[SC-L] Language agnostic secure coding guidelines/standards?
Steven M. Christey
coley at linus.mitre.org
Mon Nov 17 16:49:56 EST 2008
The CWE Research view (CWE-1000) is language-neutral at its higher-level
nodes, and decomposes in some areas into language-specific constructs.
Early experience suggests that this view is not necessarily
developer-friendly, however, because it's not organized around the types
of concepts that developers typically think in.
http://cwe.mitre.org/data/definitions/1000.html
(click the Graph tab on the top right of the page to see the breakdown)
Obviously the CWE is a badness-ometer-pedia but suggests some areas that
your guidelines would hopefully address.
- Steve
More information about the SC-L
mailing list