Fall 2017 Edition of the Secure Coding Newsletter
The team requests contributors for draft Ada guidelines and describes its collaborations with MITRE.
SEI CERT C++ Coding Standard (2016 Edition)
The SEI CERT C++ Coding Standard (2016 Edition) is available for free to promote the adoption of secure coding standards. This latest edition complements our Secure Coding in C and C++ Professional Certificate.
CERT Is Hiring
Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today.
Research into API Usability and Security
We're studying how to design APIs that are usable by programmers for developing secure code.
Secure Coding in C and C++ Course
We offer this four-day course to help you identify and prevent common programming errors in C and C++, plus understand how these errors can lead to code that is vulnerable to exploitation.
Secure Coding Professional Certificates
Our certificate programs, one for Java and the other for C and C++, enable software developers to eliminate security vulnerabilities before products ship.
SEI Book Series in Software Engineering
Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.
Our Mission: We reduce the number of vulnerabilities to a level that can be fully mitigated in operational environments. This reduction is accomplished by preventing coding errors or discovering and eliminating security flaws during implementation and testing.
The CERT Division has been extremely successful in the development of secure coding standards, which have been adopted at corporate levels by companies such as Cisco and Oracle, and the development of the Source Code Analysis Laboratory (SCALe), which supports conformance testing of systems against these coding standards. The success of the secure coding standards and SCALe contributed to the impetus for including software assurance requirements in the National Defense Authorization Act (NDAA) for Fiscal Year 2013.
Eliminating vulnerabilities during development can result in a two to three orders-of-magnitude reduction in the total cost of repairing the code versus making the repairs afterwards. To achieve these goals, it is necessary to determine how to develop verifiably secure code within budget and on schedule.