NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Wednesday, July 1 • 4:05pm - 4:55pm
Lessons Learned Applying Static Analysis Tools to an Open Source Elliptic Curve Crypto Library - Zane Beckwith, Xaptum, Inc.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Static analysis tools can dramatically improve the reliability of software, but are often dismissed as onerous to setup and use. Static analysis is particularly useful for cryptography projects and other critical systems, which tend to have a tight focus and require very clean code style. This talk discusses tools and approaches that were helpful during the development of an open source elliptic curve pairing-based library, ECDAA [1], for privacy-preserving signatures such as are used by the FIDO Alliance. The emphasis of the talk is on concrete lessons for improving the reliability of critical code while fitting seamlessly into a modern development process. Tools discussed include venerable standbys Valgrind and cppcheck, as well as modern examples like scan-build and Infer. The lessons learned are of interest to developers of many types of projects, not just cryptography libraries.
[1] www.github.com/xaptum/ecdaa


Zane Beckwith

Principal Product Architect, Xaptum, Inc.
Zane has been Principal Product Architect and the Director of Security at Xaptum since 2016. Before that, he spent a few years writing low-latency C++ in the high-frequency trading world, and in a previous life he got a PhD in theoretical condensed matter physics. His ongoing open-source... Read More →

Wednesday July 1, 2020 4:05pm - 4:55pm CDT
OS Dependability Theater