search menu icon-carat-right cmu-wordmark

Better Software Through Secure Coding Practices

Security flaws and vulnerabilities are all too common in software today. In response, we research and develop solutions for identifying and preventing security flaws during development, where it is much more cost effective than in the test phase or post-deployment.

Defect Removal Is a Major Challenge

Many research studies have shown that the cost to remove defects, including security flaws, can be hundreds of times higher after deployment. Moreover, adding security through testing is a never-ending task. Other research has shown that a majority of vulnerabilities are related to programming errors that are fairly well understood.

Research, Coding Standards, and Best Practices

To enable software developers to reduce vulnerabilities by eliminating coding errors, we investigate how errors occur and how to prevent them, codify best practices and coding standards for security, and contribute that knowledge to the programming community. We disseminate information on these practices through courses, standards, webinars, blogs, conferences, reports, newsletters, and our Secure Coding wiki.

Community Guidance to Prevent Common Coding Errors

As a result of our work in developing secure coding practices and participation in creating international standards, we have released standards for C, C++, and Java, with standards for Perl and Android in development but available. The team has also begun efforts to create secure coding standards for additional languages: Ada, C#, Fortran, Python, JavaScript, and SPARK.

Our secure coding standards consist of actionable guidelines (rules and recommendations), which provide information about the types of security flaws that can be injected through development with specific programming languages. Each guideline offers a wealth of precise information describing the cause and impact of violations, including examples of common noncompliant (flawed) and compliant (fixed) code. Each guideline also includes a risk assessment for violations to it. You can access and download the standards for secure coding on the Secure Coding wiki.

Our secure coding standards are developed by studying the standards that define the programming languages themselves and how they are interpreted and compiled for runtime platforms. They also reflect our experience with audits of millions of lines of source code and countless contributions from the community. We have also contributed to international committees to improve the security of the programming languages and tools that are used to build systems with those languages.

In addition to developing standards and guidelines, we offer training to help developers, auditors, and testers improve their secure coding skills based on standards and identified best practices. The training is available with a live instructor or as an online course. We also made evaluating software for violations of specific secure coding rules more practical and accessible by developing static analysis checkers for rules in Clang (and Clang-Tidy) and our Rosecheckers tool. We’ve also advanced and developed other useful secure coding tools.

Source Code Analysis Laboratory

Our research, as well as research from others, has shown that different static analysis tools (tools designed to analyze source code to help find security flaws) are optimized to find different types of weaknesses. Therefore, it is almost always best to evaluate source code with multiple static analysis tools. However, doing so creates the complication of evaluating the results from multiple tools in an integrated way. Additionally, static analysis tools often have high false-positive rates (the alerts do not identify an actual problem) and often indicate stylistic issues rather than security issues.

Through our experience of performing audits with multiple static analysis tools, we improved our effectiveness and efficiency by developing the Source Code Analysis Laboratory (SCALe). The SCALe process audits code to identify security flaws as indicated by violations of the CERT secure coding standards.

The SCALe tools aggregate output from commercial, open source, and experimental analysis tools and provide the results in a single interface. They also filter out alerts that are not security related and map the security alerts from those tools to specific guidelines of the secure coding standards. This alert processing enables developers to quickly learn more about the security issue the alert is diagnosing, how to fix it, and how best to prioritize the alerts.

We can perform a SCALe assessment as a service to third parties, and we can help organizations adopt aspects of SCALe to help them improve their secure coding development and evaluation processes.

Looking Ahead

Our current and future research is aimed toward improving the efficiency of identifying and removing vulnerabilities through the advancement of tool automation, using machine learning to improve the accuracy of static analysis tools, and developing tools that identify certain classes of flaws and automatically correct them.

Learn More

Secure Coding Newsletter Collection

Secure Coding Newsletter Collection

December 20, 2017 Collection

The CERT Secure Coding Team describes plans to inform the community about CERT secure coding efforts and related standards.

view
Secure Coding Tools and Advancements Publications

Secure Coding Tools and Advancements Publications

November 06, 2017 Collection

The documents in this collection describe tools useful to secure coding developed or advanced by the SEI.

view
Four Secure Coding Publications

Four Secure Coding Publications

October 24, 2017 Collection

Presents research and recommended practices for secure coding, preventing common exploits, and prioritizing security alerts.

view
SEI CERT C and C++ Coding Standards

SEI CERT C and C++ Coding Standards

March 14, 2017 Collection

The CERT Secure Coding Team describes the root causes of common software vulnerabilities, how they can be exploited, the potential consequences, and secure alternatives.

view
Performance of Compiler-Assisted Memory Safety Checking

Performance of Compiler-Assisted Memory Safety Checking

August 25, 2014 Blog Post
David Keaton

According to a 2013 report examining 25 years of vulnerabilities (from 1998 to 2012), buffer overflow causes 14 percent of software security vulnerabilities and 35 percent of critical vulnerabilities, making it the leading cause of software security vulnerabilities overall. As...

read