Re: Does Ada need a 'secure coding standard' as well?

[Ludovic Brenta <ludovic@ludovic-brenta.org>]

"Nasser M. Abbasi" <nma@12000.org> writes:
> I saw that CMU makes now what is called CERT (secure coding standards)
> for different languages. They have Java, C, C++ in there.
>
> These are supposed to be rules that a programmer should adopt to
> make the code written by that language more 'safe' and 'secure'
>
> Here is the one for C for example
>
> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
>
> I was wondering if Ada would benefit of having something like this?
> such secure programming rules customized for Ada.
>
> Or if it is even needed as much for Ada?  Some of the rules
> seem good to know about
>
> May be some of this material is allready in the Ada rational in
> different places. not sure now.

This is addressed by ISO/IEC JTC 1/SC 22/WG 23 Programming Language
Vulnerabilities[1].

There are language-specifix annexes for Ada, SPARK and several other
languages.  The annexes for Ada and SPARK are in the Ada User
Journal[2], Volume 32, No 3 and 4 respectively.

[1] http://www.aitcnet.org/isai/
[2] http://www.ada-europe.org/journal.html

-- 
Ludovic Brenta.