Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

A view in the Common Weakness Enumeration published by The MITRE Corporation.


Objective

Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008.

Target Audience

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could link them to the relevant Secure Coding Standard.

Product Customers

If a software developer claims to be following the CERT C Secure Coding standard, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.

Software Developers

By following the CERT C Secure Coding Standard, developers will be able to fully or partially prevent the weaknesses that are identified in this view. In addition, developers can use a CWE coverage graph to determine which weaknesses are not directly addressed by the standard, which will help identify and resolve remaining gaps in training, tool acquisition, or other approaches for reducing weaknesses.

Categories

Deprecated or Obsolete

CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)

Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) appendix of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)

Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)

Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)

Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)

Weaknesses in this category are related to the rules and recommendations in the Integers (INT) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)

Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)

Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)

Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)

Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)

Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)

Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)

Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)

Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) chapter of the CERT C Secure Coding Standard (2008).

CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)

Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) chapter of the CERT C Secure Coding Standard (2008).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.