Abstract
Developing secure software in a world where companies like Anthem Blue Cross, Twitter, Facebook, and Target have had massive amounts of data stolen by hackers is as challenging as it is important. Insecure coding practices are major contributors to software security vulnerabilities. What is missing is an open-source secure coding enforcement tool utilizing well-documented rules that software developers can use to predict potential pitfalls, learn from their mistakes and aid in the construction of secure programs as they build them. To address the need, we have designed a new tool called Secure Coding Assistant for the Eclipse Development Environment that semi-automates several secure coding rules set forth by the CERT division at Carnegie Mellon University. The tool detects violations of the CERT rules for the Java programming language but it is easily extensible to
other languages supported by Eclipse. It is an open-source tool with an emphasis on educating software developers in secure coding practices. The tool is disseminated via github at http://benw408701.github.io/SecureCodingAssistant/.