MAINTENANCE NOTICE:

For a few weeks beginning 23 October 2017, we will be performing occasional maintenance on this CERT Secure Coding wiki.  This is a general notification announcing our maintenance plans.

We are planning the maintenance to minimize the impact to users. There will be several phases of maintenance, and we will provide more detailed information for each phase, such as expected maintenance periods and expected impacts.  During the most significant periods of maintenance, we will provide a read-only version of the wiki, but not allow editing.  That should only affect contributors, and not the vast majority of users of the system.  

When the maintenance is complete, user accounts and histories will be retained for registered users.  But, registered users will need to reset your password through the site’s “forgot password” mechanism.  We will provide more information and instructions before and after that phase of the maintenance.

We expect all maintenance to be complete by early November.  If you have any concerns, please send email to info@sei.cmu.edu, referencing the Secure Coding wiki.

Welcome

This site supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the Android platform. These standards are developed through a broad-based community effort by members of the software development and software security communities.

For more information about this project and to see tips on how to contribute, please see the Development Guidelines.

Downloads

 The SEI CERT C Coding Standard, 2016 Edition
(errata) 

The SEI CERT C++ Coding Standard, 2016 Edition
( errata )

Standards Development Area

The following development areas enable you to learn about and contribute to secure coding standards for commonly used programming languages C, C++, Java, and Perl. Contact us to comment on existing items, submit recommendations, or request privileges to directly edit content on this site.

SEI CERT C Coding Standard

 

 

 

CERT C++ Coding Standard




Android TM   Secure Coding Standard  



SEI CERT Oracle Coding Standard for Java

 

 

 

SEI CERT Perl Coding Standard

 

 

 

 

 

The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

Android is a trademark of Google Inc.

August 2017: The Summer 2017 Edition of the newsletter was published on 21 August 2017. 

April 2017: David Svoboda writes in the SEI Blog about the CERT C++ Secure Coding Guidelines.

March 2017: The SEI CERT C++ Coding Standard (2016 Edition) is released. 

March 2017: The Spring 2017 Edition of the newsletter was published on 27 March 2017. 

March 2017: Mark Sherman writes in the SEI Blog about Experiences Using IBM Watson in Software Assurance.

January 2017: Lori Flynn writes in the SEI Blog about Prioritizing Security Alerts: A DoD Case Study.

January 2017: Will Klieber writes in the SEI Blog about Automated Code Repair in the C Programming Language

November 2016: Will Klieber, Will Snavely, and David Svoboda each present at SecDev 2016.

September 2016: Aaron Ballman writes in the SEI Blog about newly developed rules for Secure Coding in C++11 and C++14 .

September 2016: David Svoboda presents Common Exploits and How to Prevent Them at the Secure Coding Symposium.

August 2016: Watch Bob Schiela and Mark Sherman talk about adopting Secure Coding on the  From Secure Coding to Secure Software webinar, recorded August 17.

August 2016: The Secure Coding in Java certificate program becomes available.

June 2016: The SEI CERT C Coding Standard (2016 Edition) is released.

The Secure Coding eNewsletter provides timely information about CERT secure coding standards.

The Summer 2017 Edition of the newsletter was published on 21 August 2017.

The Top 10 Secure Coding Practices provides some language-independent recommendations.

The CERT Secure Coding Style Sheet provides guidance on writing about the Secure Coding Initiative.

Visit the the Secure Coding section of the CERT website for the latest publications written by the Secure Coding team.

Learn more about CERT Secure Coding Courses and the new Secure Coding Professional Certificate Program.

Contact us if you

  • have questions about the Secure Coding wiki
  • have recommendations for standards in development
  • want to request privileges to participate in standards development