CERT Secure Coding

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 122 Next »

 

 

Welcome to the Secure Coding Web Site

This website exists to support the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl. These standards are being developed through a broad-based community effort, including by the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.

Although we remain focused on security, we have begun to rename some of our publications to indicate that many of our coding standards go beyond security to address other quality attributes as well. This broader scope is reflected in the title of our must recent book, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, and the upcoming revision to the CERT C Secure Coding Standard, which is tentatively titled The CERT C Coding Standard: 92 Rules for Developing Safe, Reliable, and Secure Systems, the tentative part being the number of rules. We hope you appreciate this direction as we expand our scope to address the broader range of issues our customers care about.

Because this is a development website, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org. You may also request privileges to directly edit content on the site. If you decide to link to our guidelines, use the Tiny Link under Tools→Link to this Page..., as this URL will not change if the name of the guideline changes.

News


Newly released:

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

By Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda

Published September 9, 2013, by Addison-Wesley Professional.
Part of the SEI Series in Software Engineering.


Recently released:

Secure Coding in C and C++, 2nd Edition

By Robert C. Seacord

Published Apr 2, 2013 by Addison-Wesley Professional.
Part of the SEI Series in Software Engineering series.

Secure Coding eNewsletter

Starting in July 2013, the Secure Coding Initiative at CERT began publishing a monthly eNewsletter to provide you with timely information concerning updates to the CERT secure coding standards and to make you aware of other interesting news and events related to secure coding. 

Subscribe to Our eNewsletter

Previous newsletters can be found here:

The CERT C Secure Coding Standard

Version 1.0 of The CERT C Secure Coding Standard is now available as a book from Addison-Wesley. This official release can be used as a fixed point of reference for the development of compliant applications and source code analysis tools.

Development of the next version of the CERT C Coding Standard is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.

There is also a Japanese edition of the CERT C Secure Coding Standard, thanks to our partner JPCERT/CC.

The CERT C++ Secure Coding Standard

The CERT C++ Secure Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.

The CERT Oracle Secure Coding Standard for Java

Version 1.0 of The CERT Oracle Secure Coding Standard for Java is now available as a book from Addison-Wesley.

Development of the next version of the The CERT Oracle Secure Coding Standard for Java is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.

Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.

There is also a Japanese edition of the CERT Oracle Secure Coding Standard for Java, thanks to our partner JPCERT/CC.

The CERT Perl Secure Coding Standard

The CERT Perl Secure Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.

Presentations on Secure Coding in C and C++ from the Software Development Best Practices 2008 Conference are available on the Secure Coding Initiative page.

The Top 10 Secure Coding Practices provides some language-independent recommendations.

The CERT Secure Coding Style Sheet provides guidance on writing about the Secure Coding Initiative.

We would like to acknowledge the contributions of the following folks, and we look forward to seeing your name here as well.

 

  • No labels