Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This standard was made possible through a broad community effort. We thank all those who contributed and provided reviews in this wikithat helped to make the standards a success. If you are interested in contributing to the rules, create an account on the wiki and then request contributor privileges by sending email to info@sei.cmu.edu.

Contributors to the 2016 Edition of the Standard

Eric Azebu, Aaron Ballman, Jill Britton, Vaclav Bubnik, G. Ann Campbell, Geoff Clare, Lori Flynn, Amy Gale, Arthur Hicken, David Keaton, Will Klieber, Masaki Kubo, Carol Lallier, Fred Long, Daniel Marjamäki, Robert Seacord, Martin Sebor, Sandy Shrum, Will Snavely, David Svoboda, Yozo Toda, Barbara White, and Liz Whiting

Contributors and Reviewers of Previous Editions of the Standard

Thanks to everyone who contributed to making this effort a success.    

Major Contributors 

 Image RemovedAaron Ballman has over a decade of experience writing commercial compilers for various languages, and is a Security Software Engineer for CERT.  He is an active developer on the clang open source C/C++/Objective-C compiler. When he's not writing code, Aaron also enjoys being outside, fishing, and reading a good book in his hammock.
 Image RemovedJohn Benito is an independent consultant providing software development, project management and software testing. He is the current Convener of ISO/IEC JTC1/SC22/WG14, the ISO group responsible for Standard C;  the project editor for the Technical Report 24772; and a member of the INCITS PL22.11 (ANSI C) technical committee. He previously was a member of INCITS PL22.16 (ANSI C++) and the ISO Java Study group. He has been in software development, project management and testing for more than 35 years.
Image RemovedDavid Keaton is the chairman of the ANSI C Committee, the U.S. segment of the international committee that standardizes the C programming language. He has been a voting member of the committee since 1990.
David has written compilers for everything from embedded systems to supercomputers.  He has two patents related to compiler-assisted security mechanisms. 
Image RemovedRobert C. Seacord is a the technical manager of the Secure Coding Initiative in the CERT® Division of the Software Engineering Institute (SEI) in Pittsburgh. Robert is the author of The CERT C Secure Coding Standard (Addison-Wesley, 2008) and Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013) as well as co-author of five other books. Robert is an adjunct professor at Carnegie Mellon University and a technical expert for ISO/IEC JTC1/SC22/WG14, the international standardization working group for the programming language C.
Image RemovedMartin Sebor is a technical leader in the C and C++ compiler tool chain group in the Network Operating Systems Group at Cisco Systems, Inc., where he works on compilers and related development tools as well as the Cisco networking operating system IOS. Among Martin's responsibilities is leading the development and deployment of Cisco Secure Coding Standards. Martin's expertise includes the C and C++ languages and development tools, and the POSIX standard. Martin is Cisco's representative to the C and C international standards committees (PL22.11 and PL22.16 subgroups of the INCITS technical committee for Programming Languages, PL22).
 Image RemovedDavid Svoboda is a Software Security Engineer at CERT. He has been the primary developer on a diverse set of software development projects at Carnegie Mellon University since 1991. His projects have ranged from hierarchical chip modeling and social organization simulation to automated machine translation (AMT). His KANTOO AMT software, developed in 1996, is still in production use at Caterpillar. He has taught Secure Coding in C and C++ all over the world to various groups in the military, government, and banking industries. David is also involved in several ISO standards groups: the JTC1/SC22/WG14 group for the C programming language and the JTC1/SC22/WG21 group for C++.

     

...

