|
|
|
Welcome to the Secure Coding Web Site
This website exists to support the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl. These standards are being developed through a broad-based community effort, including by the CERT Secure Coding Initiative and members of the software development and software security communities. For a further explanation of this project and tips on how to contribute, please see the Development Guidelines.
Although we remain focused on security, we have begun to rename some of our publications to indicate that many of our coding standards go beyond security to address other quality attributes as well. This broader scope is reflected in the title of our must recent book, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, and the upcoming revision to the CERT C Secure Coding Standard, which is tentatively titled The CERT C Coding Standard: 92 Rules for Developing Safe, Reliable, and Secure Systems, the tentative part being the number of rules. We hope you appreciate this direction as we expand our scope to address the broader range of issues our customers care about.
Because this is a development website, many of the pages are incomplete or contain errors. If you are interested in furthering this effort, you may comment on existing items or send recommendations to secure-coding at cert dot org. You may also request privileges to directly edit content on the site. If you decide to link to our guidelines, use the Tiny Link under Tools→Link to this Page..., as this URL will not change if the name of the guideline changes.
News
 | Newly released: Published April 14, 2014 by Addison-Wesley Professional. |
|---|
| Recently released: Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs By Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda Published September 9, 2013, by Addison-Wesley Professional. |
|---|
| Recently released: Secure Coding in C and C++, 2nd Edition Published Apr 2, 2013 by Addison-Wesley Professional. |
|---|
Secure Coding eNewsletter
Starting in July 2013, the Secure Coding Initiative at CERT began publishing a monthly eNewsletter to provide you with timely information concerning updates to the CERT secure coding standards and to make you aware of other interesting news and events related to secure coding. Archived eNewsletters can be found here.
The CERT C Secure Coding Standard
Version 1.0 of The CERT C Secure Coding Standard is now available as a book from Addison-Wesley. This official release can be used as a fixed point of reference for the development of compliant applications and source code analysis tools.
Development of the next version of the CERT C Coding Standard is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.
There is also a Japanese edition of the CERT C Secure Coding Standard, thanks to our partner JPCERT/CC.
The CERT C++ Secure Coding Standard
The CERT C++ Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.
The CERT Oracle Secure Coding Standard for Java
Version 1.0 of The CERT Oracle Secure Coding Standard for Java is now available as a book from Addison-Wesley.
Development of the next version of the The CERT Oracle Coding Standard for Java is being performed here on the secure coding wiki. This version is a work in progress and reflects the current thinking of the secure coding community. Subsequent official releases of this standard will be issued as dictated by the needs and interests of the secure software development community.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
There is also a Japanese edition of the CERT Oracle Secure Coding Standard for Java, thanks to our partner JPCERT/CC.
The CERT Perl Secure Coding Standard
The CERT Perl Secure Coding Standard is under development. Please create a sign-in account, review, comment, or contribute new guidelines to this standard.
Presentations on Secure Coding in C and C++ from the Software Development Best Practices 2008 Conference are available on the Secure Coding Initiative page.
The Top 10 Secure Coding Practices provides some language-independent recommendations.
The CERT Secure Coding Style Sheet provides guidance on writing about the Secure Coding Initiative.
We would like to acknowledge the contributions of the following folks, and we look forward to seeing your name here as well.
4 Comments
Erik Sanders
Are there any guidlines that outside organizations should use to cite the CERT C++ Sercure Coding Standards when used in their internal documents or procedures?
Paul Ruggiero
Erik,
Thanks for asking. References to any of the secure coding standards should include the following, at a minimum:
Title of standard (e.g., “CERT C++ Secure Coding Standard”)
ID and title of recommendation or rule (e.g., “PRE00-CPP. Avoid defining macros”)
Copyright 2014 Carnegie Mellon University
Note the copyright information as well. Thanks!
Dennis Dworkowski
I am teaching an Introductory Course on Python and would like to help start up a Python Secure Coding Standard?
Robert Seacord
We actually have a very sparsely populated Python private space set up. I'll add you as an editor tomorrow, unless I forget in which case you should remind me. 8-)