Rules for secure C language software development
The C language offers great freedom to developers. Nevertheless, it comes with ambiguous or risky constructions that foster programming errors. The language standard does not specify all desired behaviors, and some remain therefore undefined or unspecified.
It is then up to the developers of compilers, software libraries or operating systems to make their own decisions. Establishing restrictions on the use of the C language is thus necessary to identify the various risky or non-portable constructions, and to limit or even ban their use.
This guide defines a set of rules, recommendations and good practices dedicated to secure developments with the C language. This guide has several objectives:
- increase the security, the quality and the reliability of written source code, by identifying bad or hazardous programming practices;
- facilitate source code analysis during peer reviews or by static analysis tools;
- instate a level of trust in the security, reliability and robustness of a development;
- further software maintainability while also helping with adding features.
This guide does not pertain to a particular field of application and is not intended to replace development constraints imposed by any normative context (automotive or aeronautical industries, critical systems, etc.). It addresses precisely secure C developments that are not covered by such normative constraints. This guide is also available in French: "Règles de programmation pour le développement sécurisé de logiciels en langage C"