Skip to main content




The SEI CERT C Coding Standard, 2016 Edition provides rules for secure coding in the C programming language. These rules and recommendations are used to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.


EXP33-C. Do not read uninitialized memory
168. Initialize variables explicitly
INT32-C. Ensure that operations on signed integers do not result in overflow
345. Establish protections against overflows
STR30-C. Do not attempt to modify string literals
172. Encrypt connection strings
FIO30-C. Exclude user input from format strings
160. Encode system outputs
173. Discard unsafe inputs
FIO32-C. Do not perform operations on devices that are only appropriate for files
095. Define users with privileges
096. Set user's required privileges
CON38-C. Preserve thread safety and liveness when using condition variables
337. Make critical logic flows thread safe
MSC32-C. Properly seed pseudorandom number generators
223. Uniform distribution in random numbers
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.