Skip to end of metadata
Go to start of metadata

The rules in this standard are intended to improve the security of software by improving the knowledge, practices, and tools that software developers use.

This standard can be used to develop tailored coding standards for projects and organizations, enabling a consistent view to software development security.  It may be extended with organization-specific rules. However, the rules in this standard must be obeyed to claim conformance with the standard.

This standard can also be used for conformance testing and tool selection and validation.  Once a coding standard has been established, tools and processes can be developed or modified to determine conformance with the standard.

This standard can also be used to develop training and educate software professionals regarding the appropriate application of coding standards. The Software Engineering Institute (SEI) offers several Secure Coding courses and certificates, available as live training and online training. The material from this standard and supplemental training and evaluation materials can be used to

  1. identify job candidates with specific programming skills
  2. demonstrate the presence of a well-trained software workforce
  3. provide guidance to educational and training institutions