Source Code Compliance

Caricato da

testabc

Il 0% ha trovato utile questo documento (0 voti)

9 visualizzazioni2 pagine

gfhfghfh

Titolo originale

00. Compliance

Copyright

Formati disponibili

PDF, TXT o leggi online da Scribd

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Segnala questo documento

gfhfghfh

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Il 0% ha trovato utile questo documento (0 voti)

9 visualizzazioni2 pagine

Source Code Compliance

Caricato da

testabc

gfhfghfh

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Salta alla pagina

Sei sulla pagina 1di 2

Cerca all'interno del documento

3/26/2015

ComplianceCERTC++CodingStandardCERTSecureCodingStandards

Pages / / AutomaticallyGeneratedCode

Compliance
CreatedbyJustinPincar,lastmodifiedbyDavidSvobodaonNov06,2008

SoftwaresystemscanbevalidatedasconformingtotheCERTC++SecureCodingStandard.Sourcecodeanalysis
toolsincludingcompilersandstaticanalysistools,canbecertifiedasabletovalidatesourcecodeasconformingto
thisstandard.

SourceCodeCompliance
TheCERTC++SecureCodingStandardcanbeusedasameasureofsoftwaresecuritybydeterminingthedegreeto
whichasoftwaresystemcomplieswiththerulesandrecommendationsinthisstandard.Whilecompliancedoesnot
guaranteetheabsenceofvulnerabilities(forexample,vulnerabilitiesresultingfromdesignflaws),itdoesguaranteethe
absenceofcodingerrorsthatarecommonlyfoundtobetherootcausesofvulnerabilities.
TheeasiestwaytovalidatecodeascompliantwiththeCERTC++SecureCodingstandardistouseacertifiedsource
codeanalysistool.

ToolSelectionandValidation
Whenchoosingacompiler(whichshouldbeunderstoodtoincludethelinker),aC++98compliantcompilershouldbe
usedwheneverpossible.
Whenchoosingasourcecodeanalysistool,itisclearlydesirablethatthetoolbeabletoenforceasmanyoftherules
inthisdocumentaspossible.
Compilersandsourcecodeanalysistoolsaretrustedprocesses,meaningthatadegreeofrelianceisplacedonthe
outputofthetools.Consequently,developersmustensurethatthistrustisnotmisplaced.Ideally,thisshouldbe
achievedbythetoolsupplierrunningappropriatevalidationtests.Whileitispossibletouseavalidationsuitetotesta
compilerorsourcecodeanalysistools,noformalvalidationschemeexistsatthetimeofpublicationofthisbook.

Levels
Rulesandrecommendationsinthisstandardareclassifiedintothreelevels.Emphasisshouldbeplacedon
conformanceLevel1(L1)rules.SoftwaresystemsthathavebeenvalidatedascomplyingwithallLevel1rulesare
consideredtobeL1Conforming.SoftwaresystemscanbeassessedasL1,L2,orfullyconformingdependingonthe
setofrulestowhichthesystemhasbeenvalidated.

RulesversusRecommendations
Conformancetosecurecodingrulesmustbedemonstratedtoclaimcompliancewiththisstandardunlessan
exceptionalconditionexists.Ifanexceptionalconditionisclaimed,theexceptionmustcorrespondtoapredefined
exceptionalconditionandtheapplicationofthisexceptionmustbedocumentedinthesourcecode.
Compliancewithrecommendationsisnotnecessarytoclaimcompliancewiththisstandard.Itispossible,however,to
claimcompliancewithrecommendations(especiallyincasesinwhichcompliancecanbeverified).

DeviationProcedure
https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance

1/2

3/26/2015

ComplianceCERTC++CodingStandardCERTSecureCodingStandards

Strictadherencetoallrulesisunlikely.Consequently,deviationsassociatedwithindividualsituationsarepermissible.
Deviationsmayoccurforaspecificinstance,typicallyinresponsetocircumstancesthatariseduringthedevelopment
processorforasystematicuseofaparticularconstructinaparticularcircumstance.Systematicdeviationsareusually
agreeduponatthestartofaproject.
Forthesesecurecodingrulestohaveauthority,itisnecessarythataformalprocedurebeusedtoauthorizethese
deviationsratherthananindividualprogrammerhavingdiscretiontodeviateatwill.Theuseofadeviationmustbe
justifiedonthebasisofbothnecessityandsecurity.Rulesthathaveahighseverityand/orahighlikelihoodrequirea
morestringentprocessforagreeingtoadeviationthandoruleswithalowseveritythatareunlikelytoresultina
vulnerability.
Toclaimcompliancewiththisstandard,softwaredevelopersmustbeabletoproduceonrequestdocumentationasto
whichsystematicandspecificdeviationshavebeenpermittedduringdevelopment.

