Shostack + Friends Blog Archive


Yet Another Coding Standard?

Over at Matasano, Tom Ptacek skewers the new CERT Secure Programming Standard by asking: Do We Need an ISO Secure Coding Standard?. The entire article is well worth reading, but it sums up nicely with this:

There are already a myriad of good sources of information about
secure programming, including books targeted specifically to
developers that don’t have experience with secure
programming. I don’t understand why a wiki or an ISO standard
would be more accessible to these developers, who write the
majority of all code.

Thanks Tom.

2 comments on "Yet Another Coding Standard?"

  • adam says:

    Shoot. My coding standard, at is all anyone ever needs, and its cheaper and better written than an ISO standard.

  • Jason says:

    The people who will read the standard probably don’t need to, and those that need to will never hear about it, or care to read about it, unless managers and/or senior developers make it mandatory reading for new developers on their team.

Comments are closed.