Advanced Search

Content Type

Topics

Publication Date

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Abstract

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.

Cite This Report

Show Citation Formats

SEI

Dewhurst, Stephen; Dougherty, Chad; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert; Svoboda, David; Taschner, Chris; & Togashi, Kazuya. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

IEEE

Dewhurst. Stephen, Dougherty. Chad, Ito. Yurie, Keaton. David, Saks. Dan, Seacord. Robert, Svoboda. David, Taschner. Chris, and Togashi. Kazuya, "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2008-TR-014, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

APA

Dewhurst, Stephen., Dougherty, Chad., Ito, Yurie., Keaton, David., Saks, Dan., Seacord, Robert., Svoboda, David., Taschner, Chris., & Togashi, Kazuya. (2008). Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Retrieved July 24, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

CHI

Stephen Dewhurst, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, & Kazuya Togashi. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

MLA

Dewhurst, Stephen., Dougherty, Chad., Ito, Yurie., Keaton, David., Saks, Dan., Seacord, Robert., Svoboda, David., Taschner, Chris., & Togashi, Kazuya. 2008. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (Technical Report CMU/SEI-2008-TR-014). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719