Addressing your insecurities with CERT C

1 Module 5 Sections None

The CERT C Coding Standard consists of a set of guidelines designed to assist in the development of safe, reliable, and secure systems. It was developed by the Computer Emergency Response Team (CERT) division of the Software Engineering Institute (SEI), with reviews and contributions from many industry experts. SEI is a federally funded pioneer of programming practices, based at Carnegie-Mellon University and supported by the US Department of Defense. SEI’s CERT division was formed in response to the Morris worm incident of 1988, and focuses on improving the security and resilience of computer systems and networks. CERT is well respected for its expertise and works closely with organisations from both private and public sectors including Cisco, Oracle, and the US Department of Homeland Security. The idea of a secure coding standard for the C language was born in 2003 of CERT’s discussions with the ISO/IEC JTC1/SC22/WG 14 committee (WG14) responsible for the C language standard. This paper discusses how LDRA tools can be used to check and help ensure compliance to CERT C. One of the key differentiators between software quality analysis tools is that some perform dynamic analysis, while others perform static analysis. Static analysis is performed without actually executing the software, whereas dynamic analysis involves the execution of all or some of that software. Tools used to check coding rules are concerned with the source code rather than its execution, and so use static analysis techniques.

ante. neque. venenatis ut consequat. dolor id libero. felis eget