Nolabels

https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance

2/2

Potrebbero piacerti anche

5 Stages of Programmer Incompetence - Yield Thought
Documento40 pagine
5 Stages of Programmer Incompetence - Yield Thought
testabc
Nessuna valutazione finora
Appendix A - The Tanenbaum-Torvalds Debate
Documento20 pagine
Appendix A - The Tanenbaum-Torvalds Debate
testabc
Nessuna valutazione finora
Saving The Floating-Point State (Linus Torvalds)
Documento3 pagine
Saving The Floating-Point State (Linus Torvalds)
testabc
Nessuna valutazione finora
System Qualities
Documento1 pagina
System Qualities
testabc
Nessuna valutazione finora
Linux-Kernel Archive - Re - Random Panic in Load - Balance With 3
Documento2 pagine
Linux-Kernel Archive - Re - Random Panic in Load - Balance With 3
testabc
Nessuna valutazione finora
20 g4 Interior Mirror Rain Sensor
Documento4 pagine
20 g4 Interior Mirror Rain Sensor
stefanVas
Nessuna valutazione finora
19 g4 Heated Seats
Documento3 pagine
19 g4 Heated Seats
stefanVas
Nessuna valutazione finora
Awesome C - C++
Documento34 pagine
Awesome C - C++
testabc
Nessuna valutazione finora
What Are Some Things You Realize As You Get Older - Quora
Documento50 pagine
What Are Some Things You Realize As You Get Older - Quora
testabc
Nessuna valutazione finora
Coding by The Book - 7 Books Every Software Developer Should Read
Documento13 pagine
Coding by The Book - 7 Books Every Software Developer Should Read
testabc
Nessuna valutazione finora
Undocumented Qmake
Documento9 pagine
Undocumented Qmake
testabc
Nessuna valutazione finora
Sig Graph 06
Documento28 pagine
Sig Graph 06
testabc
Nessuna valutazione finora
The Yellow House: A Memoir (2019 National Book Award Winner)
Da Everand
The Yellow House: A Memoir (2019 National Book Award Winner)
Sarah M. Broom
Valutazione: 4 su 5 stelle
4/5 (98)
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Da Everand
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Margot Lee Shetterly
Valutazione: 4 su 5 stelle
4/5 (895)
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Da Everand
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Mark Manson
Valutazione: 4 su 5 stelle
4/5 (5794)
The Little Book of Hygge: Danish Secrets to Happy Living
Da Everand
The Little Book of Hygge: Danish Secrets to Happy Living
Meik Wiking
Valutazione: 3.5 su 5 stelle
3.5/5 (399)
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Da Everand
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Gilbert King
Valutazione: 4.5 su 5 stelle
4.5/5 (266)
Shoe Dog: A Memoir by the Creator of Nike
Da Everand
Shoe Dog: A Memoir by the Creator of Nike
Phil Knight
Valutazione: 4.5 su 5 stelle
4.5/5 (537)
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Da Everand
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Ashlee Vance
Valutazione: 4.5 su 5 stelle
4.5/5 (474)
Never Split the Difference: Negotiating As If Your Life Depended On It
Da Everand
Never Split the Difference: Negotiating As If Your Life Depended On It
Chris Voss
Valutazione: 4.5 su 5 stelle
4.5/5 (838)
Grit: The Power of Passion and Perseverance
Da Everand
Grit: The Power of Passion and Perseverance
Angela Duckworth
Valutazione: 4 su 5 stelle
4/5 (588)
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Da Everand
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dave Eggers
Valutazione: 3.5 su 5 stelle
3.5/5 (231)
Principles: Life and Work
Da Everand
Principles: Life and Work
Ray Dalio
Valutazione: 4 su 5 stelle
4/5 (599)
The Emperor of All Maladies: A Biography of Cancer
Da Everand
The Emperor of All Maladies: A Biography of Cancer
Siddhartha Mukherjee
Valutazione: 4.5 su 5 stelle
4.5/5 (271)
Yes Please
Da Everand
Yes Please
Amy Poehler
Valutazione: 4 su 5 stelle
4/5 (1891)
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Da Everand
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Thomas L. Friedman
Valutazione: 3.5 su 5 stelle
3.5/5 (2259)
