CERT-SEI

Secure Coding

Mission

We identify insecure coding practices and develop secure alternatives that software developers can use to take practical steps to reduce or eliminate vulnerabilities before deployment.

Secure Coding Wiki

Our wiki supports the development of secure coding standards for commonly used programming languages.
Visit securecoding.cert.org

New C Coding Standard Book Published

In his latest book, Robert Seacord provides rules to help programmers ensure that their code complies with the new C11 standard and earlier standards, including C99.
Read more about the book

Podcast Series

Our podcast series on secure coding standards provides a convenient way to learn more about our work.
Listen to our podcasts.

The goal of the Secure Coding Initiative is to reduce the number of vulnerabilities to a level that can be fully mitigated in operational environments. This reduction is accomplished by preventing coding errors or discovering and eliminating security flaws during implementation and testing.

The CERT Division has been extremely successful in the development of secure coding standards, which have been adopted at corporate levels by companies such as Cisco and Oracle, and the development of the Source Code Analysis Laboratory (SCALe), which supports conformance testing of systems against these coding standards. The success of the secure coding standards and SCALe contributed to the impetus for including software assurance requirements in the National Defense Authorization Act (NDAA) for Fiscal Year 2013.

Eliminating vulnerabilities during development can result in a two to three orders-of-magnitude reduction in the total cost of repairing the code versus making the repairs afterwards. To achieve these goals, it is necessary to determine how to develop verifiably secure code within budget and on schedule.

We research secure coding.

We work with the software development and security communities to develop standards for commonly used programming languages.

We participate in international standards development.

We participate in the development of international standards for programming languages to improve the security of these languages.

We provide SCALe conformance testing services.

We assess whether your software conforms to CERT secure coding standards through our Source Code Analysis Laboratory (SCALe).

Engage with Us

Help inform our research. Share what has worked for you, or let us know if you need support from our team.

Contact Us

News & Announcements

Publications & Media

The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure
Systems, Second Edition

In this book, Robert Seacord provides rules to help programmers ensure that their code complies with the new C11 standard and earlier standards, including C99.

Java Coding Guidelines
In this book, Robert Seacord brings together expert guidelines, recommendations, and code examples to help you use Java code to perform mission-critical tasks.

CERT Oracle Secure Coding Standard for Java
In this book, the authors provide the first comprehensive compilation of code-level requirements for building secure systems in JAVA.

Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions
In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.

Source Code Analysis Laboratory (SCALe)
In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.

Secure Coding Initiative
In this 2010 presentation, Robert Seacord provides an overview of the Secure Coding Initiative.

Secure Design Patterns
In this report, the authors describe a set of general solutions to software security problems that can be applied in many different situations.