The SEI/CERT website is full of best-practices for developing secure code for various popular programming languages. Select a software threat/vulnerability of your choice and idenitfy two secure coding practices to mitigate that threat/vulnerability. You may choose any programming language you wish.

Answers

Answer 1

Answer:  

Input-Output rule:  

char *file_name:

FILE *f+ptr;  

f_ptr = fopen(file_name, "w");

if(f_ptr == NULL){

}  

if(fclose(f_ptr)!=0){

}  

if(remove(file_name) !=0){

}  

Expression:  

void set_fl(int num ,int *s_fl){

if(NULL == s_fl){

return;

}  

if(num>0){

*s_fl =1;

}

else if(num <0) {

*s_fl = -1;

}

}  

int is_negative(int num) {

int s;

set_fl(num , &s);

return s<0;

Explanation:  

Computer Emergency Response Team(CERT) has found most vulnerabilities discovered in applications stem from a comparatively small number of common programming errors that developers repeatedly make. The CERT secure coding initiative is functioning to determine secure coding standards for commonly used programming languages and to advance the practice of secure coding.

There are many security coding practices:  

SEI CERT C coding standard:  

The C rules and proposals are a piece ongoing and reflect the present thinking of the secure coding community. As rules and proposals mature, they're published in report or book form as official releases.


Related Questions

An input statement is used to interact with the user of a program.
True False

Answers

Answer:

True.

Explanation:

An input statement asks a user a question, where the user has to input a value for the program to move forward. This means that yes, the program does interact with the user.

A Product Manager has been given responsibility for overseeing the development of a new software application that will be deployed to a group of Accenture clients.

What would be the most time-saving and cost-effective way for the Product Manager to address the new application’s security considerations?


Utilize a DevSecOps approach to incorporate security into the development process from the beginning.


Schedule development of security features after the application’s initial release.


Design the application’s security features after the application’s initial build is complete.


Contract with an external vendor to develop a security solution separately from the main application.


I don't know this yet.

Answers

There are different software that has been developed today. The most time-saving and cost-effective way is to Design the application’s security features after the application’s initial build is complete.

Accenture is known for their work in improving business needs. They are constantly shifting to a new method of delivering information technology.

They are known to embed security into the product development life cycle helps secure the business and also keeping speed and assisting to remove friction.

Learn more about Accenture from

https://brainly.com/question/25737623

Explain if a company is responsible for using computer components manufactured using fair trade practices. [9 marks]

Answers

Answer:

Fair trade practices aims at promoting the fair relationships between the buyers and producers. It is a kind of a social movement that makes the producers to provide the better conditions and humane working environment in case of developing countries.

• It also favors and supports the proper and substantial payment to the manufacturers and wages to the labors.

• It is a trading partnership that states the manufacturers to analyze and check their supply sources or resources and provide disclosure if the materials were produced or mined in the areas of conflict or areas of extreme poverty.

Explanation:

can you mark me as brainlist

Answer:

It is a trading partnership that states the manufacturers to analyze and check their supply sources or resources and provide disclosure if the materials were produced or mined in the areas of conflict or areas of extreme poverty.

In transcription Files are transcribed in:

a) Australian English
b) American English unless a client states otherwise.
c) Canadian English
d) British English

Answers

Answer:

B

Explanation:

American English unless a client states otherwise

Answer:

b american english

Explanation:

Define Word Processing

Answers

Answer:

Word Processing refers to the act of using a computer to create, edit, save and print documents. ... Text can be inserted, edited, moved, copied or deleted within your document and the appearance of the text can be modified in numerous ways.

What type of databases is not limited by the data’s physical location?

Answers

A distributed database is not limited by the data's physical location.

Internet privacy refers to the level of information sharing on the web collected through web cookies, caches, and browsing history true or false

Answers

The level of information sharing on the web that are mainly collected through web cookies, caches, and browsing history of a web browser is referred to as Internet privacy: True.

A web browser can be defined as a software program that is typically designed and developed for viewing a HTML document or browsing the Internet.

An Internet privacy refers to the level of privacy protection an end user has while browsing the Internet, especially with reference to the vast range of protocols, technologies, and frameworks (concepts) that are deployed.

This ultimately implies that, Internet privacy relates to the level of information sharing on the web that are mainly collected on a web browser through the following means:

Web cookiesCachesBrowsing history

Read more: https://brainly.com/question/3840341

Which of the following is NOT an example of editing?
O Adjusting photos
O Cutting video and audio
O Proofreading written content
O Designing graphics

Answers

Answer:

ang answer po at proofreading written

content

Explanation:

if I wrong please correction me!

When a derived class method has the same name as a base class method, it is often said that the derived class method ________ the base class method.

