SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Robert Schiela

Saved on

compared with

New Version 8

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: No need to have two citations for the same content.

...

The proper application of this CERT Secure Coding standard would enable a system to comply with the following requirements from the Application Security and Development Security Technical Implementation Guide, Version 4, Release 1 [DISA 2016]:

  • (APSC-DV-001995: CAT II) The application must not be vulnerable to race conditions.
  • (APSC-DV-002510: CAT I) The application must protect from command injection.
  • (APSC-DV-002520: CAT II) The application must protect from canonical representation vulnerabilities.
  • (APSC-DV-002530: CAT II) The application must validate all input.
  • (APSC-DV-002560: CAT I) The application must not be subject to input handling vulnerabilities.
  • (APSC-DV-002590: CAT I) The application must not be vulnerable to overflow attacks.
  • (APSC-DV-003215: CAT III) The application development team must follow a set of coding standards.
  • (APSC-DV-003235: CAT II) The application must not be subject to error handling vulnerabilities.

...

The proper application of this standard would enable a system to comply with the following requirements from the Application Security and Development Security Technical Implementation Guide, Version 3, Release 10 [DISA 2015]:

  • (APP2060.1: CAT II) The Program Manager will ensure the development team follows a set of coding standards.
  • (APP2060.2: CAT II) The Program Manager will ensure the development team creates a list of unsafe functions to avoid and document this list in the coding standards.
  • (APP3550: CAT I) The Designer will ensure the application is not vulnerable to integer arithmetic issues.
  • (APP3560: CAT I) The Designer will ensure the application does not contain format string vulnerabilities.
  • (APP3570: CAT I) The Designer will ensure the application does not allow command injection.
  • (APP3590.1: CAT I) The Designer will ensure the application does not have buffer overflows.
  • (APP3590.2: CAT I) The Designer will ensure the application does not use functions known to be vulnerable to buffer overflows.
  • (APP3590.3: CAT II) The Designer will ensure the application does not use signed values for memory allocation where permitted by the programming language.
  • (APP3600: CAT II) The Designer will ensure the application has no canonical representation vulnerabilities.
  • (APP3630.1: CAT II) The Designer will ensure the application is not vulnerable to race conditions.
  • (APP3630.2: CAT III) The Designer will ensure the application does not use global variables when local variables could be used.

...