This standard was made possible through a broad community effort. We thank all those who contributed and provided reviews in this wikithat helped to make the standards a success. If you are interested in contributing to the rules, create an account on the wiki and then request contributor privileges by sending email to info@sei.cmu.edu.
Contributors to the 2016 Edition of the Standard
Eric Azebu, Aaron Ballman, Jill Britton, Vaclav Bubnik, G. Ann Campbell, Geoff Clare, Lori Flynn, Amy Gale, Arthur Hicken, David Keaton, Will Klieber, Masaki Kubo, Carol Lallier, Fred Long, Daniel Marjamäki, Robert Seacord, Martin Sebor, Sandy Shrum, Will Snavely, David Svoboda, Yozo Toda, Barbara White, and Liz Whiting
Contributors and Reviewers of Previous Editions of the Standard
Thanks to everyone who contributed to making this effort a success.
Major Contributors
 | Aaron Ballman is a Software Security Engineer at CERT. He is an active developer on the clang open source C/C++/Objective-C compiler, focusing primarily on frontend development. Aaron has over a decade of experience writing commercial compilers for various programming languages, as well as developing cross-platform C and C++ frameworks. He is the author of Ramblings on REALbasic (2009). He is currently a voting member of ISO/IEC JTC1/SC22/WG21, the C++ standards committee. |
|---|
 | John Benito is an independent consultant providing software development, project management, and software testing. He was previously the Convener of ISO/IEC JTC 1/SC 22/WG 14, the ISO group responsible for Standard C, the initial Convener of ISO/IEC JTC 1/SC 22 WG 23 (was OWG Vulnerabilities), the project editor for the Technical Report 24772, and a member of the INCITS PL22.11 (ANSI C) technical committee. John previously was a member of INCITS PL22.16 (ANSI C++) and the ISO Java Study group. He has been in software development, project management, and testing for over 38 years. John has been participating in International Standard development for the past 24 years and is the recipient of the INCITS Exceptional International Leadership Award. |
|---|
 | David Keaton is the Convener of the international standards committee for the programming language C, ISO/IEC JTC 1/SC 22/WG 14. He has been a voting member of the committee since 1990. David has written compilers for everything from embedded systems to supercomputers. He has two patents related to compiler-assisted security mechanisms. |
|---|
 | Dan Plakosh was the lead software engineer for the Systems Engineering Department at the Naval Surface Warfare Center (NSWCDD) before joining the SEI. Dan has over 15 years of software development experience in defense, research, and industry. Dan's principal areas of expertise include real-time distributed systems, network communications and protocols, systems engineering, real-time 2D and 3D graphics, and UNIX OS internals. Much of Dan's recent experience has been redesigning legacy-distributed systems to use the latest distributed communication technologies. |
|---|
 | Robert C. Seacord was the technical manager of the Secure Coding Initiative in the CERT® Division of the Software Engineering Institute (SEI) in Pittsburgh. Robert is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), as well as coauthor of five other books. Robert is a technical expert for ISO/IEC JTC1/SC22/WG14, the international standardization working group for the programming language C. |
|---|
 | Martin Sebor is a technical leader in the C and C++ compiler tool chain group in the Network Operating Systems Group at Cisco Systems, Inc., where he works on compilers and related development tools as well as the Cisco networking operating system IOS. Among Martin's responsibilities is leading the development and deployment of Cisco Secure Coding Standards. Martin's expertise includes the C and C++ languages and development tools and the POSIX standard. Martin is Cisco's representative to the C and C++ international standards committees (PL22.11 and PL22.16 subgroups of the INCITS technical committee for Programming Languages, PL22). |
