221017 -
Java, Inner Classes, and Checkmarx Unused Variable Findings