Answers

Answer:

will be

Explanation:

I'm not quite sure but I think that this is the answer for your question

Professor Gekko has always dreamed of inline skating across North Dakota. He plans to cross the state on highway U.S. 2, which runs from Grand Forks, on the eastern border with Minnesota, to Williston, near the western border with Montana. The professor can carry two liters of water, and he can skate m miles before running out of water. (Because North Dakota is relatively flat, the professor does not have to worry about drinking water at a greater rate on uphill sections than on flat or downhill sections.) The professor will start in Grand Forks with two full liters of water. His official North Dakota state map shows all the places along U.S. 2 at which he can refill his water and the distances between these locations. The professor’s goal is to minimize the number of water stops along his route across the state.

a. Give an efficient algorithm by which he can determine which water stops he should make.

b. Prove that your strategy yields an optimal solution, and give its

Answers

The efficient algorithm by which he can determine which water stops he should make; has been determined below and the strategy which is the greedy strategy has been proven to yield an optimal solution.

To solve this question optimally, we will make use of the greedy solution.

In this method, we will maximize the distance that can be covered from a particular point in such a way that there must be a place where water can be gotten before a run out is experienced.

Now, the first point at which there will be a stop should be located at a point that is farthest from the starting position and is also made to be ≤ m miles from the starting position.

Now, this this situation is one that shows optimal substructure and since our  first stopping point will be made to be at p, it means that we are solving the sub-question with the assumption that our starting point is at p.

When we combine the two stated plans above, we will arrive at an optimal solution for the normal reasons via cut and paste.

B) Now we need to show that the greedy approach earlier used produce a first stopping point which is contained in the optimal solution.

Let O represent any optimal solution whereby the professor stops at positions o₁, o₂, o₃....oₙ.

Let h₁ represent the farthest stopping point that is reachable from the starting point. Then we can replace o₁ by h₂ to generate a modified solution H since o₁ - o₂ < o₂ - h₁.

Finally, we can really make it to the positions in H without having to run out of water and since H has the same number of stops, we can conclude that h₁   is contained in one of optimal solution.

Therefore our strategy which is the greedy strategy has been proven to work.

Read more about algorithms at; https://brainly.com/question/24793921

Brainliest if correct. 3. You are researching ways to boost employee morale for a proposal. How can you
avoid copyright issues when you find materials from outside sources? (1 point)

Answers

To avoid copyright you can give credit to the original author. For example if I copy information that said “all humans are meant to be extinct by 2073” from notarealwebsite.com I shout credit them for this.

In Python which is the correct method to load a module math?

Answers

Answer: The math module is a standard module in Python and is always available. To use mathematical functions under this module, you have to import the module using import math .

Explanation:

hi hi hihihihihivvv hihihihihihi v vhi

Answers

Answer: hihihihihihiihihi hihihihiihihih

Explanation: hi.

What unit on a digital camera gives added illusions

Answers

Vfx used for visual effects in the creation on any screen.. imagery that does not physically exist in life. Vfx also allow makers of films to create environments, objects, creature,ect..

As a Waterfall project manager, your goal is to minimize any changes that could lead to scope creep. You want to protect your team from building something the client or stakeholders don’t want. What formal and rigorous process could you set up to safeguard against this?

Answers

The necessary things that should be done to avoid a project scope creep include documenting the project requirements and setting up change control processes.

The scope of a project simply means the work that is required in order to complete a project. On the other hand, project scope creep means the occurrence that happens when changes are made to the scope without a change request.

To avoid project scope creep, it's important to document the project requirements, set up changes in control processes, and have a clear project schedule.

Learn more about projects on:

https://brainly.com/question/4853153

smart art is considered a​

Answers

Explanation:

visual representation of information and ideas, and a chart is a visual illustration of numeric values or data. Basically, SmartArt graphics are designed for text and charts are designed for numbers. Use the information below to decide when to use a SmartArt graphic and when to use a chart.

The program allows the user to type in any linux command and then executes that command, such as "pwd" or "echo". The problem is that it should allow multiple commands to be typed in and executed at the same time, but it only allows one at a time currently. Please help fix it so it allows multiple commands to be typed and executed.
Code:
#include
#include
#include
#include
#include
#include
void parse(char *line, char **argv)
{
while (*line != '\0') { /* if not the end of line ....... */
while (*line == ' ' || *line == '\t' || *line == '\n')
*line++ = '\0'; /* replace white spaces with 0 */
*argv++ = line; /* save the argument position */
while (*line != '\0' && *line != ' ' &&
*line != '\t' && *line != '\n')
line++; /* skip the argument until ... */
}
*argv = '\0'; /* mark the end of argument list */
}
void execute(char **argv)
{
pid_t pid;
int status;
if ((pid = fork()) < 0) { /* fork a child process */
printf("*** ERROR: forking child process failed\n");
exit(1);
}
else if (pid == 0) { /* for the child process: */
if (execvp(*argv, argv) < 0) { /* execute the command */
printf("*** ERROR: exec failed\n");
exit(1);
}
}
else { /* for the parent: */
while (wait(&status) != pid) /* wait for completion */
;
}
}
void main(void)
{
char line[1024]; /* the input line */
char *argv[64]; /* the command line argument */
while (1) { /* repeat until done .... */
printf("Enter Shell Command -> "); /* display a prompt */
fgets(line, 1024, stdin); /* read in the command line */
printf("\n");
parse(line, argv); /* parse the line */
if (strcmp(argv[0], "exit") == 0) /* is it an "exit"? */
exit(0); /* exit if it is */
execute(argv); /* otherwise, execute the command */
}
}
This function receives a commend line argument list with the */ /* the first argument being cd and the next argument being the */ /* directory to change.

