Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.

View Complete Report

PDF [581 KB]

Authors

Stephen Dewhurst

Chad Dougherty

Yurie Ito

David Keaton

Dan Saks

Robert C. Seacord

David Svoboda

Chris Taschner

Kazuya Togashi (JPCERT/CC)

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2008-TR-014
June 2008

Related Links

Initiative Advocates Building Security In from the Start
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations
See more library items

CERT Tactical Response and Analysis Challenge Tests Cybersecurity Skills
Testimony to the U.S. Senate Homeland Security and Governmental Affairs Committee
See more related news

Secure Coding in C and C++
Information Security for Technical Staff
See more related courses

Dec 3	SEI Webinar Series: How Unstated Customer Needs May Drive Innovation
Mar 22 - 25	SEPG North America 2010
See more related events.

For more information

info@sei.cmu.edu

412-268-5800

Library

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Related Links

For more information