The CERT C coding standard is intended to help create safe, reliable, and secure systems in C that are fully compliant with C99 and C11 standards. It lays out rules for coding that avoid exploitable vulnerabilities. The rules are prioritized by severity of vulnerability, likelihood of exploitation, and cost of remediation.

The book describes 98 rules systematically organized into 14 chapters based on whether a rule applies to, for example, preprocessing, declarations, data types, data structures, memory management, input/output (I/O), environment, signals, error handling, or concurrency. Each rule has a succinct title that captures its essence, a description that provides the details, a noncompliant code example, and compliant solutions. Where relevant, issues specific to POSIX and the Windows platform are also discussed.

These rules were developed and reviewed by a broad group of experts using a wiki-based community development process. While the content of the wiki (http://www.securecoding.cert.org) continues to evolve, the book is a stable snapshot of the CERT C standard that can serve as a baseline set of requirements for an organization’s software development process. The standard has gained wide acceptance, with Cisco and Oracle being two prominent industry leaders among its adopters.

This book, along with its associated wiki, is a valuable resource for programmers involved in producing safe, secure, and reliable systems in C or those interested in the acquisition of such systems. It can also serve as a good set of requirement for vendors who develop, and development organizations that use, static analysis tools for safety, security, and reliability analysis of systems created using the C programming language.

More reviews about this item: Amazon