|
|
|
|
|
|
by kjs3
3958 days ago
|
|
|
Seconding CERT. Lots of good advice. Certainly the place to start. Along the same lines are the MISRA guidelines, though they are 1) targeted more towards embedded systems and 2) stupidly not freely available. There's an ISO standard for secure C coding (ISO/IEC TS 17961:2013) which is also not free. While you might not get to source document, there are hundreds of sites that summarize the requirements and recommendations. SANS has a secure coding track worth checking out. There's a tremendous amount of useful stuff in the NIST SAMATE project. The OpenBSD folks write a lot about secure C coding. Mozilla has some pretty good general advice at https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines So does Apple: https://developer.apple.com/library/mac/documentation/Securi... |
|
|