Secure Coding Standards
Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Developers and software designers can apply these coding standards during software development to create secure systems.
The use of secure coding standards defines a set of rules and recommendations against which the source code can be evaluated for conformance. Secure coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.
The CERT Program coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process. More than 500 contributors and reviewers have participated in the development of secure coding standards on the CERT Secure Coding Standards wiki.
In addition to being used by software developers, these secure coding guidelines enable the CERT SCALe to evaluate conformance.
The CERT Program has completed two secure coding standards, which are available as books from Addison-Wesley:
We are currently developing three additional standards:
To learn how these secure coding standards can help DoD acquisition programs address software security, read the technical note Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions.