Secure Coding Sites

This is a sample of resources about secure coding in addition to what is provided on Build Security In.

Secure Coding Standards and Practices

The Secure Coding site has released a draft of the CERT C Programming Language Secure Coding Standard. The site exists to support the development of secure coding standards for commonly used programming languages. These standards are being developed through a broad-based community effort including the CERT Secure Coding Initiative and members of the software development and software security communities.

Top 10 Secure Coding Practices

Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses – the Software Assurance Pocket Guide Series - Development Volume II provides recommended practices for preventing the most critical exploits in software. Common Weakness Enumeration (CWE) provides a standard means for understanding software security risks; enabling more informed decision-making by suppliers and consumers about the security of software. This pocket guide addresses the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors. The main goal for the Top 25 CWE Coding Errors list is to stop vulnerabilities at the source by educating programmers on how to eliminate the most egregious programming errors before software is shipped.  This pocket guide is being updated to reflect the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors, released in February, and it will be posted when it is available.

Secure Coding Training and Certification

Secure Programming Skills Assessment with certification, SANS Software Security Institute

CERT training in secure coding in C and C++

See additional examples of commercial training available on the Training and Awareness page.

Please note that mention of training or certification providers on Build Security In does not imply endorsement of them. The Department of Homeland Security does not endorse any training or certification providers.

Get PDF Reader