Organizations / CERT (SEI)
CERT (SEI)
SEI CERT Secure Coding Standards (Carnegie Mellon Software Engineering Institute) · wiki.sei.cmu.edu/confluence/display/seccode
The SEI CERT Coding Standards (CERT C and CERT C++) are secure-coding standards from Carnegie Mellon's Software Engineering Institute. Unlike category-based standards, CERT scores every guideline on a risk model — severity, likelihood, and remediation cost — yielding a priority and level (L1/L2/L3) that drive remediation order. That risk model is the basis for the pack below.
How the publications map to ponens policies
CERT's individual rules and recommendations are checked by static analysis — so ponens does not re-encode them. What is distinctive about CERT, and what ponens governs, is its risk-prioritized remediation process. Every finding is scored on three factors (severity × likelihood × remediation cost), which multiply to a Priority (1–27) and a Level (L1 = 12–27, L2 = 6–9, L3 = 1–4). ponens turns that into policies over a coding/CI trace: every finding is risk-assessed and assigned a priority and level, L1 findings are remediated and never shipped open, and L2 findings are reviewed.
CERT also distinguishes normative Rules (a violation is a defect that must be fixed or formally deviated) from advisory Recommendations (departures recorded), and — like MISRA and JSF — requires analysis before commit and manual review of undecidable rules. The same methodology covers both CERT C and CERT C++, so this is a single pack rather than two. Running it with ponens trace check aggregates to Green / Amber / Red: an open L1 at release, an unremediated rule violation, a missing risk assessment, or no conformance record is Red; recommendation departures, L2 review, and undecidable-rule review are Amber.
CERT C/C++ Secure Coding
The SEI CERT secure-coding risk model — Severity × Likelihood × Remediation → Priority → Level L1/L2/L3 — and its prioritized-remediation process, as computable policies. Covers CERT C and CERT C++.
Maps the SEI CERT Coding Standards' distinctive risk-assessment and prioritized-remediation process onto ponens policies. The individual rules are enforced by static analysis; this pack checks that every finding is risk-assessed (severity/likelihood/remediation), assigned a priority and level, that L1 findings are remediated and never shipped, and that Rules vs Recommendations are handled accordingly. Applies to both CERT C and CERT C++.
Source: SEI CERT C and CERT C++ Secure Coding Standards (Carnegie Mellon SEI).
Rules vs Recommendations 2
cert_recommendation_departure_recorded warning CERT: Recommendation Departure Recorded
Departures from CERT Recommendations (advisory guidelines) are recorded.
G(Finding ∧ cert_recommendation_departure → recorded)cert_rule_violation_remediated error CERT: Rule Violation Remediated
Violations of CERT Rules (normative) are remediated, or covered by an approved deviation.
G(Finding ∧ cert_rule_violation → remediated ∨ deviation_approved)Risk Assessment 2
cert_priority_assigned error CERT: Priority and Level Assigned
Each finding has a Priority (Severity × Likelihood × Remediation Cost, 1–27) and resulting Level (L1/L2/L3) assigned.
G(Finding → priority_assigned)cert_risk_assessed error CERT: Risk Assessed
Every finding is risk-assessed on the three CERT factors: severity, likelihood, and remediation cost.
G(Finding → severity_assessed ∧ likelihood_assessed ∧ remediation_assessed)Prioritized Remediation (L1/L2/L3) 3
cert_l1_remediated error CERT: L1 Findings Remediated
Highest-priority (Level L1) findings are remediated.
G(level_l1 → remediated)cert_l2_reviewed warning CERT: L2 Findings Reviewed
Medium-priority (Level L2) findings are reviewed.
G(level_l2 → reviewed)cert_no_open_l1_at_release error CERT: No Open L1 at Release
No Level L1 finding remains open at release.
G(Release → ¬open_l1)Verification & Enforcement 2
cert_static_analysis_before_commit error CERT: Static Analysis Before Commit
Source is checked against the CERT C / C++ ruleset by static analysis before it is committed.
G(GitCommit → P(StaticAnalysis ∧ cert_ruleset))cert_undecidable_manual_review warning CERT: Undecidable Rule Manually Reviewed
Potential violations of undecidable rules (not fully checkable by static analysis) are manually reviewed.
G(undecidable_violation → manual_review)Deviations & Records 2
cert_conformance_recorded error CERT: Conformance Recorded at Release
A conformance record (which rules were checked, findings, deviations) exists before release.
G(Release → P(conformance_summary))cert_deviation_documented error CERT: Deviation Documented
Every deviation records the violation rationale and is approved.
G(Deviation → rationale_recorded ∧ deviation_approved)