Comments and Contributing
We provide access to the community members to contribute after subject matter expertise is verified.
If you want to provide a suggestion or comment and do not have an account, please submit feedback.
If you have an account but are having problems with access, also please submit a support request.
Accounts are regularly deactivated after extended periods of inactivity.
Welcome
This site supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the Android™ platform. These standards are developed through a broad-based community effort by members of the software development and software security communities.
For more information about this project and to see tips on how to contribute, please see the Development Guidelines.
Downloads
Standards Development Area
The following development areas enable you to learn about and contribute to secure coding standards for commonly used programming languages C, C++, Java, and Perl. Contact us to comment on existing items, submit recommendations, or request privileges to directly edit content on this site.
The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.
Android is a trademark of Google Inc.
News
April 2020: Open Dataset RC_Data for Classifier Research
December 2018: Lori Flynn and Ebonie McNeil authored the SEI Blog post "SCALe v. 3: Automated Classification and Advanced Prioritization of Static Analysis Alerts".
November 2018: Lori Flynn presented a webinar "Improve Your Static Analysis Audits Using CERT SCALe's New Features".
October 2018: At the CMU SEI 2018 Research Review, Lori Flynn presented "Rapid Construction of Accurate Automatic Alert Handling", Will Klieber presented "Automated Code Repair to Ensure Memory Safety", and Robert Schiela presented "Predicting Security Flaws through Architectural Flaws".
October 2018: Will Klieber presented "Detecting Leaks of Sensitive Data due to Stale Reads" at IEEE SecDev 2018.
September 2018: The CERT manifest files are now available for use by static analysis tool developers to test their coverage of (some of the) CERT Secure Coding Rules for C, using many of 61,387 test cases in the Juliet test suite v1.2.
September 2018: The Summer 2018 Edition of the Secure Coding newsletter was published on 4 September 2018.
August 2018: SCALe has been released open-source as a new project on GitHub. This is the first time that SCALe has been released to the public. This initial release is SCALe 2.1.4.0.
Secure Coding Newsletter
The Secure Coding eNewsletter provides timely information about CERT secure coding standards.
The Summer 2018 Edition of the Secure Coding newsletter was published on 4 September 2018.
More Info...
The Top 10 Secure Coding Practices provides some language-independent recommendations.
Visit the Secure Coding section of the SEI's Digital Library for the latest publications written by the Secure Coding team.
Learn more about CERT Secure Coding Courses and the Secure Coding Professional Certificate Program.
Contact Us
Contact us if you
- have questions about the Secure Coding wiki
- have recommendations for standards in development
- want to request privileges to participate in standards development
2 Comments
Bruce Wen
The 2016 versions of coding standards are still valid today? Is no new content needed as time goes on?
Robert Schiela
Bruce, the content on this wiki site contains the most current information, as it always has. The PDF versions, and books before those versions, are a point-in-time snapshot of the content on the wiki, to add a stable reference. We are considering updates, and possibly a new snapshot, once the next stable releases of C and C++ are made. Thanks for the question.