|---|
 | David Svoboda is a Software Security Engineer at CERT. He has been the primary developer on a diverse set of software development projects at Carnegie Mellon University since 1991. His projects have ranged from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production and use at Caterpillar. He has taught Secure Coding in C and C++ all over the world to various groups in the military, government, and banking industries. David is also involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/SC22/WG21 group for C++. |
|---|
Contributors
Arbob Ahmad, Juan Alvarado, Dave Aronson, Abhishek Arya, Berin Babcock-McConnell, Roberto Bagnara, Aaron Ballman, BJ Bayha, John Benito, Joe Black, Jodi Blake, Jill Britton, Levi Broderick, Hal Burch, J. L. Charton, Steven Christey, Ciera Christopher, Geoff Clare, Frank Costello, Joe Damato, Stephen C. Dewhurst, Susan Ditmore, Chad Dougherty, Mark Dowd, Apoorv Dutta, Emily Evans, Xiaoyi Fei, William Fithen, Hallvard Furuseth, Jeffrey Gennari, Andrew Gidwani, Ankur Goyal, Douglas A. Gwyn, Shaun Hedrick, Michael Howard, Sujay Jain, Christina Johns, Pranjal Jumde, David Keaton, Andrew Keeton, David Kohlbrenner, Takuya Kondo, Masaki Kubo, Pranav Kukreja, Richard Lane, Stephanie Wan-Ruey Lee, Jonathan Leffler, Pengfei Li, Fred Long, Justin Loo, Gregory K. Look, Nat Lyle, Larry Maccherone, Aditya Mahendrakar, Lee Mancuso, John McDonald, James McNellis, Randy Meyers, Dhruv Mohindra, Bhaswanth Nalabothula, Justin Pincar, Randy MeyersTodd Nowacki, Adrian Trejo Nuñez, Bhadrinath Pani, Vishal Patel, David M. Pickett, Justin Pincar, Dan Plakosh, Thomas Plum, Abhijit Rao, Raunak Rungta, Dan Saks, Chris Taschner, , Alexandre Santos, Brendan Saulsbury, Robert C. Seacord, Martin Sebor, Jason Michael Sharp, Astha Singhal, Will Snavely, Nick Stoughton, Alexander E. Strommen, Glenn Stroz, David Svoboda, Dean Sutherland, Kazunori Takeuchi, Chris Tapp, Chris Taschner, Mira Sri Divya Thambireddy, Melanie Thompson, Elpiniki Tsakalaki, Ben Tucker, Fred J. Tydeman, Nick StoughtonAbhishek Veldurthy, Wietse Venema, Alex Volkovitsky, Michael Shaye-Wen Wang, Grant Watters, and Gary Yuan.
Reviewers
, Tim Wilson, Eric Wong, Lutz Wrage, Shishir Kumar Yadav, Gary Yuan, Ricky Zhou, and Alen Zukich
Stefan Achatz, Arbob Ahmad, Laurent Alebarde, Kevin Bagust, Greg Beeley, Arjun Bijanki, John Bode, Konrad Borowski, Stewart Brodie, Jordan Brown, Andrew Browne, G Bulmer, Kyle Comer, Sean Connelly, Ale Contenti, Tom Danielsen, Török Eric Decker, Mark Dowd, T. Edwin, Brian Ewins, Justin Ferguson, William L. Fithen, Stephen Friedl, Hallvard Furuseth, Shay Green, Samium Gromoff, Kowsik Guruswamy, Jens Gustedt, Peter Gutmann, Douglas A. Gwyn, Richard Heathfield, Darryl Hill, Paul Hsieh, Ivan Jager, Steven G. Johnson, Anders Kaseorg, Matt Kraai, Piotr Krukowiecki, Jerry Leichter, Nicholas Marriott, Frank Martinez, Scott Meyers, Eric Miller, Charles-Francois Natali, Ron Natalie, Adam O'BrienO’Brien, Heikki Orsila, Balog Pal, Jonathan Paulson, P.J. Plauger, Leslie Satenstein, Kirk Sayre, Neil Schellenberger, Michel Schinz, Eric Sosman, Chris Tapp, Andrey Tarasevich, Yozo Toda, Josh Triplett, Pavel Vasilyev, Ivan Vecerina, Zeljko Vrba, David Wagner, Henry S. Warren, Colin Watson, Zhenyu Wu, Drew Yao, and Christopher Yeleighton.
Editors
Jodi Blake, Pamela Curtis, Ed Desautels, Carol Lallier, Osona Steave, and Barbara White.
Developers and Administrators
Rudolph Maceyko, Jason McCormick, Joe McManus, and Brad Rubbo
Special Thanks
Jeff Carpenter, Yurie Ito, Joe Jarzombek, Rich Pethia, Jason Rafail, Frank Redner, and Bob Rosenstein.
and Robin Zhu
The SEI CERT Secure Coding Team
Aaron Ballman, Lori Flynn, David Keaton, William Klieber, Robert Schiela, William Snavely, and David Svoboda
...
