This is the third monthly Secure Coding eNewsletter. Our goal is to provide you with timely information concerning updates to the CERT Secure Coding Standards and to make you aware of other interesting news and events related to secure coding. If you wish to unsubscribe, just use the
link at the end of this newsletter.
The fall semester is upon us here at Carnegie Mellon University as students return to campus. The new semester always brings new energy to the campus, even for staff members with no teaching responsibilities.
Our major push for September is to complete the CERT C Secure Coding Standard for C11. To do so, we need your help in reviewing the content and submitting comments on the wiki or by email. Please provide your comments by September 13, if possible, so that we will have time to incorporate them before publication.
A new book,
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, is now available. This book was authored by a team of current and former CERT employees and visiting scientists, including
Fred Long,
Dhruv Mohindra,
Robert C. Seacord,
Dean F. Sutherland, and
David Svoboda. This same group of authors published
The CERT Oracle Secure Coding Standard for Java in September 2011. The CERT website offers a
support site for the book.
Another area experiencing increased activity is the development of additional rules for the
Android (DRD) appendix to
The CERT Oracle Secure Coding Standard for Java. This appendix includes rules that are specific to developing Java apps for the Android platform. This is a good place to give a shout out to our colleagues at
JPCERT who have led the way in the development of these rules, including
Yozo TODA and
Masaki Kubo.
You have probably noticed that we have upgraded the wiki software to Confluence v5.1. We plan to upgrade the look and feel of the wiki, but in the meantime, if you are wondering where the dashboard went, you'll find it here:
https://securecoding.cert.org/confluence/dashboard.action.
In addition to working on secure coding standards for C, C++, Java, and Perl on the public wiki, we have begun efforts to create secure coding standards for various other languages, including Ada, C#, Fortran, Python, JavaScript, and SPARK. If you would like to contribute to the development of these standards, please contact us at
[email protected].