Shostack + Friends Blog Archive

 

Yet Another Coding Standard?

Over at Matasano, Tom Ptacek skewers the new CERT Secure Programming Standard by asking: Do We Need an ISO Secure Coding Standard? [link to http://www.matasano.com/log/388/do-we-need-an-iso-secure-coding-standard/ no longer works]. The entire article is well worth reading, but it sums up nicely with this:

There are already a myriad of good sources of information about
secure programming, including books targeted specifically to
developers that don’t have experience with secure
programming. I don’t understand why a wiki or an ISO standard
would be more accessible to these developers, who write the
majority of all code.

Thanks Tom.

2 comments on "Yet Another Coding Standard?"

  • adam says:

    Shoot. My coding standard, at http://homeport.org/~adam/review.html is all anyone ever needs, and its cheaper and better written than an ISO standard.

  • Jason says:

    The people who will read the standard probably don’t need to, and those that need to will never hear about it, or care to read about it, unless managers and/or senior developers make it mandatory reading for new developers on their team.

Comments are closed.