Secure Coding Products & Services

The CERT Division offers training in secure coding and source code conformance testing using SCALe.

Secure Coding Training

The following courses are related to our work in secure coding:

  • Secure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.
  • Secure Coding in Java is a four-day course that provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure Java programs regardless of the specific application.

Consulting Service for Optimizing Your Code Analysis Framework

Our CERT Secure Coding experts provide advice on how to optimize your system for analyzing code by strategically using multiple analyzer tools to discover more code flaws and by optimizing costly work with diagnostics by analysts. Contact us to request this service.

SCALe

The CERT Division's Source Code Analysis Laboratory (SCALe) offers conformance testing of C and Java language software systems against the CERT C Secure Coding Standard and the CERT Oracle Secure Coding Standard for Java.

Get Involved

You can contribute to the CERT Secure Coding Standards wiki to help develop standards that work in the real world.

Talk to Our Assessment Experts

Our SCALe conformance experts can assess how well your organization's security-related practices compare to our secure coding best practices.