On Fire: The (Burning) Case for a Green New Deal
Da Everand
On Fire: The (Burning) Case for a Green New Deal
Naomi Klein
Valutazione: 4 su 5 stelle
4/5 (73)
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Da Everand
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Ben Horowitz
Valutazione: 4.5 su 5 stelle
4.5/5 (344)
Rise of ISIS: A Threat We Can't Ignore
Da Everand
Rise of ISIS: A Threat We Can't Ignore
Jay Sekulow
Valutazione: 3.5 su 5 stelle
3.5/5 (137)
Team of Rivals: The Political Genius of Abraham Lincoln
Da Everand
Team of Rivals: The Political Genius of Abraham Lincoln
Doris Kearns Goodwin
Valutazione: 4.5 su 5 stelle
4.5/5 (234)
Fear: Trump in the White House
Da Everand
Fear: Trump in the White House
Bob Woodward
Valutazione: 3.5 su 5 stelle
3.5/5 (738)
John Adams
Da Everand
John Adams
David McCullough
Valutazione: 4.5 su 5 stelle
4.5/5 (2409)
The Unwinding: An Inner History of the New America
Da Everand
The Unwinding: An Inner History of the New America
George Packer
Valutazione: 4 su 5 stelle
4/5 (45)
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Da Everand
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Brené Brown
Valutazione: 4 su 5 stelle
4/5 (1090)
Steve Jobs
Da Everand
Steve Jobs
Walter Isaacson
Valutazione: 4.5 su 5 stelle
4.5/5 (806)
Angela's Ashes: A Memoir
Da Everand
Angela's Ashes: A Memoir
Frank McCourt
Valutazione: 4.5 su 5 stelle
4.5/5 (440)
Bad Feminist: Essays
Da Everand
Bad Feminist: Essays
Roxane Gay
Valutazione: 4 su 5 stelle
4/5 (1015)
The Glass Castle: A Memoir
Da Everand
The Glass Castle: A Memoir
Jeannette Walls
Valutazione: 4.5 su 5 stelle
4.5/5 (1712)
The Light Between Oceans: A Novel
Da Everand
The Light Between Oceans: A Novel
M.L. Stedman
Valutazione: 4.5 su 5 stelle
4.5/5 (789)
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Da Everand
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Viet Thanh Nguyen
Valutazione: 4.5 su 5 stelle
4.5/5 (121)
The Outsider: A Novel
Da Everand
The Outsider: A Novel
Stephen King
Valutazione: 4 su 5 stelle
4/5 (1839)
Brooklyn: A Novel
Da Everand
Brooklyn: A Novel
Colm Tóibín
Valutazione: 3.5 su 5 stelle
3.5/5 (1937)
A Man Called Ove: A Novel
Da Everand
A Man Called Ove: A Novel
Fredrik Backman
Valutazione: 4.5 su 5 stelle
4.5/5 (4609)
The Woman in Cabin 10
Da Everand
The Woman in Cabin 10
Ruth Ware
Valutazione: 3.5 su 5 stelle
3.5/5 (2322)
Wolf Hall: A Novel
Da Everand
Wolf Hall: A Novel
Hilary Mantel
Valutazione: 4 su 5 stelle
4/5 (3811)
Manhattan Beach: A Novel
Da Everand
Manhattan Beach: A Novel
Jennifer Egan
Valutazione: 3.5 su 5 stelle
3.5/5 (792)
The Perks of Being a Wallflower
Da Everand
The Perks of Being a Wallflower
Stephen Chbosky
Valutazione: 4.5 su 5 stelle
4.5/5 (2102)
Little Women
Da Everand
Little Women
Louisa May Alcott
Valutazione: 4 su 5 stelle
4/5 (104)
The Art of Racing in the Rain: A Novel
Da Everand
The Art of Racing in the Rain: A Novel
Garth Stein
Valutazione: 4 su 5 stelle
4/5 (4200)
Sing, Unburied, Sing: A Novel
Da Everand
Sing, Unburied, Sing: A Novel
Jesmyn Ward
Valutazione: 4 su 5 stelle
4/5 (1103)
Her Body and Other Parties: Stories
Da Everand
Her Body and Other Parties: Stories
Carmen Maria Machado
Valutazione: 4 su 5 stelle
4/5 (821)
A Tree Grows in Brooklyn
Da Everand
A Tree Grows in Brooklyn
Betty Smith
Valutazione: 4.5 su 5 stelle
4.5/5 (1929)
The Constant Gardener: A Novel
Da Everand
The Constant Gardener: A Novel
John le Carré
Valutazione: 3.5 su 5 stelle
3.5/5 (104)
Summative Reflection Comm
Documento5 pagine
Summative Reflection Comm
api-546460750
Nessuna valutazione finora
Cipet Bhubaneswar Skill Development Courses
Documento1 pagina
Cipet Bhubaneswar Skill Development Courses
Divakar Panigrahi
Nessuna valutazione finora
De Thi Chon Hoc Sinh Gioi Cap Tinh Mon Tieng Anh Lop 12 So GD DT Thanh Hoa Nam Hoc 2015 2016
Documento11 pagine
De Thi Chon Hoc Sinh Gioi Cap Tinh Mon Tieng Anh Lop 12 So GD DT Thanh Hoa Nam Hoc 2015 2016
Thuy Lingg
