Pages / … / Automatically Generated Code Created by Justin Pincar, last modified by David Svoboda on Nov 06, 2008 Compliance Software systems can be validated as conforming to the CERT C++ Secure Coding Standard. Source code analysis tools including compilers and static analysis tools, can be certified as able to validate source code as conforming to this standard. Source Code Compliance The CERT C++ Secure Coding Standard can be used as a measure of software security by determining the degree to which a software system complies with the rules and recommendations in this standard. While compliance does not guarantee the absence of vulnerabilities (for example, vulnerabilities resulting from design flaws), it does guarantee the absence of coding errors that are commonly found to be the root causes of vulnerabilities. The easiest way to validate code as compliant with the CERT C++ Secure Coding standard is to use a certified source code analysis tool. Tool Selection and Validation When choosing a compiler (which should be understood to include the linker), a C++98compliant compiler should be used whenever possible. When choosing a source code analysis tool, it is clearly desirable that the tool be able to enforce as many of the rules in this document as possible. Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Consequently, developers must ensure that this trust is not misplaced. Ideally, this should be achieved by the tool supplier running appropriate validation tests. While it is possible to use a validation suite to test a compiler or source code analysis tools, no formal validation scheme exists at the time of publication of this book. Levels Rules and recommendations in this standard are classified into three levels. Emphasis should be placed on conformance Level 1 (L1) rules. Software systems that have been validated as complying with all Level 1 rules are considered to be L1 Conforming. Software systems can be assessed as L1, L2, or fully conforming depending on the set of rules to which the system has been validated. Rules versus Recommendations Conformance to secure coding rules must be demonstrated to claim compliance with this standard unless an exceptional condition exists. If an exceptional condition is claimed, the exception must correspond to a predefined exceptional condition and the application of this exception must be documented in the source code. Compliance with recommendations is not necessary to claim compliance with this standard. It is possible, however, to claim compliance with recommendations (especially in cases in which compliance can be verified). Deviation Procedure

00. Compliance

Download PDF Report

Upload
testabc
View
212
Download
0

Embed Size (px)

DESCRIPTION

gfhfghfh

Citation preview

3/26/2015 ComplianceCERTC++CodingStandardCERTSecureCodingStandards

https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance 1/2

Pages / / AutomaticallyGeneratedCode

CreatedbyJustinPincar,lastmodifiedbyDavidSvobodaonNov06,2008

Compliance

SoftwaresystemscanbevalidatedasconformingtotheCERTC++SecureCodingStandard.Sourcecodeanalysistoolsincludingcompilersandstaticanalysistools,canbecertifiedasabletovalidatesourcecodeasconformingtothisstandard.

SourceCodeComplianceTheCERTC++SecureCodingStandardcanbeusedasameasureofsoftwaresecuritybydeterminingthedegreetowhichasoftwaresystemcomplieswiththerulesandrecommendationsinthisstandard.Whilecompliancedoesnotguaranteetheabsenceofvulnerabilities(forexample,vulnerabilitiesresultingfromdesignflaws),itdoesguaranteetheabsenceofcodingerrorsthatarecommonlyfoundtobetherootcausesofvulnerabilities.

TheeasiestwaytovalidatecodeascompliantwiththeCERTC++SecureCodingstandardistouseacertifiedsourcecodeanalysistool.

ToolSelectionandValidationWhenchoosingacompiler(whichshouldbeunderstoodtoincludethelinker),aC++98compliantcompilershouldbeusedwheneverpossible.

Whenchoosingasourcecodeanalysistool,itisclearlydesirablethatthetoolbeabletoenforceasmanyoftherulesinthisdocumentaspossible.

Compilersandsourcecodeanalysistoolsaretrustedprocesses,meaningthatadegreeofrelianceisplacedontheoutputofthetools.Consequently,developersmustensurethatthistrustisnotmisplaced.Ideally,thisshouldbeachievedbythetoolsupplierrunningappropriatevalidationtests.Whileitispossibletouseavalidationsuitetotestacompilerorsourcecodeanalysistools,noformalvalidationschemeexistsatthetimeofpublicationofthisbook.

LevelsRulesandrecommendationsinthisstandardareclassifiedintothreelevels.EmphasisshouldbeplacedonconformanceLevel1(L1)rules.SoftwaresystemsthathavebeenvalidatedascomplyingwithallLevel1rulesareconsideredtobeL1Conforming.SoftwaresystemscanbeassessedasL1,L2,orfullyconformingdependingonthesetofrulestowhichthesystemhasbeenvalidated.

RulesversusRecommendationsConformancetosecurecodingrulesmustbedemonstratedtoclaimcompliancewiththisstandardunlessanexceptionalconditionexists.Ifanexceptionalconditionisclaimed,theexceptionmustcorrespondtoapredefinedexceptionalconditionandtheapplicationofthisexceptionmustbedocumentedinthesourcecode.

Compliancewithrecommendationsisnotnecessarytoclaimcompliancewiththisstandard.Itispossible,however,toclaimcompliancewithrecommendations(especiallyincasesinwhichcompliancecanbeverified).

DeviationProcedure
3/26/2015 ComplianceCERTC++CodingStandardCERTSecureCodingStandards

https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance 2/2

Strictadherencetoallrulesisunlikely.Consequently,deviationsassociatedwithindividualsituationsarepermissible.

Deviationsmayoccurforaspecificinstance,typicallyinresponsetocircumstancesthatariseduringthedevelopmentprocessorforasystematicuseofaparticularconstructinaparticularcircumstance.Systematicdeviationsareusuallyagreeduponatthestartofaproject.

Forthesesecurecodingrulestohaveauthority,itisnecessarythataformalprocedurebeusedtoauthorizethesedeviationsratherthananindividualprogrammerhavingdiscretiontodeviateatwill.Theuseofadeviationmustbejustifiedonthebasisofbothnecessityandsecurity.Rulesthathaveahighseverityand/orahighlikelihoodrequireamorestringentprocessforagreeingtoadeviationthandoruleswithalowseveritythatareunlikelytoresultinavulnerability.

Toclaimcompliancewiththisstandard,softwaredevelopersmustbeabletoproduceonrequestdocumentationastowhichsystematicandspecificdeviationshavebeenpermittedduringdevelopment.

Nolabels

Home|About|Contact|FAQ

|Statistics|Jobs|Termsof

Use

Copyright19952014

CarnegieMellonUniversity