The CERT C Secure Coding Standard

book cover: The CERT C Secure Coding StandardSoftware security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced  programmers believe.

This book is an essential desktop reference documenting the first official release of The CERT C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer  overflow, and other common software vulnerabilities.

Author: Robert C. Seacord

 Related Training, Products, and Tools

Secure Coding in C and C++ Training Course
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Source Code Analysis Laboratory (SCALe)
SCALe consists of commercial, open source, and experimental analysis that is used to analyze various code bases, including those from the DoD, energy delivery systems, medical devices, and more. SCALe provides value to the customer, but it also aids research into the effectiveness of coding rules and analysis.

Rosecheckers Tool
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.

Integer Security Tool
The CERT Division's Secure Coding researchers are working on a number of solutions for addressing the issue of integer security, including our prototype tool and a secure integer library.

Explore the Book

Visit the Informit website to explore extras, review sample content, or order Secure Coding in C and C++, Second Edition.

Explore and Order

This book provides a meticulous treatment of the most common problems faced by software developers and provides practical solutions.

—Richard Pethia, Director, CERT Division