Secure Coding Initiative

Secure Coding Standards

Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Developers and software designers can apply these coding standards during software development to create secure systems.

The use of secure coding standards defines a set of rules and recommendations against which the source code can be evaluated for conformance. Secure coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.

Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. CERT Program staff has observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.

Resources:

• https://www.securecoding.cert.org/confluence/display/seccode/CERT+Coding+Standards
• http://www.cert.org/secure-coding/
• http://www.cert.org/secure-coding/scstandards.html