The C rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
Create a sign-in account if you want to comment on existing content. If you wish to be more involved and directly edit content on the site, you still need an account, but you'll also need to request edit privileges.
As of 9/28/2018, the CERT manifest files are now available for use by static analysis tool developers to test their coverage of (some of the) CERT Secure Coding Rules for C, using many of 61,387 test cases in the Juliet test suite v1.2.
|The CERT C Coding Standard, 2016 Edition provides rules to help programmers ensure that their code complies with the new C11 standard and earlier standards, including C99. It is downloadable as a PDF. (errata)|
Secure Coding in C and C++ identifies the root causes of today's most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
|SCALe offers conformance testing of C language software systems against the CERT C Secure Coding Standard.|
Contact us if you
We acknowledge the contributions of the following folks , and we look forward to seeing your name here as well.