Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

The Next C Language Standard (C23)

by Robert C. Seacord The cutoff for new feature proposals for the next C Language Standard (C23) has come and gone meaning that we know some of the things that will be in the next standard and all of the things that will not be. There are still a bunch of papers that have been […]


Tool Release – Reliably-checked String Library Binding

by Robert C. Seacord Memory Safety Reliably-checked Strings is a library binding I created that uses static array extents to improve diagnostics that can help identify memory safety flaws. This is part of broader initiative in the C Standards Committee to improve bounds checking for array types. See my blog post Improving Software Security through […]


Supply Chain Security Begins with Secure Software Development

Component-based Software Development Supply chain security is a complex problem that needs to be solved to before we can gain confidence in the quality of the software systems we depend upon. In July 2001, Addison-Wesley Professional  published the Building Systems from Commercial Components book I coauthored with Kurt Wallnau and Scott Hissam. Building software from commercial and open […]


The Future of C Code Review

I gave a short talk on the Future of C Code Review at our internal (Not) NCC Con Conference this year (held virtually due to Covid-19) and recorded it for posterity. In this short talk, I focus on optimizations resulting from pointer provenance-based alias analysis that can modify the behavior of code with undefined behaviors. […]


Past, Present and Future of Effective C

Dennis Ritchie and Ken Thompson invented the C Programming Language at Bell Telephone Laboratories  in 1972 [Ritchie 1993]. The C Language is a highly successful system programming language that can work with a wide range of computing hardware and architectures. Nearly 50 years later, C remains as vital and popular as ever. System languages are […]


Improving Software Security through C Language Standards

This blog post describes my history with the C Standards Committee, the work standards organizations are currently doing in software security, and the future of NCC Group’s work in improving software security by working with the C Standards Committee and other standardzation efforts. Past I became involved with the C Standards Committee (more formally, ISO/IEC […]