Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions

The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program's lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks.

This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT® C Secure Coding Standard.

PDF [602 KB]

Authors

Timothy Morrow

Robert C. Seacord

John K. Bergey

Philip Miller

This report is related to the following area(s) of work:

Security and Survivability

Technical Note
CMU/SEI-2012-TN-016
July 2012

Cite This Report

SEI:

Morrow, Timothy; Seacord, Robert; Bergey, John; & Miller, Philip. Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn016.cfm

IEEE:

T. Morrow, R. Seacord, J. Bergey, and P. Miller, "Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2012-TN-016, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn016.cfm

APA:

Morrow, T., Seacord, R., Bergey, J., & Miller, P. (2012). Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Retrieved June 19, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/12tn016.cfm

CHI:

Morrow, Timothy, Robert Seacord, John Bergey, and Philip Miller. Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://www.sei.cmu.edu/library/abstracts/reports/12tn016.cfm

MLA:

Morrow, T., Seacord, R., Bergey, J., & Miller, P. 2012. Supporting the Use of CERT® Secure Coding Standards in DoD Acquisitions (Technical Report CMU/SEI-2012-TN-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/12tn016.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.