CERT-C

Summary

The SEI CERT C Coding Standard, 2016 Edition provides rules for secure coding in the C programming language. These rules and recommendations are used to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

Definitions

Definition	Requirements
CERTC-EXP33-C. Do not read uninitialized memory	168. Initialize variables explicitly
CERTC-INT32-C. Ensure that operations on signed integers do not result in overflow	345. Establish protections against overflows
CERTC-STR30-C. Do not attempt to modify string literals	172. Encrypt connection strings
CERTC-FIO30-C. Exclude user input from format strings	160. Encode system outputs 173. Discard unsafe inputs
CERTC-FIO32-C. Do not perform operations on devices that are only appropriate for files	095. Define users with privileges 096. Set user's required privileges
CERTC-CON38-C. Preserve thread safety and liveness when using condition variables	337. Make critical logic flows thread safe
CERTC-MSC32-C. Properly seed pseudorandom number generators	223. Uniform distribution in random numbers

Last updated

2023/09/18