The rules in this standard are intended to improve the security of software by improving the knowledge, practices, and tools that software developers use.
This standard can be used to develop tailored coding standards for projects and organizations, enabling a consistent view to software development security. It may be extended with organization-specific rules. However, the rules in the standard must be obeyed to claim conformance with the standard.
This standard can also be used for conformance testing and tool selection and validation. Once a coding standard has been established, tools and processes can be developed or modified to determine conformance with the standard.
This standard can also be used to develop training and Training may be developed to educate software professionals regarding the appropriate application of coding standards. After passing an examination, these trained programmers may also be certified as coding professionals. For example, the Software Developer Certification (SDC) is a credentialing program developed at Carnegie Mellon University. The SDC uses authentic examination toThe Software Engineering Institute offers several Secure Coding courses and certificates, both based on live training and online. The material from this standard and supplemental training and evaluation materials can be used to:
- Identify job candidates with specific programming skills
- Demonstrate the presence of a well-trained software workforce
- Provide guidance to educational and training institutions
...
...