SEI Makes Updated CERT C Coding Standard Freely Available

June 30, 2016 • Article

June 30, 2016—The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C Coding Standard. The standard provides rules for secure coding in the C programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities. This year, in response to user demand, the SEI has made an updated standard available as a free download from the SEI website.

The 2016 edition of the SEI CERT C Coding Standard reflects two years of research and insight gained since the previously released edition.

“The revised standard updates important guidance on how to use C concurrency, a cornerstone for improved performance on multicore machines, and specific examples showing how applying the rules would avoid vulnerabilities such as Heartbleed. We also updated the rules for easier use by C++ programmers as well as C programmers,” said Mark Sherman, technical director, Cybersecurity Foundations, for the SEI’s CERT Division.

The 2016 edition addresses user concerns and needs related to cost and accessibility. “We’ve heard this concern, which is why we’re making the standard available as a free download. This new format can be widely shared for use in classes, documentation for tools, professional guides, and other environments. The new format also enables us to produce new editions on a more frequent release cycle,” said Robert Schiela, technical manager for the Secure Coding Initiative.

To download the SEI CERT C Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-download.cfm.