A primary cause of commonly exploited software vulnerabilities, is software defects that could have been avoided.

The CERT Secure Coding Initiative (located at Carnegie Mellon University) has produced a set of rules and recommendations for secure coding in the C and C++ languages, with a goal of eliminating exploited vulnerabilities through the removal of undefined behaviour and insecure coding practices.

Although these guidelines span languages, and in many cases relate to run time environments, PRQA solutions are effectively being used to detect and avoid such vulnerabilities in code.

Contact us for more information on how your organization can effectively enforce the CERT guidelines