- Series: SEI Series in Software Engineering
- Paperback: 576 pages
- Publisher: Addison-Wesley Professional; 2 edition (April 24, 2014)
- Language: English
- ISBN-10: 0321984048
- ISBN-13: 978-0321984043
- Product Dimensions: 6.9 x 1.3 x 9 inches
- Shipping Weight: 2 pounds (View shipping rates and policies)
- Average Customer Review: 5 customer reviews
- Amazon Best Sellers Rank: #917,673 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd Edition) (SEI Series in Software Engineering) 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
Frequently bought together
Customers who bought this item also bought
About the Author
Robert C. Seacord is a computer security specialist and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering.
Robert C. Seacord manages the Secure Coding Initiative in the CERT Division of Carnegie Mellon’s Software Engineering Institute (SEI) in Pittsburgh, PA. CERT, among other security related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute. He represents CMU at PL22.11 (ANSI “C”) and is a technical expert for the JTC1/SC22/WG14 international standardization working group for the C programming language.
Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System.
Robert has a B.A. in computer science from Rensselaer Polytechnic Institute.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
This book is for the airbag and pacemaker crowd, not the music and games people. It's for the times when your software absolutely has to be right. And, frankly, the "proof of correctness" schemes I've seen just aren't good enough. For example, in twos-comp arithmetic (by far the most popular), a minus sign can cause integer overflow. You might expect that for a negative value of X, the value of (-X) would be positive - well, not always. There's that one special case where that's not true. (Was that case part of your theorem prover? If not, it's not a proof.) This book goes into that mouse-milking level of detail, shows examples of the errors, and show examples of how to code past them using standardized C constructs.
If you thought that was a unique corner case - well, it is, but the world is a Koch Snowflake of corner cases. Some have destroyed space missions and killed cancer patients. When utter correctness matters, too many factors show it to be impossible for any software to meet that standard. All you can do is fight the demons you know, and this introduces you to a fair menagerie of them.
Perhaps you lived through "coding standard" wars of various kinds, mostly centered on how many spaces to indent, where to capitalize variable names, or when to use a verb in a function name. This isn't that kind of coding standard. It ignores typography completely and gets straight to right and wrong answers, and some ways to avoid being wrong.
Nothing can ensure your program's perfect correctness - the Halting Problem robbed of of that comforting certainty. Books like this, however, can help you avoid conspicuous problems. Examples range from high-level things like shared access to files, down to the nittiest cases of arithmetic weirdness (of which there are many). All of that gives this book a ponderous pace, exposing each of the maculae in excruciating detail, and presenting fixes that strain one's attention even more -
- until a billion-dollar space probe or a patient's life depend of getting it truly, absolutely right. That's when you'll absorb every line of this book and beg for more.
• Secure Coding in C and C++
• Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
• Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
• The CERT Oracle Secure Coding Standard for Java
Seacord’s latest is the CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.
The book covers the entire core areas that every C programmer needs to know, including areas such as:
• characters and strings
• floating point
• memory management
• declarations and initialization
• error handling
The rules in the book can be used in parallel to ensure code is C11 (ISO/IEC 9899:2011) compliant.
Each of the rules in the book has the same format: title, description, noncompliant code examples and compliant solutions.
Programmers that implement these coding standards will find short-term gains in that the coding mistakes that leads to critical application errors such as buffer overflows are now mitigated.
This book is meant as a desktop reference for those coding in C. If you have programmers coding in C, you want to ensure that this book is on their desktop,
The goal of the book and its rules is meant to develop safe, reliable, and secure systems. Anyone who wants to do that should read definitely be reading CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.
If you program in C or C++, and want to improve the security of your software, read this book.