CERT-SEI

Secure Coding Standards

Why the work began

CERT security experts observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors.

Where we started

First, CERT experts devised a comprehensive approach to secure software development in the C, C++, and Java programming languages. Secure coding standards provide a metric for evaluating and contrasting software security, safety, reliability, and related properties.

What the R&D sponsor received

The CERT Secure Coding team works with software development organizations to reduce vulnerabilities resulting from coding errors before system deployment. We identify common programming errors that lead to software vulnerabilities, establish standard secure coding standards, and educate software developers.

How it helps organizations now

The CERT Division coordinates the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process. More than 500 contributors and reviewers have participated in the CERT Secure Coding Standards wiki.