Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Dewhurst, Stephen; Dougherty, Chad R.; Ito, Yurie; Keaton, David; Saks, Dan; Seacord, Robert C.; Svoboda, David; Taschner, Christopher; Togashi, Kazuya

doi:10.1184/R1/6573572.v1

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

report

posted on 2008-06-01, 00:00 authored by Stephen Dewhurst, Chad R. Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert C. Seacord, David SvobodaDavid Svoboda, Christopher Taschner, Kazuya Togashi

This report describes a study conducted by the CERT Secure Coding Initiative and JPCERT to evaluate the efficacy of the CERT Secure Coding Standards and source code analysis tools in improving the quality and security of commercial software projects. In addition to assessing the ability of existing tools to detect violations of the standard, the ability to extend and improve the tools is surveyed. Finally, the use of a selected tool to improve the quality of code in the real-world case of a Japanese software vendor's product is described

History

Date

2008-06-01

Usage metrics

Keywords

software engineering technical report Software Engineering

Licence

In Copyright

Exports

RefWorks

BibTeX

Ref. manager

Endnote

DataCite

NLM

DC

Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

History

Date

Usage metrics

Categories

Keywords

Licence

Exports