From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,bb14f1c1986544fb
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news2.google.com!news.glorb.com!feeder.erje.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Newsgroups: comp.lang.ada
Subject: Re: Does Ada need a 'secure coding standard' as well?
Date: Sat, 28 May 2011 21:32:37 +0200
Organization: A noiseless patient Spider
Message-ID: <87vcwu62p6.fsf@ludovic-brenta.org>
References: <irrgb6$vib$1@speranza.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: mx04.eternal-september.org;
 posting-host="tTII8GLHoAcHamvmU+ILdg";
	logging-data="10693"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX199ioh766zXvPFoz9qB/ifP"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
Cancel-Lock: sha1:8KYUA2dagbXsgGr4q7TnoamT3Cc=
	sha1:Rg6Q3ZOvWp8vwrGKaBqkp4RFW0k=
Xref: g2news1.google.com comp.lang.ada:19542
Date: 2011-05-28T21:32:37+02:00
List-Id: <comp.lang.ada>

"Nasser M. Abbasi" <nma@12000.org> writes:
> I saw that CMU makes now what is called CERT (secure coding standards)
> for different languages. They have Java, C, C++ in there.
>
> These are supposed to be rules that a programmer should adopt to
> make the code written by that language more 'safe' and 'secure'
>
> Here is the one for C for example
>
> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
>
> I was wondering if Ada would benefit of having something like this?
> such secure programming rules customized for Ada.
>
> Or if it is even needed as much for Ada?  Some of the rules
> seem good to know about
>
> May be some of this material is allready in the Ada rational in
> different places. not sure now.

This is addressed by ISO/IEC JTC 1/SC 22/WG 23 Programming Language
Vulnerabilities[1].

There are language-specifix annexes for Ada, SPARK and several other
languages.  The annexes for Ada and SPARK are in the Ada User
Journal[2], Volume 32, No 3 and 4 respectively.

[1] http://www.aitcnet.org/isai/
[2] http://www.ada-europe.org/journal.html

-- 
Ludovic Brenta.