没有合适的资源?快使用搜索试试~ 我知道了~
C安全编码标准(实现C安全编程的权威指南)__...
5星 · 超过95%的资源 需积分: 11 24 下载量 185 浏览量
2012-02-18
08:54:34
上传
评论
收藏 2.05MB PDF 举报
温馨提示
试读
480页
This document represents a preliminary draft of the CERT CProgramming Language Secure CodingStandard. This project was initiated following the 2006 Berlin meeting of WG14 to produce a securecoding standard based on the C99 standard. Although this is an incomplete work, we would greatlyappreciate your comments and feedback at this time to further the development and refinement of thematerial. Please provide comments that are commensurate with the existing detailinthedocument. Forexample, if a rule or recommendation is simply a stub you may wish to comment if you think having arule or recommendation in that area is unwarranted.
资源推荐
资源详情
资源评论
Legal Notice
This page last changed on Sep 10, 2007 by rcs.
CERT C Programming Language Secure Coding
Standard
Document No. N1255
September 10, 2007
Legal Notice
This document represents a preliminary draft of the CERT C Programming Language Secure Coding
Standard. This project was initiated following the 2006 Berlin meeting of WG14 to produce a secure
coding standard based on the C99 standard. Although this is an incomplete work, we would greatly
appreciate your comments and feedback at this time to further the development and refinement of the
material. Please provide comments that are commensurate with the existing detail in the document. For
example, if a rule or recommendation is simply a stub you may wish to comment if you think having a
rule or recommendation in that area is unwarranted.
This work is sponsored by the U.S. Department of Defense.
The Software Engineering Institute is a federally funded research and development center sponsored by
the U.S. Department of Defense.
Copyright 2007 Carnegie Mellon University.
NO WARRANTY
THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS
FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO,
WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED
FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY
KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark
holder.
Internal use. Permission to reproduce this document and to prepare derivative works from this document
for internal use is granted, provided the copyright and "No Warranty" statements are included with all
reproductions and derivative works.
External use. Requests for permission to reproduce this document or prepare derivative works of this
document for external and commercial use should be addressed to the SEI Licensing Agent.
This work was created in the performance of Federal Government Contract Number F19628-00-C-0003
Document generated by Confluence on Sep 10, 2007 13:11 Page 8
with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded
research and development center. The Government of the United States has a royalty-free
government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any
manner, and to have or permit others to do so, for government purposes pursuant to the copyright
license under the clause at 252.227-7013.
Document generated by Confluence on Sep 10, 2007 13:11 Page 9
Acknowledgements
This page last changed on Aug 07, 2007 by rcs.
Thanks to everyone who contributed to making this effort a success.
Contributors
Juan Alvarado, Hal Burch, Stephen C. Dewhurst, Chad Dougherty, Mark Dowd, William Fithen, Jeffrey
Gennari, Shaun Hedrick, Fred Long, John McDonald, Justin Pincar, Thomas Plum, Dan Saks, Robert C.
Seacord.
Reviewers
Jerry Leichter, Scott Meyers, Ron Natalie, Dan Plakosh, Michel Schinz, Eric Sosman, Andrey Tarasevich,
Henry S. Warren, and Ivan Vecerina.
Editors
Jodi Blake, Pamela Curtis
Developers and Administrators
Rudolph Maceyko, Jason McCormick, Joe McManus, Brad Rubbo
Special Thanks
Jeff Carpenter, Jason Rafail, Frank Redner
Document generated by Confluence on Sep 10, 2007 13:11 Page 11
CERT C Programming Language Secure Coding Standard
This page last changed on Jun 14, 2007 by jpincar.
00. Introduction
01. Preprocessor (PRE)
02. Declarations and Initialization (DCL)
03. Expressions (EXP)
04. Integers (INT)
05. Floating Point (FLP)
06. Arrays (ARR)
07. Strings (STR)
08. Memory Management (MEM)
09. Input Output (FIO)
10. Temporary Files (TMP)
11. Environment (ENV)
12. Signals (SIG)
13. Miscellaneous (MSC)
50. POSIX
99. The Void
AA. C References
BB. Definitions
Document generated by Confluence on Sep 10, 2007 13:11 Page 12
00. Introduction
This page last changed on Mar 20, 2007 by pdc@sei.cmu.edu.
An essential element of secure coding in the C programming language is well documented and
enforceable coding standards. Coding standards encourage programmers to follow a uniform set of rules
and guidelines determined by the requirements of the project and organization, rather than by the
programmer's familiarity or preference. Once established, these standards can be used as a metric to
evaluate source code (using manual or automated processes).
Scope
Rules Versus Recommendations
Development Process
Usage
System Qualities
Priority and Levels
Identifiers
Document generated by Confluence on Sep 10, 2007 13:11 Page 13
剩余479页未读,继续阅读
资源评论
- yangyangwb2014-07-24英文版,描述比较详细。谢谢分享
- sunny_1112012-12-27各点描述的比较详细。但是没找到我需要的关于耦合度方面的描述。
- sjy19672014-02-06英文版的C语言安全编码标准,是C语言程序员进行软件安全开发时很全面的指导性文献。
- bdgjmt2013-09-04描述的比较详细。必看.good
- allthorn2013-04-19每一位C程序员必看,实现C安全编程的权威指南。
whh20092966
- 粉丝: 3
- 资源: 11
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功