Answers

Where is the question

What is the result of the following code?

x=7//2+10%2**4

print(x)

Answers

Answer:

3

Explanation:

We can split the expression into two sections

First Section:

7 // 2 = 3. Using the floor division we only utilize the integer part.

Second Section:

10 % 2**4 = 0**4 = 0

Bringing back the full version expression we have

3 + 0 = 3

So has anyone opened the link/file those people are giving out as answers? Like what are they, viruses, answers, nothing??? Someone that has opened one tells me what it was and what happened because I am to scared to open it.

Answers

Answer:

They're viruses that why they answer so quick and get deleted quickly

Where is the option to set Conditional Formatting rules found?
O Insert tab in the Formatting group
O Page Layout tab in the Styles group
O Home tab in the Styles group
Formulas tab in the Formatting group

Answers

Answer:

C. Home tab in the Styles group

Explanation:

answer on edge 2021

_____ are extremely _____ data structure’s, used all the time, and there are so many _____ that can handle them to do useful things.
A _____ can be thought of as an array of arrays
•versatile
•functions
•arrays
•matrix

Answers

Answer:

arrays are extremely versatile  data structure’s, used all the time, and there are so many functions that can handle them to do useful things.

A matrix can be thought of as an array of arrays

Answer:

Arrays are extremely versatile data structure's, used all the time, and there are so many functions that can handle them to do useful things.

A matrix can be thought of as an array of arrays.

Happy Holidays

Explanation:

(a) Explain what the following Java components are used for.JListJFrameFLowLayoutJpanelJFrameEventListener(b) Write simple Java codes to illustrate how each one of the above components are implemented.​

Answers

Answer:

Welcome to Gboard clipboard, any text you copy will be saved here.

How to use section header in word document?

Please answer fast​

Answers

Answer:

Configure headers and footers for different sections of a document

Click or tap the page at the beginning of a section. Select Layout > Breaks > Next Page. Double-click the header or footer on the first page of the new section.

Explanation:

I really need help with this question! Please help!

Answers

Answer:

(C) Emma goes to sleep late and does not set an alarm.

Explanation:

Decomposing a problem is setting a back drop inference as to (WHY?) something happens . So Emma woke up late , the only reasonable (WHY?) in this question would be (C)

I wake up the computer and remind it what to do ​

Answers

Answer:

what's the question or answer you want or is it a joke?

Explanation:

A user is complaining that an external web page is taking longer than normal to load.The web page does eventually load on the user machine. Which tool should the technician use with administrator privileges in order to locate where the issue is in the network

Answers

The tool that the technician should use is TRACERT. It is a network diagnostic command for tracing the path of an Internet Protocol packet to its corresponding destination.

The Internet Protocol is the network protocol on the Internet, which is used for relaying data across network boundaries.

TRACERT is a network diagnostic command used to trace the path of an Internet Protocol packet to its corresponding destination.

This tool (TRACERT) is useful for defining response delays and routing loops in a network pathway across different nodes.

Learn more about TRACERT here:

https://brainly.com/question/5699061

Please debbug this code for me

public class SavingAccount { // interest rate for all accounts private static double annualInterestRate = 0; private final double savingsBalance; // balance for currrent account // constructor, creates a new account with the specified balance public void SavingAccount( double savingsBalance ) { savingsBalance = savingsBalance; } // end constructor // get monthly interest public void calculateMonthlyInterest() { savingsBalance += savingsBalance * ( annualInterestRate / 12.0 ); } // end method calculateMonthlyInterest // modify interest rate public static void modifyInterestRate( double newRate ) { annualInterestRate = ( newRate >= 0 && newRate <= 1.0 ) ? newRate : 0.04; } // end method modifyInterestRate // get string representation of SavingAccount public String toString() { return String.format( "$%.2f", savingsBalance ); } // end method toSavingAccountString } // end class SavingAccount

Answers

Answer:

/

Explanation:

Brainliest if correct. 5. if you wanted b show how many employees at your office ride a bicycle to work in
comparison to the number of employees who drive a car, take public transportation,
or walk wihat visual would be best? (1 point)

Answers

Answer:

I believe a bar graph would be best for me. What are your answer options though?

