Upload
testabc
View
212
Download
0
Embed Size (px)
DESCRIPTION
gfhfghfh
Citation preview
3/26/2015 ComplianceCERTC++CodingStandardCERTSecureCodingStandards
https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance 1/2
Pages / / AutomaticallyGeneratedCode
CreatedbyJustinPincar,lastmodifiedbyDavidSvobodaonNov06,2008
Compliance
SoftwaresystemscanbevalidatedasconformingtotheCERTC++SecureCodingStandard.Sourcecodeanalysistoolsincludingcompilersandstaticanalysistools,canbecertifiedasabletovalidatesourcecodeasconformingtothisstandard.
SourceCodeComplianceTheCERTC++SecureCodingStandardcanbeusedasameasureofsoftwaresecuritybydeterminingthedegreetowhichasoftwaresystemcomplieswiththerulesandrecommendationsinthisstandard.Whilecompliancedoesnotguaranteetheabsenceofvulnerabilities(forexample,vulnerabilitiesresultingfromdesignflaws),itdoesguaranteetheabsenceofcodingerrorsthatarecommonlyfoundtobetherootcausesofvulnerabilities.
TheeasiestwaytovalidatecodeascompliantwiththeCERTC++SecureCodingstandardistouseacertifiedsourcecodeanalysistool.
ToolSelectionandValidationWhenchoosingacompiler(whichshouldbeunderstoodtoincludethelinker),aC++98compliantcompilershouldbeusedwheneverpossible.
Whenchoosingasourcecodeanalysistool,itisclearlydesirablethatthetoolbeabletoenforceasmanyoftherulesinthisdocumentaspossible.
Compilersandsourcecodeanalysistoolsaretrustedprocesses,meaningthatadegreeofrelianceisplacedontheoutputofthetools.Consequently,developersmustensurethatthistrustisnotmisplaced.Ideally,thisshouldbeachievedbythetoolsupplierrunningappropriatevalidationtests.Whileitispossibletouseavalidationsuitetotestacompilerorsourcecodeanalysistools,noformalvalidationschemeexistsatthetimeofpublicationofthisbook.
LevelsRulesandrecommendationsinthisstandardareclassifiedintothreelevels.EmphasisshouldbeplacedonconformanceLevel1(L1)rules.SoftwaresystemsthathavebeenvalidatedascomplyingwithallLevel1rulesareconsideredtobeL1Conforming.SoftwaresystemscanbeassessedasL1,L2,orfullyconformingdependingonthesetofrulestowhichthesystemhasbeenvalidated.
RulesversusRecommendationsConformancetosecurecodingrulesmustbedemonstratedtoclaimcompliancewiththisstandardunlessanexceptionalconditionexists.Ifanexceptionalconditionisclaimed,theexceptionmustcorrespondtoapredefinedexceptionalconditionandtheapplicationofthisexceptionmustbedocumentedinthesourcecode.
Compliancewithrecommendationsisnotnecessarytoclaimcompliancewiththisstandard.Itispossible,however,toclaimcompliancewithrecommendations(especiallyincasesinwhichcompliancecanbeverified).
DeviationProcedure
3/26/2015 ComplianceCERTC++CodingStandardCERTSecureCodingStandards
https://www.securecoding.cert.org/confluence/display/cplusplus/Compliance 2/2
Strictadherencetoallrulesisunlikely.Consequently,deviationsassociatedwithindividualsituationsarepermissible.
Deviationsmayoccurforaspecificinstance,typicallyinresponsetocircumstancesthatariseduringthedevelopmentprocessorforasystematicuseofaparticularconstructinaparticularcircumstance.Systematicdeviationsareusuallyagreeduponatthestartofaproject.
Forthesesecurecodingrulestohaveauthority,itisnecessarythataformalprocedurebeusedtoauthorizethesedeviationsratherthananindividualprogrammerhavingdiscretiontodeviateatwill.Theuseofadeviationmustbejustifiedonthebasisofbothnecessityandsecurity.Rulesthathaveahighseverityand/orahighlikelihoodrequireamorestringentprocessforagreeingtoadeviationthandoruleswithalowseveritythatareunlikelytoresultinavulnerability.
Toclaimcompliancewiththisstandard,softwaredevelopersmustbeabletoproduceonrequestdocumentationastowhichsystematicandspecificdeviationshavebeenpermittedduringdevelopment.
Nolabels
Home|About|Contact|FAQ
|Statistics|Jobs|Termsof
Use
Copyright19952014
CarnegieMellonUniversity