Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
[ISO/IEC 2004]. Con<strong>for</strong>mance assessment generally includes activities such as testing, inspection,<br />
and certification. <strong>SCALe</strong> limits the assessments to software systems implemented in standard versions<br />
of the C, C++, and Java programming languages.<br />
Con<strong>for</strong>mance assessment activities are characterized by ISO/IEC 17000 [ISO/IEC 2004] as<br />
• first party. The supplier organization itself carries out con<strong>for</strong>mance assessment to a standard,<br />
specification, or regulation—in other words, a self-assessment—known as a supplier’s declaration<br />
of con<strong>for</strong>mance.<br />
• second party. The customer of the organization (<strong>for</strong> example, a software consumer) per<strong>for</strong>ms<br />
the con<strong>for</strong>mance assessment.<br />
• third party. A body that is independent of the organization providing the product and that is<br />
not a user of the product per<strong>for</strong>ms the con<strong>for</strong>mance assessment.<br />
Which type of con<strong>for</strong>mance assessment is appropriate depends on the level of risk associated with<br />
the product or service and the customer’s requirements. <strong>SCALe</strong> is a third-party assessment per<strong>for</strong>med<br />
by <strong>CERT</strong> or a <strong>CERT</strong>-accredited laboratory on behalf of the supplier or on behalf of the<br />
customer with supplier approval and involvement.<br />
1.4 <strong>CERT</strong> Secure Coding Standards<br />
<strong>SCALe</strong> assesses con<strong>for</strong>mance of software systems to a <strong>CERT</strong> secure coding standard. As of yearend<br />
2010, <strong>CERT</strong> has completed one secure coding standard and has three additional coding standards<br />
under development.<br />
The <strong>CERT</strong> C Secure Coding Standard, Version 1.0, is the official version of the C language standards<br />
against which con<strong>for</strong>mance testing is per<strong>for</strong>med and is available as a book from Addison-<br />
Wesley [Seacord 2008]. It was developed specifically <strong>for</strong> versions of the C programming language<br />
defined by<br />
• ISO/IEC 9899:1999 Programming Languages — C, Second Edition [ISO/IEC 2005]<br />
• Technical Corrigenda TC1, TC2, and TC3<br />
• ISO/IEC TR 24731-1 Extensions to the C Library, Part I: Bounds-checking interfaces<br />
[ISO/IEC 2007]<br />
• ISO/IEC TR 24731-2 Extensions to the C Library, Part II: Dynamic Allocation Functions<br />
[ISO/IEC 2010a]<br />
Most of the rules in The <strong>CERT</strong> C Secure Coding Standard, Version 1.0, can be applied to earlier<br />
versions of the C programming language and to C++ language programs. While programs written<br />
in these programming languages may con<strong>for</strong>m to this standard, they may be deficient in other<br />
ways that are not evaluated by this con<strong>for</strong>mance test.<br />
It is also possible that maintenance releases of The <strong>CERT</strong> C Secure Coding Standard will address<br />
deficiencies in Version 1.0, and that software systems can be assessed against these releases of the<br />
standard.<br />
There are also several <strong>CERT</strong> secure coding standards under development that are not yet available<br />
<strong>for</strong> con<strong>for</strong>mance testing, including<br />
• The <strong>CERT</strong> C Secure Coding Standard, Version 2.0 [<strong>CERT</strong> 2010a]<br />
CMU/SEI-2010-TR-021 | 4