This site supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the Android™ platform. These standards are developed through a broad-based community effort by members of the software development and software security communities.
For more information about this project and to see tips on how to contribute, please see the Development Guidelines.
The following development areas enable you to learn about and contribute to secure coding standards for commonly used programming languages C, C++, Java, and Perl. Contact us to comment on existing items, submit recommendations, or request privileges to directly edit content on this site.
The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Android is a trademark of Google Inc.
We are hiring! View our Open Positions in the SEI CERT Secure Coding Team.
December 2018: Lori Flynn and Ebonie McNeil authored the SEI Blog post "SCALe v. 3: Automated Classification and Advanced Prioritization of Static Analysis Alerts".
November 2018: Lori Flynn presented a webinar "Improve Your Static Analysis Audits Using CERT SCALe's New Features".
October 2018: At the CMU SEI 2018 Research Review, Lori Flynn presented "Rapid Construction of Accurate Automatic Alert Handling", Will Klieber presented "Automated Code Repair to Ensure Memory Safety", and Robert Schiela presented "Predicting Security Flaws through Architectural Flaws".
October 2018: Will Klieber presented "Detecting Leaks of Sensitive Data due to Stale Reads" at IEEE SecDev 2018.
September 2018: The CERT manifest files are now available for use by static analysis tool developers to test their coverage of (some of the) CERT Secure Coding Rules for C, using many of 61,387 test cases in the Juliet test suite v1.2.
September 2018: The Summer 2018 Edition of the Secure Coding newsletter was published on 4 September 2018.
August 2018: SCALe has been released open-source as a new project on GitHub. This is the first time that SCALe has been released to the public. This initial release is SCALe 188.8.131.52.
The Secure Coding eNewsletter provides timely information about CERT secure coding standards.
The Summer 2018 Edition of the Secure Coding newsletter was published on 4 September 2018.
The Top 10 Secure Coding Practices provides some language-independent recommendations.
Visit the Secure Coding section of the SEI's Digital Library for the latest publications written by the Secure Coding team.
Learn more about CERT Secure Coding Courses and the Secure Coding Professional Certificate Program.
Contact us if you