The development of a secure coding standard for any programming language is a difficult undertaking that requires significant community involvement. The following development process has been used to create this standard:
- Rules and recommendations for a coding standard are solicited from the communities involved in the development and application of each programming language, including the formal or de facto standards bodies responsible for the documented standard.
- These rules and recommendations are edited by members of the CERT technical staff for content and style and placed on the CERT Secure Coding Standards website for comment and review.
- The user community may then comment on the publicly posted content using threaded discussions and other communication tools. Once a consensus develops that the rule or recommendation is appropriate and correct, the final rule is incorporated into an officially released version of the secure coding standard.
Drafts of the CERT C Secure Coding Standard have been reviewed by the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language and by other industry groups as appropriate.
00. Introduction 