CERT security experts observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors.
First, CERT experts devised a comprehensive approach to secure software development in the C, C++, and Java programming languages. Secure coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.
The CERT Secure Coding team works with software development organizations to reduce vulnerabilities resulting from coding errors before system deployment. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, and educate software developers.
The CERT Division coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process. More than 500 contributors and reviewers have participated in the CERT Secure Coding Standards wiki.