International Standards Development
CERT participates in the development of international standards for programming languages to improve the safety and security of these languages. CERT is a voting member of PL2.16 C++, INCITS PL22 Programming Languages, and PL22.11 Programming Language C and sends technical experts to ISO/IEC working group meetings for C, C++, and programming language vulnerabilities. Working with technical experts in these international standards bodies has led to the following advancements:
- publication of TR 24731-1 and TR 24732-2, followed by their inclusion into a conditionally normative annex for C1X
- security improvements to C standard library functions
- deprecation of the
gets() function in C99 and its removal from C1X
- inclusion of the Analyzability Annex into the conditionally normative annex for C1X
- successful balloting of PDTR 24772.2, Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use
- formation of the C Secure Coding Guidelines Study Group within WG14 to study the problem of producing analyzable secure coding guidelines for C99 and C1X
The CERT Program’s participation in international standards bodies improves the quality of the secure coding standards and processes and provides a channel for their adoption and publication as international standards. |
|
