Scotland

Local News
Next Meeting

Guest Speaker: John McDonnell, Project Leader, CESG/GCHQ

Venue: Hilton Caledonian

Time: Wednesday 12th December; 7.00pm for a 7.30pm start

Abstract to follow

Inaugural Meeting

Venue: Hilton Caledonian Hotel

Time: Tuesday 23rd October; 7.00pm for a 7.30pm Start

Main Speaker: Brain Chess, Chief Scientist, Fortify Software

Title: Secure Programming with Static Analysis

Abstract:

Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

- The most common security short-cuts and why they lead to security failures

- Why programmers are in the best position to get security right

- Where to look for security problems

- How static analysis helps

- The critical attributes and algorithms that make or break a static analysis tool

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.

Other: 10 Minutes on OWASP and the Edinburgh Chapter