Openssf
best.openssf.org › Secure-Coding-Guide-for-Python
Secure Coding One Stop Shop for Python | OpenSSF Best Practices Working Group
An initiative by the OpenSSF to provide new Python programmers a resource to study secure coding in CPython >= 3.9 with working code examples.
Wikipedia
en.wikipedia.org › wiki › CERT_Coding_Standards
CERT Coding Standards - Wikipedia
August 26, 2025 - The SEI CERT Coding Standards are software coding standards developed by the CERT Coordination Center to improve the safety, reliability, and security of software systems. Individual standards are offered for C, C++, Java, Android OS, and Perl. Guidelines in the CERT C Secure Coding Standard ...
Python coding standard for Safety Critical Applications - Stack Overflow
Because this is, what the V-Model wants. That is the reason why Python code most of the times is not compliant to safety standards. Of course in Python it is as easy as in languages lika Ada or C to write good and certifiable code that follows certain design principles. More on stackoverflow.com
Looking for an official documentation regarding security best practices and how to write secure code
OWASP Cheat Sheet is what I’d start with. OWASP SAMM and DSOMM if you’re looking something beyond just coding that covers everything a business should be doing and DevOps respectively. Beyond that please tag me if you find something good that’s language specific. More on reddit.com
31
273
March 20, 2022What's the best Python certification you're ever done and why?
I would recommend against going the certification route for programming related gigs. While they are never bad, it is much more helpful to have example projects to demo and build. If you’re committed to getting a “cert” I’d consider looking at a course in https://edx.org - I learned python through the MITx Python course (not sure it exists any longer) through the platform and it was exactly the same interface as an online college. Additionally - it gives you a “certificate of completion” and can even count as a college credit should you decide to go back to school. Good luck. More on reddit.com
18
19
June 16, 2022Any thoughts about SEI CERT C?
As for now, I'm getting more and more confident in coding, and a couple of days ago I asked GPT, out of pure interest, what kind of resources it could advice to help me grasp with the C techniques that are secure and reliable. I got "SEI CERT C Coding Standard" book as the answer, and I did a little research about it, but found no reviews, not even a word on forums Fyi, that's not really a teaching book, and nothing where some social media guy will make reviews. Also, "regular" hobbyists and commercial companies won't care about these things at all, often because of greed and/or incompetence. Things like SEI CERT, MISRA etc. are common in "serious" things that the majority of people never work with. Safety systems for railways, medical devices, military... Guessing from your post, in order to write more secure/reliable, you should first learn the general language itself more in depth. If things like strict aliasing, int promotions, provenance, etc. are easy for you, then you might continue ... eg. with topics around threading, signals & ipc, libraries & linking, side channel topics, charsets & IEEE754, reverse engineering / exploitation, knowing your way around applied cryptography, ... then it might make sense to read one of the mentioend standards if you want. And/or a newer lowlevel language and/or ... More on reddit.com
7
5
December 24, 2025What is secure coding and why is it important?
Secure coding involves writing software in a way that minimizes vulnerabilities and reduces the risk of security breaches or cyber attacks. This practice is important as it helps protect sensitive information, prevents business losses due to malicious activities, and enhances overall trust with customers.
securecoding.org
securecoding.org › home
Secure Coding: Learn the Fundamentals and Best Practices Today
What are some best practices for incorporating secure coding into a development process?
Some best practices for incorporating secure coding into a development process include training developers on secure programming techniques, integrating security assessments throughout the development lifecycle, using automated tools for vulnerability scanning and testing, and regularly reviewing code to identify potential weaknesses or areas where improvements could be made.
securecoding.org
securecoding.org › home
Secure Coding: Learn the Fundamentals and Best Practices Today
How can developers ensure their code meets security standards?
Developers should follow established guidelines such as OWASP (Open Web Application Security Project) Top Ten list which outlines the most critical web application security risks. Additionally, conducting regular vulnerability assessments and implementing proper testing protocols can help catch potential issues before they become major problems.
securecoding.org
securecoding.org › home
Secure Coding: Learn the Fundamentals and Best Practices Today
Videos
Bringing a codebase into compliance with the SEI CERT ...
26:04
Updating Risk Assessment in the CERT Secure Coding Standard - YouTube
22:29
Securing Python Applications - YouTube
01:07:02
Secure coding for Python with SheHacksPurple Talk Python to Me ...
18:23
Secure Coding Guide for Python - David Mather & Bart Karas, Ericsson ...
