Account disable announcement
As of Friday, September 8, 2023, the SEI Secure Coding Wiki no longer provides the ability to sign up for new user accounts. In addition, all accounts that have not made contributions (e.g., comments, edits) to a space or page content will be disabled (accounts that have had recent activity will not be disabled).
If you have a specific need to keep your account active, or you feel your account has been disabled in error, please submit a message.
Access to view pages will remain for the public users without an account.
Active Account Requirements
- Actively contributing content to the wiki (e.g. page edits, comments)
- Demonstrated on-going need to access information contained within the external wiki
The C++ rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
The CERT C++ Coding Standard does not currently expose any recommendations; all C++ recommendations have been removed (moved to The Void section) due to quality concerns pending further review and development.
If you wish to be more involved and directly edit content on the site, you still need to request an account and edit privileges.
Front Matter
Rules
Back Matter
Secure C++ Coding Books and Downloads
The CERT C++ Coding Standard, 2016 Edition provides rules to help programmers ensure that their C++ code reduces security flaws by following secure coding best practices. It is downloadable as a PDF. (errata)
The CERT C++ Coding Standard references and relies on the CERT C Coding Standard. The CERT C Coding Standard, 2016 Edition provides rules to help programmers ensure that their code complies with the new C11 standard and earlier standards, including C99. It is downloadable as a PDF. (errata)
Secure Coding in C and C++ identifies the root causes of today's most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
Contact Us
Contact us if you
- have questions about this wiki
- have recommendations for standards in development
- want to request privileges to participate in standards development
Thank You!
We acknowledge the contributions of the following folks, and we look forward to seeing your name here as well.
Rules vs. Recomendations
This coding standard consists of rules and recommendations, collectively referred to as guidelines. Rules are meant to provide normative requirements for code, whereas recommendations are meant to provide guidance that, when followed, should improve the safety, reliability, and security of software systems. Learn more about the differences.
Linking to Our Pages
Link to guidelines using the Tiny Link under Tools→Link to this Page... (This URL will not change if the name of the guideline changes.)
Information for Editors
- To eliminate a section from the lists above, label it section and void.
- To have a section listed as a recommendation, label it section and recommendation.
- To have a section listed as a rule, label it section and rule.