Welcome to the Secure Coding Web Site
This web site exists to support the development of secure coding standards for commonly used programming languages such as C, C++, and Java. These standards are being developed through a broad-based community effort including the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.
As this is a development web site, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org. You may also request privileges to directly edit content on the site.
The CERT Oracle Secure Coding Standard for Java
CERT and Oracle are developing The CERT Oracle Secure Coding Standard for Java.
The rules and recommendations are not globally editable, but anyone is able to add comments, and qualified individuals can be added as editors.
We are depending on the active involvement of the Java community (you) to make this effort a success. We invite you to participate in this effort by reviewing content in the Java space and providing comments, or by contributing new rules and recommendations for secure Java coding. These can be included as comments or emailed to secure-coding at cert dot org.
Java is a trademark or registered trademark of Oracle Corporation, in the US and other countries.
Java Concurrency Guidelines TR Released
CERT has released the Java Concurrency Guidelines technical report that documents the portion of the CERT Oracle Secure Coding Standard for Java that are related to concurrency.
The CERT C Secure Coding Standard
Version 1.0 of The CERT C Secure Coding Standard is now available as a book from Addison-Wesley. This official release can be used as a fixed point of reference for the development of compliant applications and source code analysis tools.
Development of the next version of the CERT C Secure Coding Standard is being performed here on the secure coding wiki. This version is a work-in-progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.
There is also a Japanese Edition of the CERT C Secure Coding Standard thanks to our partner JPCERT/CC.
The CERT C++ Secure Coding Standard
The CERT C++ Secure Coding Standard is under development. Please create a sign in account, review, comment, or contribute new guidelines to this standard.
Presentations on Secure Coding in C and C++ from the Software Development Best Practices 2008 Conference are available on the Secure Coding Initiative page.
The Top 10 Secure Coding Practices provides some language independent recommendations.
We would like to acknowledge the contributions of the following folks, and we look forward to seeing your name there as well.