1. Accueil
  2. Catalogue cyber
  3. Rules for secure C language software development

Rules for secure C language software development

Capture d’écran
Présentation
TAGS
ANSSI

Newsletter MesServicesCyber. Restez informé des nouveaux guides de l’ANSSI et autres actualités MesServicesCyber. S’abonner


Publié le 30 novembre 2023

Présentation

It is then up to the developers of compilers, software libraries or operating systems to make their own decisions. Establishing restrictions on the use of the C language is thus necessary to identify the various risky or non-portable constructions, and to limit or even ban their use.

This guide defines a set of rules, recommendations and good practices dedicated to secure developments with the C language. This guide has several objectives:

  • increase the security, the quality and the reliability of written source code, by identifying bad or hazardous programming practices;
  • facilitate source code analysis during peer reviews or by static analysis tools;
  • instate a level of trust in the security, reliability and robustness of a development;
  • further software maintainability while also helping with adding features.

This guide does not pertain to a particular field of application and is not intended to replace development constraints imposed by any normative context (automotive or aeronautical industries, critical systems, etc.). It addresses precisely secure C developments that are not covered by such normative constraints. This guide is also available in French:"Règles de programmation pour le développement sécurisé de logiciels en langage C"

Capture d’écran

MesServicesCyber est la plateforme pour faciliter l'accès de tous aux services et ressources de l'ANSSI et de ses partenaires.

Il est développé par l' Agence nationale de la sécurité des systèmes d'information, en lien avec BetaGouv et la Direction interministérielle du numérique.