The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)

Robert C. Seacord

  • 出版商: Prentice Hall
  • 出版日期: 2014-04-14
  • 定價: $1,800
  • 售價: 9.5$1,710
  • 語言: 英文
  • 頁數: 576
  • 裝訂: Paperback
  • ISBN: 0321984048
  • ISBN-13: 9780321984043
  • 相關分類: C 程式語言
  • 立即出貨 (庫存=1)



“At Cisco, we have adopted the CERT C Coding Standard as the internal secure coding standard for all C developers. It is a core component of our secure development lifecycle. The coding standard described in this book breaks down complex software security topics into easy-to-follow rules with excellent real-world examples. It is an essential reference for any developer who wishes to write secure and resilient software in C and C++.”
—Edward D. Paradise, vice president, engineering, threat response, intelligence, and development, Cisco Systems

Secure programming in C can be more difficult than even many experienced programmers realize. To help programmers write more secure code, The CERT® C Coding Standard, Second Edition, fully documents the second official release of the CERT standard for secure coding in C. The rules laid forth in this new edition will help ensure that programmers’ code fully complies with the new C11 standard; it also addresses earlier versions, including C99.

The new standard itemizes those coding errors that are the root causes of current software vulnerabilities in C, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each of the text’s 98 guidelines includes examples of insecure code as well as secure, C11-conforming, alternative implementations. If uniformly applied, these guidelines will eliminate critical coding errors that lead to buffer overflows, format-string vulnerabilities, integer overflow, and other common vulnerabilities.


This book reflects numerous experts’ contributions to the open development and review of the rules and recommendations that comprise this standard.


Coverage includes

  • Preprocessor
  • Declarations and Initialization
  • Expressions
  • Integers
  • Floating Point
  • Arrays
  • Characters and Strings
  • Memory Management
  • Input/Output
  • Environment
  • Signals
  • Error Handling
  • Concurrency
  • Miscellaneous Issues


「在思科,我們已經採用了CERT C編碼標準作為所有C開發人員的內部安全編碼標準。它是我們安全開發生命週期的核心組件。本書中描述的編碼標準將複雜的軟體安全主題分解為易於遵循的規則,並提供了出色的實際範例。對於希望在C和C++中編寫安全且具有彈性的軟體的任何開發人員來說,這是一本必不可少的參考書。」—思科系統工程、威脅應對、情報和開發副總裁Edward D. Paradise

「在C中進行安全編程可能比許多有經驗的程式設計師意識到的還要困難。為了幫助程式設計師編寫更安全的程式碼,《CERT® C編碼標準第二版》完整記錄了CERT安全編碼C標準的第二個正式版本。本新版中的規則將有助於確保程式設計師的程式碼完全符合新的C11標準,同時也涵蓋了早期版本,包括C99。」