Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.

PDF [581 KB]

Authors

Stephen Dewhurst

Chad Dougherty

Yurie Ito

David Keaton

Dan Saks

Robert C. Seacord

David Svoboda

Chris Taschner

Kazuya Togashi (JPCERT/CC)

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2008-TR-014
June 2008

Cite This Report

SEI:

Dewhurst, Stephen; Dougherty, Chad; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert; Svoboda, David; Taschner, Chris; & Togashi, Kazuya. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Software Engineering Institute, Carnegie Mellon University, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm

IEEE:

S. Dewhurst, C. Dougherty, Y. Ito, D. Keaton, D. Saks, R. Seacord, D. Svoboda, C. Taschner, and K. Togashi, "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2008-TR-014, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm

APA:

Dewhurst, S., Dougherty, C., Ito, Y., Keaton, D., Saks, D., Seacord, R., Svoboda, D., Taschner, C., & Togashi, K. (2008). Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Retrieved May 18, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm

CHI:

Dewhurst, Stephen, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, and Kazuya Togashi. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (CMU/SEI-2008-TR-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm

MLA:

Dewhurst, S., Dougherty, C., Ito, Y., Keaton, D., Saks, D., Seacord, R., Svoboda, D., Taschner, C., & Togashi, K. 2008. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools (Technical Report CMU/SEI-2008-TR-014). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/08tr014.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.