The CERT® C Coding Standard, Second Edition 98 Rules for Developing Safe, Reliable, and Secure Systems

  • ISBN13:


  • ISBN10:


  • Edition: 2nd
  • Format: Paperback
  • Copyright: 4/14/2014
  • Publisher: Addison-Wesley Professional
  • Purchase Benefits
  • Free Shipping On Orders Over $59!
    Your order must be $59 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $59.99 Save up to $9.00
  • Buy New


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


“At Cisco, we have adopted the CERT C Coding Standard as the internal secure coding standard for all C developers. It is a core component of our secure development lifecycle. The coding standard described in this book breaks down complex software security topics into easy-to-follow rules with excellent real-world examples. It is an essential reference for any developer who wishes to write secure and resilient software in C and C++.”
—Edward D. Paradise, vice president, engineering, threat response, intelligence, and development, Cisco Systems

Secure programming in C can be more difficult than even many experienced programmers realize. To help programmers write more secure code, The CERT® C Coding Standard, Second Edition, fully documents the second official release of the CERT standard for secure coding in C. The rules laid forth in this new edition will help ensure that programmers’ code fully complies with the new C11 standard; it also addresses earlier versions, including C99.

The new standard itemizes those coding errors that are the root causes of current software vulnerabilities in C, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each of the text’s 98 guidelines includes examples of insecure code as well as secure, C11-conforming, alternative implementations. If uniformly applied, these guidelines will eliminate critical coding errors that lead to buffer overflows, format-string vulnerabilities, integer overflow, and other common vulnerabilities.


This book reflects numerous experts’ contributions to the open development and review of the rules and recommendations that comprise this standard.


Coverage includes

  • Preprocessor
  • Declarations and Initialization
  • Expressions
  • Integers
  • Floating Point
  • Arrays
  • Characters and Strings
  • Memory Management
  • Input/Output
  • Environment
  • Signals
  • Error Handling
  • Concurrency
  • Miscellaneous Issues

Author Biography

Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.

Robert C. Seacord manages the Secure Coding Initiative in the CERT Division of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, PA. CERT, among other security related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute. He represents CMU at PL22.11 (ANSI “C”) and is a technical expert for the JTC1/SC22/WG14 international standardization working group for the C programming language.

Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System.

Robert has a B.A. in computer science from Rensselaer Polytechnic Institute.

Table of Contents

Previous Edition Table of Contents:

Chapter 1: Using This Standard
Chapter 2: Preprocessor (PRE)
Chapter 3: Declarations and Initialization (DCL)
Chapter 4: Expressions (EXP)

Chapter 5: Integers (INT)

Chapter 6: Floating Point (FLP)

Chapter 7: Arrays (ARR)

Chapter 8: Characters and Strings (STR)

Chapter 9: Memory Management (MEM)

Chapter 10: Input/Output (FIO)

Chapter 11: Environment (ENV)

Chapter 12: Signals (SIG)
Chapter 13: Error Handling (ERR)
Chapter 14: Miscellaneous (MSC)
Appendix: POSIX (POS) 


New Edition Will Also Include :

  • Application Programming Interfaces (API)
  • Concurrency (CON)
  • Miscellaneous (MSC)

Rewards Program

Write a Review