Explanation:

RAM or RIM is correct?

Answers

RAM is the correct answer

Please hurry, it's a test! 30 POINTS. :)
What computing and payment model does cloud computing follow?

Cloud computing allows users to_____ computing resources and follows the ______
payment model.

1. Buy, Own, Rent, Sell
2. pay-as-you-go, pay-anytime-anywhere, pay-once-use-multiple-times

Answers

1 own
2 pay anytime anywhere
Other Questions
What does segregation mean?inclusionrefusing servicemandatory imprisonmenta legal system of separation by race HELP PLEASE ANYONEDerrick has 3 times as many CDs as Joshua. Which equation compares the number of CDs that the two boys have? (Let d = number of Derrick's CDs and j = number of Joshua's CDs.) O A. 3d = j E O B. 3j = d c C. 3 + d = j OD. 3 + j = d PLZ HELP!!!! THIS IS DUE SOON!!! I RLLY NEED HELP!!!!QUESTIONS ARE BELOW!!STORY: The Elevator by William SleatorSHORT FILM NAME: The Elevator - Short Horror FilmBY YOU-TUBER: Timothee MEYRIEUX Three segments are chosen at random from six segments having lengths of 2, 3, 5, 6, 7 and 10 units. What is the probability that the three segments chosen could form a triangle? Express your answer as a common fraction SaveWhat resource contributed to the growth of the Mali Kingdom under Mansa Musa as illustrated in this image?es )))A)teaB)goldsilverD)diamondsGlobal Interactions: 500SSH SudahHint What is an equation of the line that passes through the points (-6, -4)(6,4) and (3, 8)(3,8)? Summarize the relationship between knowledge and skill and the level of wages in the labormarket? Twins Bo and Joe have a combined mass of 200 kg and are zooming along at 10 m/s in a 100 kg amusement park bumper car. They bump into Melindas car, which is sitting still. Melinda has a mass of 25 kg and is also in a 100 kg car. After the collision, the twins continue moving with a speed of 4.12 m/s.a. What is the initial momentum of the system?b. What must be the final momentum of the system?c. How fast is Melindas car bumped across the floor? Jeremiah and Cassie went to dinner. Jeremiahs meal was $25 and Cassies was $23. They each got a Pepsi for an additional $3.25. If they planned to leave a 15% tip for their waiter, how much should they leave? Bret buys a dining table that costs $150 before tax. The sales tax is 8%. How much sales tax did he pay? A company reports on the cash basis. During the company's first year of business, it had sales on account of $1,000,000, inventory purchases on account of $400,000, and other expenses of $200,000. At the end of the year, the company had accounts receivable, inventory, and inventory related accounts payable of $100,000, $10,000, and $50,000, respectively. What is the company's cash-basis income for its first year of operations "A young girl, An Lingshou.... delighted in the Buddhist teachings and did not wish for her parents to arrange her marriage. Her father said, 'You ought to marry. How can you be so un-filial?' An Lingshou said, 'My mind is concentrated on the work religion... why must I submit three times, to father, husband, and son, before I am considered a woman of respectability?' H father said, 'You want to benefit only one person- yourself. ' An Lingshou said, 'I want to cultivate (Buddhism) because I wa to free all living beings from suffering."" - excerpt from Lives of the Nuns, by Shi Baochang, writer of biographies of important Buddhist nuns, c. 516CE Which change in social structure due to the spread of Buddhism in China is being described in the excerpt? A) women could join monastic orders B) women were considered socially equal to men women no longer had to accept arranged marriages D) filial piety was no longer emphasized in Chinese culture In the U.S. most factory workers were from? ONly when i have to i gotta do the import thing of what when i love doing the 100+1? Security is called because there is a disruptive person in the ER. When security arrives, they find a young man sitting silently in a chair. They grab the man and begin to yell at him for being disruptive. This is an example of _____.ineffective communication because it involved aggressioneffective communication because the security guard needed to take control of the situation before others became annoyedineffective communication because it involved a ER patient who is not welleffective communication because the patient was disruptive 4. What is the biggest problem caused by a large human population? Ezra has $10 to spend on a taxi ride. The taxi company charges a flat rate of $4, plus $1.50 per mile. What is the maximum amount of miles Ezra can afford to travel in this taxi?PLS ANSWER ASAP I WILL GIVE BRAINLIEST AND WILL GIVE 22 POINTS!!!! Which of the following is not a type of association. Translate to an inequality. Use the variable x.A number is less than 15. Tanya organizes and codes patients records. What kind of health informatics professional is she?Tanya is a ________________.