Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

June 2008 • Technical Report

Stephen Dewhurst, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert C. Seacord, David Svoboda, Chris Taschner, Kazuya Togashi (JPCERT/CC)

In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2008-TR-014

DOI (Digital Object Identifier):

10.1184/R1/6573572.v1

Subjects

Abstract

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.

Download PDF

Cite This Report

SEI

Dewhurst, Stephen; Dougherty, Chad; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert; Svoboda, David; Taschner, Chris; & Togashi, Kazuya. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools. CMU/SEI-2008-TR-014. Software Engineering Institute, Carnegie Mellon University. 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

IEEE

Dewhurst. Stephen, Dougherty. Chad, Ito. Yurie, Keaton. David, Saks. Dan, Seacord. Robert, Svoboda. David, Taschner. Chris, and Togashi. Kazuya, "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2008-TR-014, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

APA

Dewhurst, Stephen., Dougherty, Chad., Ito, Yurie., Keaton, David., Saks, Dan., Seacord, Robert., Svoboda, David., Taschner, Chris., & Togashi, Kazuya. (2008). Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Retrieved March 27, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

CHI

Stephen Dewhurst, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, & Kazuya Togashi. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

MLA

Dewhurst, Stephen., Dougherty, Chad., Ito, Yurie., Keaton, David., Saks, Dan., Seacord, Robert., Svoboda, David., Taschner, Chris., & Togashi, Kazuya. 2008. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (Technical Report CMU/SEI-2008-TR-014). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719

BibTex

@techreport{DewhurstEvaluationof2008,
title={Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools},
author={Stephen Dewhurst and Chad Dougherty and Yurie Ito and David Keaton and Dan Saks and Robert Seacord and David Svoboda and Chris Taschner and Kazuya Togashi},
year={2008},
number={CMU/SEI-2008-TR-014},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8719} }

Ask a question about this Technical Report

Software Engineering Institute