Embedded Cybersecurity Through Secure Coding Standards CWE and CERT
Cybersecurity is an increasingly important topic today, as more and more software is connected and can be exploited to make software and devices act in ways other than originally intended. Most organizations are coding at least some security testing, usually in the form of black-box testing, penetration testing, or red teams. This is important, but an engineering approach is to build better, more secure software in the first place. That's where coding standards come in. While some standards are related to finding security defects through techniques like flow analysis and taint analysis, other standards help identify code that could be compromised, or coding methods that prevent compromise. This paper will look at two common cybersecurity coding standards, CWE and CERT.