search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Technical Report
By
In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2008-TR-014
DOI (Digital Object Identifier)
10.1184/R1/6573572.v1
Subjects

Abstract

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described.

SHARE
Download PDF
Cite This Technical Report

Dewhurst, S., Dougherty, C., Ito, Y., Keaton, D., Saks, D., Seacord, R., Svoboda, D., Taschner, C., & Togashi, K. (2008, June 1). Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools. (Technical Report CMU/SEI-2008-TR-014). Retrieved April 20, 2024, from https://doi.org/10.1184/R1/6573572.v1.

@techreport{dewhurst_2008,
author={Dewhurst, Stephen and Dougherty, Chad and Ito, Yurie and Keaton, David and Saks, Dan and Seacord, Robert and Svoboda, David and Taschner, Chris and Togashi, Kazuya},
title={Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools},
month={Jun},
year={2008},
number={CMU/SEI-2008-TR-014},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6573572.v1},
note={Accessed: 2024-Apr-20}
}

Dewhurst, Stephen, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, and Kazuya Togashi. "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools." (CMU/SEI-2008-TR-014). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, June 1, 2008. https://doi.org/10.1184/R1/6573572.v1.

S. Dewhurst, C. Dougherty, Y. Ito, D. Keaton, D. Saks, R. Seacord, D. Svoboda, C. Taschner, and K. Togashi, "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2008-TR-014, 1-Jun-2008 [Online]. Available: https://doi.org/10.1184/R1/6573572.v1. [Accessed: 20-Apr-2024].

Dewhurst, Stephen, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert Seacord, David Svoboda, Chris Taschner, and Kazuya Togashi. "Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools." (Technical Report CMU/SEI-2008-TR-014). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Jun. 2008. https://doi.org/10.1184/R1/6573572.v1. Accessed 20 Apr. 2024.

Dewhurst, Stephen; Dougherty, Chad; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert; Svoboda, David; Taschner, Chris; & Togashi, Kazuya. Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools. CMU/SEI-2008-TR-014. Software Engineering Institute. 2008. https://doi.org/10.1184/R1/6573572.v1

Ask a question about this Technical Report