Secure Coding Guideline and SWIFT 3.0 release


(Pandey, Sunil Y) #1

Hi All,

Can anybody please help me with my queries mentioned below:

1. Do we have secure coding guidelines for SWIFT, please let me know

          where can I find the same

2. When can we expect formal *Swift 3.0 *release

3. Is there any risk If we already have started using Swift 3.0 Dev Preview 1

4. Static analysis tool for Swift to check possible security issues

Best Regards,

Sunil

···

______________________________________________________________________
This e-mail (and any attachments), is confidential and may be privileged. It may be read, copied and used only by intended recipients. Unauthorized access to this e-mail (or attachments) and disclosure or copying of its contents or any action taken in reliance on it is unlawful. Unintended recipients must notify the sender immediately by e-mail/phone & delete it from their system without making any copies or disclosing it to a third person.
______________________________________________________________________


(Jens Alfke) #2

Keep in mind that the language itself is designed to prevent many of the errors that result in insecure code — dangling pointers, uninitialized variables, buffer overflows, arithmetic overflows…

(Yes, it’s still possible to commit some of those errors, but you have to go out of your way by using UnsafePointers or the unchecked arithmetic operators.)

—Jens

···

On Aug 10, 2016, at 4:30 AM, Pandey, Sunil Y via swift-users <swift-users@swift.org> wrote:

4. Static analysis tool for Swift to check possible security issues


(Rod Brown) #3

Hi Sunil

1. From my understanding, there are no Secure Coding Guidelines specifically.

2. Apple has mentioned “Late 2016” as their guide for the release. The tie in with Xcode 8, the release of iOS 10 and macOS Sierra appears to suggest they will be released approximately the same time, so while there are no promises, the plan appears for a release approximately September/October.

3. It is not recommended to use Swift 3 in production code. There are still bug fixes going on, and changes being made. There are no specific issues with development with Swift 3 Dev Previews - they are designed as development previews after all. That said, you should not attempt to develop with Swift 3 if you release timeframe requires a release said code any time within the next several months. This would put you at risk of requiring to release before Swift 3 actually drops. It is highly unrecommended to release software built with Swift 3 before Apple has given the tick of approval. There is still much work going on under the covers.

4. I am not aware of any tools for security purposes. There are some out there for style analysis and good Swift patterns, but they are not security specific. This is partly because the language is so new and in so much flux at the moment, especially with Swift 3 coming.

Thanks,

Rod

···

On 10 Aug 2016, at 9:30 PM, Pandey, Sunil Y via swift-users <swift-users@swift.org> wrote:

Hi All,

Can anybody please help me with my queries mentioned below:
1. Do we have secure coding guidelines for SWIFT, please let me know
          where can I find the same
2. When can we expect formal *Swift 3.0 *release
3. Is there any risk If we already have started using Swift 3.0 Dev Preview 1
4. Static analysis tool for Swift to check possible security issues

Best Regards,
Sunil

______________________________________________________________________
This e-mail (and any attachments), is confidential and may be privileged. It may be read, copied and used only by intended recipients. Unauthorized access to this e-mail (or attachments) and disclosure or copying of its contents or any action taken in reliance on it is unlawful. Unintended recipients must notify the sender immediately by e-mail/phone & delete it from their system without making any copies or disclosing it to a third person.
______________________________________________________________________
_______________________________________________
swift-users mailing list
swift-users@swift.org <mailto:swift-users@swift.org>
https://lists.swift.org/mailman/listinfo/swift-users