This guide defines a set of rules, recommendations and good practices dedicated to secure developments with the C language.
This guide has several objectives:
This guide does not pertain to a particular field of application and is not intended to replace development constraints imposed by any normative context (automotive or aeronautical industries, critical systems, etc.). It addresses precisely secure C developments that are not covered by such normative constraints.
This guide is also available in French: “Règles de programmation pour le développement sécurisé de logiciels en langage C”