CERT-SEI

Secure Coding Products & Services

The CERT Division offers secure coding standards that developers can use, training in secure coding, and source code conformance testing using SCALe.

Secure Coding Training

The CERT Division offers the four-day course Secure Coding in C and C++ that provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

A Secure Coding course is available through Carnegie Mellon's Open Learning Initiative. This course addresses a key need in professional education for software developers. Topics covered include the secure and insecure use of integers, arrays, strings, dynamic memory, formatted input/output functions, and file I/O. Continued development is being funded by partnerships with industry.

A Java Workshop is available on demand from the CERT Division. In this workshop, secure coding experts from the CERT Division work with your technical staff to improve their secure use of Java. Contact the team to request a workshop.

Secure Coding Standards

Secure coding standards are rules and recommendations against which source code can be evaluated for conformance. These coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.

The Secure Coding Initiative coordinates the development of secure coding standards for the programming languages C, C++, Java, and Perl. More than 500 security researchers, language experts, and software developers have used a wiki-based community process to develop the standards.

SCALe

The CERT Division's Source Code Analysis Laboratory (SCALe) offers conformance testing of C language software systems against the CERT C Secure Coding Standard and the CERT Oracle Secure Coding Standard for Java.