[Infowarrior] - Software Engineering Institute Makes CERT C++ Coding Standard Freely Available
Richard Forno
rforno at infowarrior.org
Wed Mar 22 18:55:59 CDT 2017
https://www.sei.cmu.edu/news/article.cfm?assetid=495412&article=081&year=2017
Software Engineering Institute Makes CERT C++ Coding Standard Freely Available
Pittsburgh, Pa., March 22, 2017—The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities. This C++ Coding Standard joins the SEI CERT C Coding Standard that was released in 2016. Both of these standards have been made available as free downloads in response to user demand, providing a wealth of expert knowledge and best practices for developing secure software systems in C and C++.
The 2016 edition of the SEI CERT C++ Coding Standard reflects a decade of research and includes 83 new rules that take into account features of the C++ language that are not part of the C language. The majority of the SEI CERT C Coding Standard also provides guidance that is important for developing secure C++ programs, and they should both be used by C++ development programs.
“This newly released C++ standard adds to our previously released C standard secure coding guidance for features that are unique to the C++ language. For example, this standard has guidance for object oriented programming and containers,” said Robert Schiela, technical manager, Secure Coding, for the SEI’s CERT Division. “It also contains guidance for features that were added to C++14, like lambda objects.”
Mark Sherman, technical director, Cybersecurity Foundations, for the SEI’s CERT Division, added, “The SEI CERT C++ Coding Standard joins our other free guidelines for secure software development, making secure development best practices easily accessible to everyone. This new format can be widely shared for use in classes, tools, professional guides, internal development standards, acquisition and procurement specifications, and other environments.”
To download the SEI CERT C++ Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-cpp-download-2016.cfm.
To download the SEI CERT C Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-download.cfm.
About the Software Engineering Institute
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Division of the SEI is the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit http://www.cert.org.
More information about the Infowarrior
mailing list