17
© 2006 Carnegie Mellon University CERT Secure Coding Standards Robert C. Seacord
© 2006 Carnegie Mellon University
CERT Secure Coding StandardsRobert C. Seacord
© 2006 Carnegie Mellon University 2
Total vulnerabilities reported(1995-2Q,2005): 19,600
5,000
4,000
3,000
2,000
0
1,000
1997 1998 1999 2000 2001 2002 2003 2004 2005
311 262417
1,090
2,437
4,129
3,784 3,780
5,9906,000
Problem Statement
Reacting to vulnerabilities in existing systems is not working
© 2006 Carnegie Mellon University 3
Recent Trends Are No Different
0
250
500
750
1000
1250
1500
1750
2000
FY 2004Q3
FY 2004Q3
FY 2004Q4
FY 2005Q1
FY 2005Q2
FY 2005Q3
FY 2005Q4
FY 2006Q1
FY 2006Q2
FY 2006Q3TD
© 2006 Carnegie Mellon University 4
Secure Coding InitiativeWork with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed.
Reduce the number of vulnerabilities to a level where they can be handled by computer security incident response teams (CSIRTs)Decrease remediation costs by eliminating vulnerabilities before software is deployed
© 2006 Carnegie Mellon University 5
Overall ThrustsAdvance the state of the practice in secure coding
Identify common programming errors that lead to software vulnerabilities
Establish standard secure coding practices
Educate software developers
© 2006 Carnegie Mellon University 6
CERT Secure Coding Standards
Identify coding practices that can be used to improve the security of software systems under development
Coding practices are classified as either rules or recommendations
Rules need to be followed to claim compliance.Recommendations are guidelines or suggestions.
Development of Secure Coding Standards is a community effort
© 2006 Carnegie Mellon University 7
RulesCoding practices are defined as rules when
Violation of the coding practice will result in a security flaw that may result in an exploitable vulnerability.There is an enumerable set of exceptional conditions (or no such conditions) where violating the coding practice is necessary to ensure the correct behavior for the program.Conformance to the coding practice can be verified.
© 2006 Carnegie Mellon University 8
RecommendationsCoding practices are defined as recommendations when
Application of the coding practice is likely to improve system security.One or more of the requirements necessary for a coding practice to be considered a rule cannot be met.
© 2006 Carnegie Mellon University 9
Community Development Process
Published as candidate rules and recommendations on the CERT Wiki accessible from: www.cert.org/secure-coding
Rules are solicited from the community
Threaded discussions used for public vetting
Candidate coding practices are moved into a secure coding standard when consensus is reached
© 2006 Carnegie Mellon University 10
ScopeThe secure coding standards proposed by CERT are based on documented standard language versions as defined by official or de facto standards organizations.
Secure coding standards are under development for:C programming language (ISO/IEC 9899:1999) C++ programming language (ISO/IEC 14882-2003 )
Applicable technical corrigenda and documented language extensions such as the ISO/IEC TR 24731 extensions to the C library are also included.
© 2006 Carnegie Mellon University 11
Potential ApplicationsEstablish secure coding practices within an organization
may be extended with organization-specific rules cannot replace or remove existing rules
Train software professionals
Certify programmers in secure coding
Establish base-line requirements for software analysis tools
Certify software systems
© 2006 Carnegie Mellon University 12
System QualitiesSecurity is one of many system qualities that must be considered in the selection and application of a coding standard.
System qualities with significant overlapSafetyReliabilityAvailability
System qualities that influence securityMaintainabilityUnderstandability
System qualities that make security harderPortability
System qualities that may conflict with securityPerformanceUsability
© 2006 Carnegie Mellon University 13
Implementation & DemoExternally accessible system hosted on the CERT web site
SoftwareAtlassian's confluence wiki with unlimited named users
HardwareOne Dell PowerEdge 2850 Two Intel Xeon Processors at 3.0GHz/2MB Cache, 800MHz FSBMemory 2GB DDR2 400MHz (2X1GBPrimary Controller Embedded RAID (ROMB) Three 73GB 10K RPM Ultra 320 SCSI Hard Drives
© 2006 Carnegie Mellon University 14
Demo
© 2006 Carnegie Mellon University 15
Future DirectionsProvide similar products for other languages
C++/CLIC#JavaAdaEtc.
Produce language independent guidance cross-referenced with specific examples from target languages
© 2006 Carnegie Mellon University 16
Questions
© 2006 Carnegie Mellon University 17
For More InformationVisit the CERT® web site
http://www.cert.org/secure-coding/Contact Presenter
Robert C. Seacord [email protected] CERT Coordination Center
Software Engineering InstituteCarnegie Mellon University4500 Fifth AvenuePittsburgh PA 15213-3890
Hotline: 412-268-7090CERT/CC personnel answer 8:00 a.m.–5:00 p.m.and are on call for emergencies during other hours.
Fax: 412-268-6989
E-mail: [email protected]
![Version 2.2, September 26, 2012 Development, Volume II ...€¦ · Coding Standard [Seacord 09] and on the CERT Secure Coding Wiki. Some lists have been adopted by organizations as](https://static.documents.pub/doc/80x56/603df76fa327545a4b58ae40/version-22-september-26-2012-development-volume-ii-coding-standard-seacord.jpg)
