Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Podcast

Raising the Bar - Mainstreaming CERT C Secure Coding Rules

  • January 2014
  • By Presenter Robert C. Seacord, Julia H. Allen
  • In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.
  • Secure Coding
  • Publisher: CERT
  • Listen

    Loading Podcast.....
  • Related

    Secure Coding in C and C++

  • Abstract

    An essential element of secure coding in the C programming language is a set of well-documented and enforceable coding rules. The rules specified in this Technical Specification apply to analyzers, including static analysis tools, and C language compiler vendors that wish to diagnose insecure code beyond the requirements of the language standard. All rules are meant to be enforceable by static analysis. The application of static analysis to security has been done in an ad hoc manner by different vendors, resulting in nonuniform coverage of significant security issues. This specification enumerates secure coding rules and requires analysis engines to diagnose violations of these rules as a matter of conformance to this specification.

    In this podcast, Robert Seacord, the leader of CERT's Secure Coding Initiative, discusses the 7-year journey resulting in the selection of 46 coding rules, derived from the CERT C Secure Coding Standard, for this new technical specification.
     

  • Transcript

About the Speaker

  • Robert C. Seacord

    Robert C. Seacord

  • Julia H. Allen

    Julia H. Allen