Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

MITRE, CWE, and CERT Secure Coding Standards

  • February 2010
  • By Robert C. Seacord, Robert A. Martin
  • In this paper, the authors summarize the Common Weakness Enumeration (CWE) and CERT Secure Coding Standards and the relationship between the two.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Abstract

    Common Weakness Enumeration

    The Common Weakness Enumeration (CWE) is a unified, measurable set of software weaknesses that enables the effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems. The CWE also enables better understanding and management of software weaknesses related to architecture and design. It enumerates design and architectural weaknesses, as well as low-level coding and design errors.

    CERT Secure Coding Standards


    CERT is developing secure coding standards for commonly used programming languages such as C, C++, and Java through a broad-based community effort that includes members of the software development and software security communities. Well-documented and enforceable coding standards are essential to secure software development. Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes) to determine compliance with the standard.

    CERT secure coding standards include guidelines for avoiding coding and implementation errors, as well as low-level design errors.

  • Download