Rules for secure coding in the C++ programming language

The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities.

This C++ Coding Standard joins the SEI CERT C Coding Standard that was released in 2016. Both of these standards have been made available as free downloads in response to user demand, providing a wealth of expert knowledge and best practices for developing secure software systems in C and C++.

The latest edition of the SEI CERT C++ Coding Standard reflects a decade of research and includes 83 new rules that take into account features of the C++ language that are not part of the C language. The majority of the SEI CERT C Coding Standard also provides guidance that is important for developing secure C++ programs, and they should both be used by C++ development programs.

“This newly released C++ standard adds to our previously released C standard secure coding guidance for features that are unique to the C++ language. For example, this standard has guidance for object oriented programming and containers,” said Robert Schiela, technical manager, Secure Coding, for the SEI’s CERT Division. “It also contains guidance for features that were added to C++14, like lambda objects.”

Mark Sherman, technical director, Cybersecurity Foundations, for the SEI’s CERT Division, added, “The SEI CERT C++ Coding Standard joins our other free guidelines for secure software development, making secure development best practices easily accessible to everyone. This new format can be widely shared for use in classes, tools, professional guides, internal development standards, acquisition and procurement specifications, and other environments.”