About the Authors

Fred Long is a senior lecturer in the Department of Computer Science at Aberystwyth University in the United Kingdom. He lectures on formal methods; Java, C++, and C programming; and programming-related security issues. He is chairman of the British Computer Society’s mid-Wales branch. Fred has been a visiting scientist at the Software Engineering Institute since 1992. Recently, his research has involved the investigation of vulnerabilities in Java. Fred is a coauthor of The CERT^® Oracle^® Secure Coding Standard for Java^™ (Addison-Wesley, 2012).

Dhruv Mohindra is a technical lead in the security practices group that is part of the CTO’s office at Persistent Systems Limited, India, where he provides information security consulting solutions across various technology verticals such as cloud, collaboration, banking and finance, telecommunications, enterprise, mobility, life sciences, and health care. He regularly consults for senior management and development teams of Fortune 500 companies, small and medium-sized enterprises, and start-ups on information security best practices and embedding security in the software-development life cycle.

Dhruv has worked for CERT at the Software Engineering Institute and continues to collaborate to improve the state of security awareness in the programming community. Dhruv obtained his M.S. in information security policy and management from Carnegie Mellon University. He holds an undergraduate degree in computer engineering from Pune University, India. Dhruv is also a coauthor of The CERT^® Oracle^® Secure Coding Standard for Java^™ (Addison-Wesley, 2012).

Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania. Robert is also a professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University. He is the author of The CERT^® C Secure Coding Standard (Addison-Wesley, 2009) and coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002), Modernizing Legacy Systems (Addison-Wesley, 2003), The CERT^® Oracle^® Secure Coding Standard for Java^™ (Addison-Wesley, 2012), and Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013). He has also published more than sixty papers on software security, component-based software engineering, web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert has been teaching Secure Coding in C and C++ to private industry, academia, and government since 2005. He started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He represents CMU at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.

Dean F. Sutherland is a senior software security engineer at CERT. Dean received his Ph.D. in software engineering from Carnegie Mellon in 2008. Before his return to academia, he spent 14 years working as a professional software engineer at Tartan, Inc. He spent the last six of those years as a senior member of the technical staff and a technical lead for compiler backend technology. He was the primary active member of the corporate R&D group, was a key instigator of the design and deployment of a new software-development process for Tartan, led R&D projects, and provided both technical and project leadership for the 12-person compiler backend group. Dean is a coauthor of The CERT^® Oracle^® Secure Coding Standard for Java^™ (Addison-Wesley, 2012).

David Svoboda is a software security engineer at CERT/SEI and a coauthor of The CERT^® Oracle^® Secure Coding Standard for Java^™. He also maintains the CERT secure coding standard web sites for Java, as well as C, C++, and Perl. David has been the primary developer on a diverse set of software-development projects at Carnegie Mellon since 1991, ranging from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has more than thirteen years of Java development experience, starting with Java 2, and his Java projects include Tomcat servlets and Eclipse plug-ins. He has taught Secure Coding in C and C++ all over the world to various groups in the military, government, and banking industries. David is also an active participant in the ISO/IEC JTC1/SC22/WG14 working group for the C programming language and the ISO/IEC JTC1/SC22/WG21 working group for C++.