Robert C. Seacord

Early Life and Education

Robert C. Seacord was born on June 5, 1963. He earned a Bachelor of Science in computer science from Rensselaer Polytechnic Institute in December 1983. He subsequently completed graduate-level coursework at Carnegie Mellon University covering software design, creation and maintenance, user interfaces, software project management, formal methods, human factors, operating systems, and entrepreneurship.

Career

Seacord began his professional programming career at IBM in 1984, where he worked across processor development, communications and operating system software, and software engineering. He subsequently joined Carnegie Mellon University's Software Engineering Institute (SEI) in Pittsburgh, Pennsylvania, where he worked on the User Interface Project until 1991.

Following his initial tenure at SEI, Seacord worked at the X Consortium in Cambridge, Massachusetts, developing and maintaining code for the Common Desktop Environment and the X Window System. He returned to the SEI in 1996, focusing on component-based software engineering, and joined the CERT Division in 2003. At CERT, he led the Secure Coding Initiative, which produced influential coding standards and guidelines for C, C++, and Java.

In 2015, Seacord left CERT and the SEI to join NCC Group as a Technical Director. In February 2022, he joined Woven by Toyota, Inc., where he serves as Standardization Lead, working with Toyota and its suppliers on quality software development.

Alongside his industry roles, Seacord served as an adjunct professor in the Carnegie Mellon School of Computer Science and in the Information Networking Institute. He was also a part-time faculty member at the University of Pittsburgh.

Standards and Advisory Work

Seacord is a member of the Advisory Board for the Linux Foundation and serves as convenor for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language. In 2016, he co-wrote the Facebook osquery audit, a public security assessment commissioned by Facebook.

Notable Works

Seacord has authored and co-authored a substantial body of technical literature on secure coding, legacy system modernization, and component-based software engineering. His book Secure Coding in C and C++ (Addison-Wesley, second edition 2013) is a widely referenced text in the field. He authored The CERT C Secure Coding Standard (Addison-Wesley, 2008) and its follow-up The CERT C Coding Standard, Second Edition (Addison-Wesley Professional, 2014), establishing formal rules for safe and reliable C programming. He co-authored The CERT Oracle Secure Coding Standard for Java (Addison-Wesley, 2011) and Java Coding Guidelines (Addison-Wesley, 2014).

His earlier books include Modernizing Legacy Systems (Addison-Wesley, 2003), co-authored with Daniel Plakosh and Grace Lewis, and Building Systems from Commercial Components (Addison-Wesley, 2001), co-authored with Kurt Wallnau and Scott Hissam. His more recent Effective C: An Introduction to Professional C Programming was published by No Starch Press in 2020.

In addition to books, Seacord has produced video training series on professional C programming and secure coding in Java, and has contributed articles and conference papers on topics including Java deserialization vulnerabilities, bounds-check elimination, and secure coding standards for C.