Tel. +31­ 345 545535
 
Embedded
Products
 
Solutions
Coming soon...
 
Partners
Who we work with
 
News
What's going on
 
Media
Something to read
 
About
Who we are
 
Contact
Where we are
You are on the following page: Products > CERT -C English | Nederlands
Products
 
Embedded Development Tools
Software Quality Assurance & Test
Safety Critical & Certified Systems
RTOS, Platforms & Middleware
Protocol Stacks & Security
Device Management, IoT, Cloud
Production Programming & System Test
Protocol & Bus (conformance) Test
Industrial & IIoT
 

CERT -C

What is CERT -C

The CERT C Secure Coding Standard provides rules and recommendations for secure coding in the C programming language. The goal of these rules and recommendations is to eliminate insecure coding practices and undefined behaviours that can lead to exploitable vulnerabilities. The application of the secure coding standard will lead to higher-quality systems that are robust and more resistant to attack

Why Secure Coding?

Security is an important parameter that contributes to overall system quality. Easily avoided software defects are a primary cause of commonly exploited software vulnerabilities. CERT (Computer Emergency Response Team) has observed, through an analysis of thousands of vulnerability reports, that most vulnerabilities stem from a relatively small number of common programming errors. By identifying insecure coding practices and developing secure alternatives, software developers can take practical steps to reduce or eliminate vulnerabilities before deployment.

part of this initiative, the CERT Secure Coding team works with software developers and software development organisations to reduce vulnerabilities resulting from coding errors before they are deployed. In collaboration with the software assurance and C language development communities, CERT developed the CERT C Secure Coding Standard to provide secure coding guidance to developers and suggests secure code must exhibits properties like:
  • Dependability: Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host.
  • Trustworthiness: Trustworthy software contains few if any vulnerabilities or weaknesses that can be intentionally exploited to subvert or sabotage the software's dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner.
  • Survivability: Survivable software is software that is resilient enough to (1) either resist (i.e., protect itself against) or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible, and (2) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate.

Solution:
Integrating Security into the Software Development Lifecycle (SDLC)

"Security enhancement" of the SDLC process mainly involves the adaptation or augmentation of existing SDLC activities, practices, and checkpoints, and in a few instances, it may also entail the addition of new activities, practices, or checkpoints. In very few instances, it may also require the elimination or wholesale replacement of certain activities or practices that are known to obstruct the ability to produce secure software. The key elements of a secure software life cycle process are:

  • Security risk identification
  • Add security to system requirements
  • Add security to architectural design
  • Adopt secure coding practices
  • Test for security or security testing practices that focus on verifying the dependability, trustworthiness, and sustainability of the software being tested.

 

For more information please contact Gerard Fianen at Indes IDS BV

    
 
 
LDRA Ltd.
 

 
 

INDES-IDS BV offers solutions for Embedded Software Development as well as for the Telecommunication NEMS and Service Providers. In these markets we offer products of either the market leader or the innovation leaders. Our goal is to assist you to get to the market sooner by offering a combination of products, knowledge and services.