What is CERT?
The CERT secure coding standard was developed by the Software Engineering Institute (SEI), for a variety of languages, with the purpose of hardening your code by avoiding coding constructs that are more susceptible to security problems.
In the CERT coding framework, priority is computed as a product of three factors (severity, likelihood of someone exploiting the vulnerability, and remediation cost) and divided into levels: L1, L2, and L3. L1 represents high severity violations, with high likelihood and low remediation cost (i.e. most important to address, as they indicate serious problems that are less complicated to fix). Using CERT's scoring framework provides great help in focusing efforts and enabling teams to make the best use of their time budgets.
Enforcing CERT C/C++ Compliance with Static Analysis
Parasoft C/C++test has full support for CERT coding guidelines, including key guidelines that other static analysis tools miss. Parasoft's mapped test configuration enables all checkers from the original CERT rule set to assure the security of your codebase, so organizations can rely on a single tool with consistent reporting.