This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. These standards are being developed through a broad-based community effort including the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.

As this is a development web site, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org. You may also apply for an account to directly edit content on the site. Before using this site, please familiarize yourself with the Terms and Conditions.

CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages.

The rules and recommendations are not globally editable, but anyone is able at add comments, and qualified individuals can be added as editors.

We are depending on the active involvement of the Java community (you) to make this effort a success. CERT invites you to participate in this effort by reviewing content in the Java space and providing comments, or by contributing new rules and recommendations for secure Java coding.

These can be sent to me directly or to secure-coding at cert dot com.

The Top 10 Secure Coding Practices provides some language independent recommendations.

Secure Coding Standards

CERT C Secure Coding Standard

CERT C++ Secure Coding Standard

CERT Java Secure Coding Standard

We would like to acknowledge the contributions of the following folks, and we look forward to seeing your name there as well.