Secure Coding Standards

Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Developers and software designers can apply these coding standards during software development to create secure systems.

The use of secure coding standards defines a set of rules and recommendations against which the source code can be evaluated for conformance. Secure coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.

CERT coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process. More than 500 contributors and reviewers have participated in the development of secure coding standards on the CERT Secure Coding Standards wiki.

In addition to being used by software developers, these secure coding guidelines enable the CERT SCALe to evaluate conformance.

CERT has completed one secure coding standard and is currently developing three additional ones:
• The CERT C Secure Coding Standard, Version 2.0
• The CERT C++ Secure Coding Standard
• The CERT Oracle Secure Coding Standard for Java

Version 1.0 of the CERT C Secure Coding Standard is available as a book from Addison-Wesley. This is the official version of the C language standards against which conformance testing is performed.