13:55
Implement secure coding with SEI CERT-C - YouTube
Isecure-journal
isecure-journal.com › article_150541_a9f0526e45cd43bc510cc2945ddfcf80.pdf pdf
Secure Coding Guidelines — Python
This will be useful for programmers and users to keep their codes and · applications more secure and viable for usage in sensitive environments. ... ISSN: 2008-2045 © 2020 ISC. All rights reserved. plications have to be continuously developed within ... Secure Coding Guidelines — Python — Hammoudeh et al.
Oracle
docs.oracle.com › cd › E26502_01 › html › E29016 › scode-1.html
Secure Coding Guidelines for Developers - Developer's Guide to Oracle Solaris 11 Security
Perl – CERT Perl Secure Coding Standard · The Open Web Application Security Project (OWASP) hosts security guidelines for two web scripting languages: PHP – OWASP PHP Security Cheat Sheet · Python – OWASP Python Security website · Oracle Solaris provides specific APIs which can be used to write more secure code and to take advantage of the security and cryptographic features of the Oracle Solaris operating system and Oracle Sun hardware systems.
SEI CERT
wiki.sei.cmu.edu › confluence › display › seccode
SEI CERT Coding Standards - CERT Secure Coding - Confluence
The Secure Coding eNewsletter provides timely information about CERT secure coding standards.
Diva-portal
diva-portal.org › smash › get › diva2:1564438 › FULLTEXT01.pdf pdf
Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se
give a more comprehensive picture of the real world effectiveness of the SEI CERT Secure · Coding Standards. ... This chapter describes the chosen methods that were used to answer the research questions. The method that was used is structured as following: ... CVE database was downloaded (in .csv-format) to make the extracting process faster. The ... Listing 4.1: Python script for extracting C vulnerabilities.
GitHub
github.com › Ericsson › secure_coding_one_stop_shop_for_python
GitHub - Ericsson/secure_coding_one_stop_shop_for_python: Secure Coding in Python · GitHub
October 11, 2024 - This repository was permanently moved under OpenSSF wg-best-practices-os-developers/docs /Secure-Coding-Guide-for-Python/** Promote secure products by knowing the difference between secure compliant and non-compliant code with CPython >= 3.9 using modules listed on
Starred by 22 users
Forked by 7 users
Languages Python 98.5% | Shell 1.5%
Medium
felsen88.medium.com › python-secure-coding-guidelines-73c7ce1db86c
Python — Secure Coding Guidelines | by Felix Stephen | Medium
May 14, 2019 - Bandit - is a tool designed to find common security issues in Python code and it’s Originally developed by OpenStack Security later it’s moved to PyCQA - (Python Code Quality of Authority).
Securecoding
securecoding.org › home
Secure Coding: Learn the Fundamentals and Best Practices Today
June 2, 2023 - Writing code in a high-level language is one of the most effective ways to make your code more secure from attacks. High-level programming languages, such as Python, Java, and Ruby, provide built-in security features that can help prevent common vulnerabilities. For example, Python’s standard library includes modules for hashing passwords and validating user inputs.
Parasoft
parasoft.com › home › solutions › cert
CERT Secure Coding Standard Compliance | Parasoft
June 24, 2025 - The CERT secure coding standard was developed by the Software Engineering Institute (SEI) for a variety of languages with the purpose of hardening your code by avoiding coding constructs that are more susceptible to security problems.
LinkedIn
linkedin.com › learning › secure-coding-in-python › what-are-secure-coding-cert-and-other-standards
What are secure coding, CERT, and other standards? - Python Video Tutorial | LinkedIn Learning, formerly Lynda.com
Various secure coding standards exist, such as CERT, to lock down common exploits and keep customer data safe. In this video, learn about the importance of applying secure coding standards to your daily work.
Published July 24, 2020 Views 12K
Perforce
perforce.com › blog › qac › secure-coding-standards
Security Standards: What Are Secure Coding Standards? | Perforce Software
To write secure code, you need a secure coding standard — such as CERT, CWE, OWASP, DISA STIG, CVE, or CVSS. Secure coding standards keep software secure.
Pluralsight
pluralsight.com › courses › python-secure-coding-playbook
Python Secure Coding Playbook
September 2, 2021 - In this course, Python Secure Coding Playbook, you’ll learn to protect your websites from attack. First, you'll explore the most common vulnerabilities that you’re likely to see in a website. Then, you'll see what these vulnerabilities could allow an attacker to do and how they might do it. Finally, you’ll learn how to write your Python code ...
