CERT C C C Perl C
Skip to end of metadata
Go to start of metadata

 

 

Welcome to the Secure Coding Web Site

Icon

This website exists to support the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl. These standards are being developed through a broad-based community effort, including by the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.

Although we remain focused on security, we have begun to rename some of our publications to indicate that many of our coding standards go beyond security to address other quality attributes as well. This broader scope is reflected in the title of our must recent book, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, and the upcoming revision to the CERT C Secure Coding Standard, which is tentatively titled The CERT C Coding Standard: 92 Rules for Developing Safe, Reliable, and Secure Systems, the tentative part being the number of rules. We hope you appreciate this direction as we expand our scope to address the broader range of issues our customers care about.

Because this is a development website, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org. You may also request privileges to directly edit content on the site. If you decide to link to our guidelines, use the Tiny Link under Tools→Link to this Page..., as this URL will not change if the name of the guideline changes.

News



Secure Coding eNewsletter

Starting in July 2013, the Secure Coding Initiative at CERT began publishing a monthly eNewsletter to provide you with timely information concerning updates to the CERT secure coding standards and to make you aware of other interesting news and events related to secure coding. Archived eNewsletters can be found here.

 

Subscribe to Our eNewsletter 

 

The CERT C Secure Coding Standard

Version 1.0 of The CERT C Secure Coding Standard is now available as a book from Addison-Wesley. This official release can be used as a fixed point of reference for the development of compliant applications and source code analysis tools.

Development of the next version of the CERT C Coding Standard is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.

There is also a Japanese edition of the CERT C Secure Coding Standard, thanks to our partner JPCERT/CC.

The CERT C++ Secure Coding Standard

The CERT C++ Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.

The CERT Oracle Secure Coding Standard for Java

Version 1.0 of The CERT Oracle Secure Coding Standard for Java is now available as a book from Addison-Wesley.

Development of the next version of the The CERT Oracle Coding Standard for Java is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.

Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.

There is also a Japanese edition of the CERT Oracle Secure Coding Standard for Java, thanks to our partner JPCERT/CC.

The CERT Perl Secure Coding Standard

The CERT Perl Secure Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.

Presentations on Secure Coding in C and C++ from the Software Development Best Practices 2008 Conference are available on the Secure Coding Initiative page.

The Top 10 Secure Coding Practices provides some language-independent recommendations.

The CERT Secure Coding Style Sheet provides guidance on writing about the Secure Coding Initiative.

We would like to acknowledge the contributions of the following folks, and we look forward to seeing your name here as well.

 

  • No labels

4 Comments

  1. Are there any guidlines that outside organizations should use to cite the CERT C++ Sercure Coding Standards when used in their internal documents or procedures?

    1. Erik,

      Thanks for asking. References to any of the secure coding standards should include the following, at a minimum:

       

      Title of standard (e.g., “CERT C++ Secure Coding Standard”)

      ID and title of recommendation or rule (e.g., “PRE00-CPP. Avoid defining macros”)

      Copyright 2014 Carnegie Mellon University

       

      Note the copyright information as well. Thanks!

  2.  

    I am teaching an Introductory Course on Python and would like to help start up a Python Secure Coding Standard?

    1. We actually have a very sparsely populated Python private space set up.  I'll add you as an editor tomorrow, unless I forget in which case you should remind me.  8-)