Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions

  • Abstract

    The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program’s lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks. This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT® C Secure Coding Standard.

  • Download

Cite This Report

SEI

Morrow, Timothy; Seacord, Robert; Bergey, John; & Miller, Philip. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Software Engineering Institute, Carnegie Mellon University, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

IEEE

Morrow. Timothy, Seacord. Robert, Bergey. John, and Miller. Philip, "Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2012-TN-016, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

APA

Morrow, Timothy., Seacord, Robert., Bergey, John., & Miller, Philip. (2012). Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Retrieved December 22, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

CHI

Timothy Morrow, Robert Seacord, John Bergey, & Philip Miller. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

MLA

Morrow, Timothy., Seacord, Robert., Bergey, John., & Miller, Philip. 2012. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (Technical Report CMU/SEI-2012-TN-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033