Yet Another Coding Standard?
Over at Matasano, Tom Ptacek skewers the new CERT Secure Programming Standard by asking: Do We Need an ISO Secure Coding Standard? [link to http://www.matasano.com/log/388/do-we-need-an-iso-secure-coding-standard/ no longer works]. The entire article is well worth reading, but it sums up nicely with this:
There are already a myriad of good sources of information about
secure programming, including books targeted specifically to
developers that don’t have experience with secure
programming. I don’t understand why a wiki or an ISO standard
would be more accessible to these developers, who write the
majority of all code.
Thanks Tom.
Shoot. My coding standard, at http://homeport.org/~adam/review.html is all anyone ever needs, and its cheaper and better written than an ISO standard.
The people who will read the standard probably don’t need to, and those that need to will never hear about it, or care to read about it, unless managers and/or senior developers make it mandatory reading for new developers on their team.