BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 16.0 MIMEDIR//EN VERSION:2.0 METHOD:PUBLISH X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VTIMEZONE TZID:UTC BEGIN:STANDARD DTSTART:16010101T000000 TZOFFSETFROM:-0000 TZOFFSETTO:-0000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT CLASS:PUBLIC CREATED:20220412T084230Z DESCRIPTION:Did you know that 70% of serious security bugs are a result of memory safety issues? In this talk\, I will share how you could leverage l anguage rules and static analysis principles to write safer C++ programs.\ n \nModern analysis tools have come a long way since their inception and a re much more powerful than traditional Lint-style checks. They use powerfu l techniques like theorem solvers to simple heuristics mimicking developer ’s reasoning and can find deep semantic errors in programs. Furthermore\ , these tools can take advantage of information available in types and typ e extensions in the language to bridge the gap across function boundaries\ , without incurring the performance penalties of running global analyses.\ n \nOver the years\, MSVC code analysis has become an indispensable part o f the “shift left” experience to drive program safety at Microsoft. Th roughout the talk\, I will share my experience in developing and running t hese tools on large production codebases over the last decade and how they evolved over time. All the checks in the demo are available for free in t he community edition of Visual Studio and as security actions in GitHub.\n \n \n DTEND;TZID=UTC:20220426T161700 DTSTAMP:20220412T084230Z DTSTART;TZID=UTC:20220426T154700 LAST-MODIFIED:20220412T084230Z LOCATION:https://aka.ms/purevirtualcpp/live PRIORITY:5 SEQUENCE:0 SUMMARY;LANGUAGE=en-gb:PVC++: Everything I Learned About Static Analysis an d Program Safety TRANSP:OPAQUE UID:040000008200E00074C5B7101A82E00800000000C0805DF7504ED801000000000000000 0100000001D1F6ACE83DB6041B20AF77DD6AE4489 X-ALT-DESC;FMTTYPE=text/html:

Did you know that 70% of seri ous security bugs are a result of memory safety issues? In this talk\, I w ill share how you could leverage language rules and static analysis princi ples to write safer C++ programs.

 \;

Mo dern analysis tools have come a long way since their inception and are muc h more powerful than traditional Lint-style checks. They use powerful tech niques like theorem solvers to simple heuristics mimicking developer’ \;s reasoning and can find deep semantic errors in programs. Furthermore\, these tools can take advantage of information available in types and type extensions in the language to bridge the gap across function boundaries\, without incurring the performance penalties of running global analyses.

 \;

Over the years\, MSVC code analysis h as become an indispensable part of the “\;shift left”\; experien ce to drive program safety at Microsoft. Throughout the talk\, I will shar e my experience in developing and running these tools on large production codebases over the last decade and how they evolved over time. All the che cks in the demo are available for free in the community edition of Visual Studio and as security actions in GitHub.

 \;

 \;

X-MICROSOFT-CDO-BUSYSTATUS:BUSY X-MICROSOFT-CDO-IMPORTANCE:1 X-MICROSOFT-DISALLOW-COUNTER:FALSE X-MS-OLK-AUTOFILLLOCATION:FALSE X-MS-OLK-CONFTYPE:0 BEGIN:VALARM TRIGGER:-PT15M ACTION:DISPLAY DESCRIPTION:Reminder END:VALARM END:VEVENT END:VCALENDAR