An essential element of secure coding in the C programming language is well-documented and enforceable coding standards. Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT C Secure Coding Standard provides rules and recommendations for secure coding in the C programming language. The goal of these rules and recommendations is to eliminate insecure coding practices and undefined behaviors that can lead to exploitable vulnerabilities. The application of the secure coding standard will lead to higher-quality systems that are robust and more resistant to attack.

Scope

Rules Versus Recommendations

Development Process

Usage

System Qualities

Vulnerability Metric

Priority and Levels

Automatically Generated Code

Compliance


[|POS32-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed."/>
<a href="/confluence/display/seccode/POS32-C.+When+data+must+be+accessed+by+multiple+threads%2C+provide+a+mutex+and+guarantee+no+adjacent+data+is+also+accessed.]      CERT C Secure Coding Standard      00. Introduction