This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.
This report is related to the following area(s) of work:
Security and SurvivabilityTechnical Report
CMU/SEI-2008-TR-014
June 2008
SEI:
Dewhurst, Stephen; Dougherty, Chad; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert; Svoboda, David; Taschner, Chris; & Togashi, Kazuya. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Software Engineering Institute, Carnegie Mellon University, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm
IEEE:
S. Dewhurst, C. Dougherty, Y. Ito, D. Keaton, D. Saks, R. Seacord, D. Svoboda, C. Taschner, and K. Togashi, "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2008-TR-014, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm
APA:
Dewhurst, S., Dougherty, C., Ito, Y., Keaton, D., Saks, D., Seacord, R., Svoboda, D., Taschner, C., & Togashi, K. (2008). Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Retrieved May 18, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm
CHI:
Dewhurst, Stephen, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, and Kazuya Togashi. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm
MLA:
Dewhurst, S., Dougherty, C., Ito, Y., Keaton, D., Saks, D., Seacord, R., Svoboda, D., Taschner, C., & Togashi, K. 2008. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (Technical Report CMU/SEI-2008-TR-014). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm
For more information