icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions

Technical Note
By
In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2012-TN-016
DOI (Digital Object Identifier)
10.1184/R1/6584468.v1
Topic or Tag

Abstract

The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program’s lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks. This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT® C Secure Coding Standard.

SHARE
Download PDF
Part of a Collection

SCALe Collection
Cite This Technical Note

Morrow, T., Seacord, R., Bergey, J., & Miller, P. (2012, July 1). Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions. (Technical Note CMU/SEI-2012-TN-016). Retrieved December 3, 2024, from https://doi.org/10.1184/R1/6584468.v1.

@techreport{morrow_2012,
author={Morrow, Timothy and Seacord, Robert and Bergey, John and Miller, Philip},
title={Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions},
month={{Jul},
year={{2012},
number={{CMU/SEI-2012-TN-016},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6584468.v1},
note={Accessed: 2024-Dec-3}
}

Morrow, Timothy, Robert Seacord, John Bergey, and Philip Miller. "Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions." (CMU/SEI-2012-TN-016). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, July 1, 2012. https://doi.org/10.1184/R1/6584468.v1.

T. Morrow, R. Seacord, J. Bergey, and P. Miller, "Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2012-TN-016, 1-Jul-2012 [Online]. Available: https://doi.org/10.1184/R1/6584468.v1. [Accessed: 3-Dec-2024].

Morrow, Timothy, Robert Seacord, John Bergey, and Philip Miller. "Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions." (Technical Note CMU/SEI-2012-TN-016). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Jul. 2012. https://doi.org/10.1184/R1/6584468.v1. Accessed 3 Dec. 2024.

Morrow, Timothy; Seacord, Robert; Bergey, John; & Miller, Philip. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions. CMU/SEI-2012-TN-016. Software Engineering Institute. 2012. https://doi.org/10.1184/R1/6584468.v1

Ask a question about this Technical Note