Nessuna valutazione finora
Additional Article Information: Keywords: Adenoid Cystic Carcinoma, Cribriform Pattern, Parotid Gland
Documento7 pagine
Additional Article Information: Keywords: Adenoid Cystic Carcinoma, Cribriform Pattern, Parotid Gland
Rizal Tabooti
Nessuna valutazione finora
Introduction To Password Cracking Part 1
Documento8 pagine
Introduction To Password Cracking Part 1
Tibyan Muhammed
Nessuna valutazione finora
A Semi-Detailed Lesson Plan in MAPEH 7 (PE)
Documento2 pagine
A Semi-Detailed Lesson Plan in MAPEH 7 (PE)
caloy bardz
Nessuna valutazione finora
Inventions Over The Last 100 Years
Documento3 pagine
Inventions Over The Last 100 Years
HombreMorado GamerYT
Nessuna valutazione finora
EZ Water Calculator 3.0.2
Documento4 pagine
EZ Water Calculator 3.0.2
adriano70
Nessuna valutazione finora
Battery Checklist Procedure
Documento1 pagina
Battery Checklist Procedure
Krauser Chanel
Nessuna valutazione finora
Sales Forecast Template Download
Documento9 pagine
Sales Forecast Template Download
Ashok
Nessuna valutazione finora
FINAL BÁO-CÁO-THỰC-TẬP.edited
Documento38 pagine
FINAL BÁO-CÁO-THỰC-TẬP.edited
ngocthaongothi4
Nessuna valutazione finora
Case 3 SectionC Group 1 (Repaired)
Documento3 pagine
Case 3 SectionC Group 1 (Repaired)
SANDEEP AGRAWAL
Nessuna valutazione finora
Philhis 1blm Group 6 Report
Documento19 pagine
Philhis 1blm Group 6 Report
taehyung trash
Nessuna valutazione finora
Twin Pregnancy
Documento73 pagine
Twin Pregnancy
krishna mandal
Nessuna valutazione finora
Amritsar Police Station
Documento5 pagine
Amritsar Police Station
Rashmi Kb
Nessuna valutazione finora
Masoneilan - 78 Series Air Filter Regulators IOM
Documento8 pagine
Masoneilan - 78 Series Air Filter Regulators IOM
NithyA
Nessuna valutazione finora
Operations Management Interim Project
Documento4 pagine
Operations Management Interim Project
ABAYANKAR SRIRAM (RA1931201020042)
Nessuna valutazione finora
Sap New GL: Document Splitting - Configuration: Choose
Documento3 pagine
Sap New GL: Document Splitting - Configuration: Choose
Chandra Sekhar P
Nessuna valutazione finora
Clint Freeman Resume
Documento2 pagine
Clint Freeman Resume
Clint Tiberius Freeman
Nessuna valutazione finora
Matrix PBX Product Catalogue
Documento12 pagine
Matrix PBX Product Catalogue
harshruthia
Nessuna valutazione finora
Duo Interpretation Class Presentation
Documento31 pagine
Duo Interpretation Class Presentation
PlanetSpark
Nessuna valutazione finora
Muscles of The Dog 2: 2012 Martin Cake, Murdoch University
Documento11 pagine
Muscles of The Dog 2: 2012 Martin Cake, Murdoch University
Piere
Nessuna valutazione finora
Bossypants Autobiography and Womens Selves
Documento26 pagine
Bossypants Autobiography and Womens Selves
Camila Paz Gutiérrez
Nessuna valutazione finora
Lightning Protection Measures New
Documento9 pagine
Lightning Protection Measures New
jithish
Nessuna valutazione finora
Advertisement: National Institute of Technology, Tiruchirappalli - 620 015 TEL: 0431 - 2503365, FAX: 0431 - 2500133
Documento4 pagine
Advertisement: National Institute of Technology, Tiruchirappalli - 620 015 TEL: 0431 - 2503365, FAX: 0431 - 2500133
dinesh
Nessuna valutazione finora
Benjamin Franklin - The Indian Treaties (1938)
Documento450 pagine
Benjamin Franklin - The Indian Treaties (1938)
Spiritu Sancto
Nessuna valutazione finora
Web-Based Attendance Management System Using Bimodal Authentication Techniques
Documento61 pagine
Web-Based Attendance Management System Using Bimodal Authentication Techniques
ajextope
Nessuna valutazione finora
Java Complete Collection Framework
Documento28 pagine
Java Complete Collection Framework
khushivansh
Nessuna valutazione finora
Persuasive Speech 2016 - Whole Person Paradigm
Documento4 pagine
Persuasive Speech 2016 - Whole Person Paradigm
api-311375616
Nessuna valutazione finora
Dessler HRM12e PPT 01
Documento30 pagine
Dessler HRM12e PPT 01
harryjohnlyall
Nessuna valutazione finora