UnixTime

Research Note

Secure Coding Standard

Use this standard to define secure coding principles and language/framework-specific rules.

On this page

When to use this

Use this standard to define secure coding principles and language/framework-specific rules.

Standard sections

Area Rule Applies to Evidence
Secrets Do not hard-code secrets TBD TBD
Input validation Validate untrusted input TBD TBD
Output encoding Encode output by context TBD TBD
Error handling Avoid sensitive error disclosure TBD TBD
Dependencies Use approved dependencies TBD TBD
Memory safety Use safe patterns/functions TBD TBD

Minimum checks

  • Standard maps to languages/frameworks in use.
  • High-risk code has stricter rules.
  • Prohibited patterns/functions are documented where relevant.
  • Standard is available to developers and reviewers.
  • Review date is set.