Secure Coding Standards
These coding standards are for software developers to use in the development of code in the C language:
CERT® C — Published by the CERT Division of the Software Engineering Institute (SEI), these guidelines help eliminate constructs with undefined behavior that can lead to unexpected results at runtime and expose security weaknesses.
Common Weakness Enumeration (CWE™) — Published by The MITRE Corporation, this list identifies common software weakness types that can occur in software architecture, design, code, or implementation. These weaknesses can lead to security vulnerabilities.
ISO/IEC TS 19761:2013 — Published by International Organization for Standardization and International Electrotechnical Commission, these rules are designed so that they can be enforced by static analysis tools without excessive false positives.
If you have an Embedded Coder® or Simulink® Check™ product license, you can check that your Simulink model or subsystem, and the code that you generate from it, conforms to these secure coding standards. To check your model or subsystem:
Open the Model Advisor.
Navigate to By Task > Modeling Guidelines for Secure Coding (CERT C, CWE, ISO/IEC TS 17961) .
Run the checks in the folder.
For more information on using the Model Advisor, see Check Your Model Using the Model Advisor.
If you have a Polyspace® Bug Finder™ product license, you can evaluate your code against these secure coding standards. For more information, see: