SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version Current

changes.mady.by.user Sandy Shrum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: editorial change

The rules in this standard are intended to improve the security of software by improving the knowledge, practices, and tools that software developers use.

This standard can be used to develop tailored coding standards for projects and organizations, enabling a consistent view to software development security.  It may be extended with organization-specific rules. However, the rules in the this standard must be obeyed to claim compliance conformance with the standard.

Training may be developed to educate software professionals regarding the appropriate application of secure coding standards. After passing an examination, these trained programmers may also be certified as secure coding professionals.

Once a secure This standard can also be used for conformance testing and tool selection and validation.  Once a coding standard has been established, tools and processes can be developed or modified to determine compliance conformance with the standard. One of the conditions for a coding practice to be considered a rule is that conformance can be verified. Verification can be performed manually or automated. Manual verification can be labor intensive and error prone. Tool verification is also problematic in that the ability of a static analysis tool to detect all violations of a rule must be proven for each product release because of possible regression errors. Even with these challenges, automated validation may be the only economically scalable solution to validate conformance with the coding standard.

Software analysis tools may be certified as being able to verify compliance with the secure coding standard. Compliant software systems may be certified as compliant by a properly authorized certification body by the application of certified tools.

This standard can also be used to develop training and educate software professionals regarding the appropriate application of coding standards. The Software Engineering Institute (SEI) offers several Secure Coding courses and certificates, available as live training and online training. The material from this standard and supplemental training and evaluation materials can be used to

  1. identify job candidates with specific programming skills
  2. demonstrate the presence of a well-trained software workforce
  3. provide guidance to educational and training institutions

 Image Removed      00. Introduction       Image Removed