Open-std
open-std.org › jtc1 › sc22 › wg23 › docs › ISO-IECJTC1-SC22-WG23_N0023-Secure-Coding-Standards.pdf pdf
© 2006 Carnegie Mellon University CERT Secure Coding Standards
The secure coding standards proposed ... are under development for: C programming language (ISO/IEC 9899:1999) C++ programming language (ISO/IEC 14882-2003 ) Applicable technical corrigenda and documented ·...
Perforce
perforce.com › blog › kw › what-is-cert
What Is CERT? Overview of CERT and CERT Secure Coding | Perforce Software
September 29, 2020 - CERT is a coding standard that helps keep C, C++, and Java programming languages secure. CERT secure coding provides a risk assessment that, when combined with a static analysis tool, ensure the security of your code.
Top answer 1 of 4
4
Top layer safety standards for "functional safety" like IEC 61508 (industrial), ISO 26262 (automotive) or DO-178 (aerospace) etc come with a software part (for example IEC 61508-3), where they list a number of suitable programming languages. These are exclusively old languages proven in use for a long time, where all flaws and poorly-defined behavior is regarded as well-known and execution can be regarded as predictable.
In practice, for the highest safety levels it means that you are pretty much restricted to C with safe subset (MISRA C) or Ada with safe subset (SPARK). A bunch of other old languages like Modula-2, Pascal and Fortran are also mentioned, but the tool support for these in the context of modern safety MCUs is non-existent. As is support for Python for such MCUs.
Languages like Python and C++ are not even mentioned for the lowest safety levels, so between the lines they are dismissed as entirely unsuitable. Even less so than pure assembler, which is actually mentioned as something that may used for the lower safety levels.
2 of 4
3
From my experience in the railway and automotive industries, there is no closed list of programming languages. The thing is that the programming language must have specific properties and the tool used for development must be qualified.
As an example I can refer to railway EN-50716. Table A.15 "Suitable Programming Languages" only lists the recommended and highly recommended programming language properties (such as "supports commenting", "supports testing", or "supports static analysis"). The table is supplemented by Section D.54 of Appendix D, which covers these topics in more detail, but there is still no closed list of possible programming languages. This simply means that the list is open and future-proof - if any language meets the specific criteria, then it can be used.
I believe this is also true for automotive ISO-26262 (as far as I can remember), but I have no experience in other sectors.
This has serious practical consequences - since the list is open, you are not limited to "old", well-known languages like C, C++ or Ada, but for some time now there is also the possibility to use Rust in a safety-critical application - qualified rust. In the end, you have to provide an evidence to the assessor that your choice makes sense (in the context of the used standard).
GIAC
giac.org › certifications › python-coder-gpyc
GIAC Python Coder | Cybersecurity Certification
GIAC Python Coder is a cybersecurity certification that certifies a professional's knowledge of core programming concepts and the ability to write and analyze working code using the Python programming language
Reddit
reddit.com › r/python › looking for an official documentation regarding security best practices and how to write secure code
r/Python on Reddit: Looking for an official documentation regarding security best practices and how to write secure code
March 20, 2022 -
I am looking for resources on how to write secure code with Python, I have been in python.org but there is only a Security reporting section. Before considering Google top results I would like to check if there is an official documentation
Top answer 1 of 5
83
OWASP Cheat Sheet is what I’d start with. OWASP SAMM and DSOMM if you’re looking something beyond just coding that covers everything a business should be doing and DevOps respectively. Beyond that please tag me if you find something good that’s language specific.
2 of 5
82
What’s official to you? OWASP secure coding practices NIST secure coding practices Berkeley … “Official”, as in: from Python…I don’t think such a document exists.
Securecodewarrior
securecodewarrior.com › home › blog › what is secure coding? techniques, standards, and resources
What is Secure Coding? Techniques, Standards, and Resources - Blog
August 27, 2025 - Developed by the CERT Division at the Software Engineering Institute (SEI), the SEI CERT Coding Standards focus on preventing security vulnerabilities in specific programming languages, including C, C++, Java, and Perl.
Python Institute
pythoninstitute.org › pces
PCES – Certified Entry-Level Security Specialist with Python
The PCES certification confirms essential knowledge and foundational skills in cybersecurity and Python programming. It focuses on the core practices that every aspiring security specialist should master – from understanding threats, risks, and protective measures, to applying Python in ...