This has probably been a long time coming, but CERT has announced that they will be hosting a wiki containing secure coding practices for C and C++. This codification of numerous industry best practices and rules of thumb into a single referable source will make the lives of consultants easier when performing code reviews. From Robert C. Seacord of CERT:
The CERT/Coordination Center at the Software Engineering Institute at Carnegie Mellon University has lead a community effort to develop secure coding standards for the C and C++ programming languages. This work is being performed on the secure coding wiki at
www.securecoding.cert.org. In particular, we have made significant
progress on the CERT C Programming Language Secure Coding Standard since work first begun over a year and half ago and our progress as been reviewed by the ISO/IEC WG14 international standardization working group for the programming language C at both the London and Kona meetings.
This has probably been a long time coming, and I will be interested to see what, if any, review tools come out to compare a code base against the standard.
Links:
C – https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secu…
C++ – https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageI…