View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

admin 2022年1月14日11:43:05评论116 views字数 2352阅读7分50秒阅读模式

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

ID: 734

Type: Graph

Status: Obsolete

Objective

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete as a newer version of the coding standard is available.

Audience

Software Developers

By following the CERT C Secure Coding Standard, developers will be able to fully or partially prevent the weaknesses that are identified in this view. In addition, developers can use a CWE coverage graph to determine which weaknesses are not directly addressed by the standard, which will help identify and resolve remaining gaps in training, tool acquisition, or other approaches for reducing weaknesses.

Software Customers

If a software developer claims to be following the CERT C Secure Coding standard, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could link them to the relevant Secure Coding Standard.

Membership

CWE-ID title
CWE-735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
CWE-736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
CWE-737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
CWE-738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
CWE-739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
CWE-740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
CWE-741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
CWE-742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
CWE-743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
CWE-744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
CWE-745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
CWE-746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
CWE-747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
CWE-748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)

Notes

Relationship

The relationships in this view were determined based on specific statements within the rules from the standard. Not all rules have direct relationships to individual weaknesses, although they likely have chaining relationships in specific circumstances.

Maintenance

This view is no longer being actively maintained, since it statically represents the coding rules as they were in 2008.

引用

REF-597 The CERT C Secure Coding Standard

文章来源于互联网:scap中文网

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月14日11:43:05
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)https://cn-sec.com/archives/612532.html

发表评论

匿名网友 填写信息