Arbob Ahmad, Juan Alvarado, Dave Aronson, Abhishek Arya, Berin Babcock-McConnell, Roberto Bagnara, Aaron Ballman, BJ Bayha, John Benito, Joe Black, Jodi Blake, Jill Britton, Levi Broderick, Hal Burch, J. L. Charton, Steven Christey, Ciera Christopher, Geoff Clare, Frank Costello, Joe Damato, Stephen C. Dewhurst, Susan Ditmore, Chad Dougherty, Mark Dowd, Apoorv Dutta, Emily Evans, Xiaoyi Fei, William Fithen, Hallvard Furuseth, Jeffrey Gennari, Andrew Gidwani, Ankur Goyal, Douglas A. Gwyn, Shaun Hedrick, Michael Howard, Sujay Jain, Christina Johns, Pranjal Jumde, David Keaton, Andrew Keeton, David Kohlbrenner, Takuya Kondo, Masaki Kubo, Pranav Kukreja, Richard Lane, Stephanie Wan-Ruey Lee, Jonathan Leffler, Pengfei Li, Fred Long, Justin Loo, Gregory K. Look, Nat Lyle, Larry Maccherone, Aditya Mahendrakar, Lee Mancuso, John McDonald, James McNellis, Randy Meyers, Dhruv Mohindra, Bhaswanth Nalabothula, Justin Pincar, Randy Meyers, Todd Nowacki, Adrian Trejo Nuñez, Bhadrinath Pani, Vishal Patel, David M. Pickett, Justin Pincar, Dan Plakosh, Thomas Plum, Abhijit Rao, Raunak Rungta, Dan Saks, Chris Taschner, , Alexandre Santos, Brendan Saulsbury, Roger Scott, Robert C. Seacord, Martin Sebor, Jason Michael Sharp, Astha Singhal, Will Snavely, Nick Stoughton, Alexander E. Strommen, Glenn Stroz, David Svoboda, Dean Sutherland, Kazunori Takeuchi, Chris Tapp, Chris Taschner, Mira Sri Divya Thambireddy, Melanie Thompson, Elpiniki Tsakalaki, Ben Tucker, Fred J. Tydeman, Nick StoughtonAbhishek Veldurthy, Wietse Venema, Alex Volkovitsky, Michael Shaye-Wen Wang, Grant Watters, and Gary Yuan.

Reviewers

, Tim Wilson, Eric Wong, Lutz Wrage, Shishir Kumar Yadav, Gary Yuan, Ricky Zhou, and Alen Zukich

Stefan Achatz, Arbob Ahmad, Laurent Alebarde, Kevin Bagust, Greg Beeley, Arjun Bijanki, John Bode, Konrad Borowski, Stewart Brodie, Jordan Brown, Andrew Browne, G Bulmer, Kyle Comer, Sean Connelly, Ale Contenti, Tom Danielsen, Török Eric Decker, Mark Dowd, T. Edwin, Brian Ewins, Justin Ferguson, William L. Fithen, Stephen Friedl, Hallvard Furuseth, Shay Green, Samium Gromoff, Kowsik Guruswamy, Jens Gustedt, Peter Gutmann, Douglas A. Gwyn, Richard Heathfield, Darryl Hill, Paul Hsieh, Ivan Jager, Steven G. Johnson, Anders Kaseorg, Matt Kraai, Piotr Krukowiecki, Jerry Leichter, Nicholas Marriott, Frank Martinez, Scott Meyers, Eric Miller, Charles-Francois Natali, Ron Natalie, Adam O’Brien, Heikki Orsila, Balog Pal, Jonathan Paulson, P.J. Plauger, Leslie Satenstein, Kirk Sayre, Neil Schellenberger, Michel Schinz, Eric Sosman, Chris Tapp, Andrey Tarasevich, Yozo Toda, Josh Triplett, Pavel Vasilyev, Ivan Vecerina, Zeljko Vrba, David Wagner, Henry S. Warren, Colin Watson, Zhenyu Wu, Drew Yao, and Christopher Yeleighton.

Editors

Jodi Blake, Pamela Curtis, Ed Desautels, Carol Lallier, Osona Steave, and Barbara White.

Developers and Administrators

Rudolph Maceyko, Jason McCormick, Joe McManus, and Brad Rubbo

Special Thanks

Jeff Carpenter, Yurie Ito, Joe Jarzombek, Rich Pethia, Jason Rafail, Frank Redner, and Bob Rosenstein.

and Robin Zhu

The SEI CERT Secure Coding Team

Lori Flynn, William Klieber, Robert Schiela, and David SvobodaCERT Coding Standards       CERT Coding Standards       CERT C Coding Standard