Preface

An essential element of secure coding in the C programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of guidelines determined by the requirements of the project and organization rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes).

The CERT^® C Secure Coding Standard provides guidelines for secure coding in the C programming language. The goal of these guidelines is to eliminate insecure coding practices and undefined behaviors that can lead to exploitable vulnerabilities. Developing code in compliance with this coding standard will result in higher quality systems that are robust and more resistant to attack.

This standard is supported by training available from the Software Engineering Institute (SEI) and other licensed partners and is a basis for the Global Information Assurance Certification (GIAC) Secure Software Programmer–C (GSSP-C) exam and certification.