CSC 1029 Coding Standards Quiz

Questions and Answers

What is one of the main objectives of coding standards for secure coding?

• To reduce the need for comments in code
• To identify and describe secure coding implementation (correct)
• To increase the complexity of code
• To make programming languages obsolete

Which of the following is NOT listed as a strategy for writing Clean Code?

• Writing code only for the computer's execution (correct)
• Focusing on precise solutions
• Ensuring readability and maintainability
• Paying attention to design issues

What is the primary goal of the SEI CERT Coding Standards?

• To create a uniform approach to software sales
• To promote the use of proprietary programming languages
• To eliminate the need for coding best practices
• To support the development of coding standards for various programming languages (correct)

Which programming languages are included in the SEI CERT Coding Standards?

C, C++, Java, and Perl (D)

According to the content, what is emphasized about programming languages and coding?

Good coding requires attention to design and problem solving (D)

Which of the following coding standards is focused on ensuring secure coding practices?

SEI CERT Coding Standards (B)

What do the C++ Core Guidelines emphasize?

Safe and efficient use of the C++ language (B)

Which of the following practices is recommended for coding standards compliance?

Following established naming conventions (A)

Which resource provides guidance on writing Clean Code across different programming languages?

A video tutorial on Clean Code (D)

What is considered an essential trait of a good programmer?

Focus on problem solving and precise solutions (A)

What is the primary purpose of coding standards in C++?

To offer a set of rules tailored for specific uses and environments. (C)

Which guideline specifically addresses how comments should be written?

NL.1: Don't say in comments what can be clearly stated in code. (C)

What is a key recommendation regarding naming conventions in C++ according to the core guidelines?

Maintain a consistent naming style throughout the code. (A)

What is one of the major risks associated with coding errors according to Microsoft Code Security?

Incorrect assumptions when handling user input. (A)

When should local variables be declared according to C++ guidelines?

In the middle of a function as required. (B)

Which of the following is NOT a recommendation in the C++ Core Guidelines?

Use global variables whenever possible. (D)

What is the main focus of the MISRA guidelines?

To establish best practices for embedded control systems and software. (D)

Why should developers avoid placing two statements on the same line?

It hinders readability and can confuse maintainers. (B)

What is an acceptable practice according to the C++ guidelines for naming identifiers?

Names should reflect their scope adequately. (D)

What aspect of coding standards is emphasized to prevent security vulnerabilities?

Thorough understanding of the development platform. (C)

Flashcards

Coding Standards

Rules and guidelines for writing code, ensuring quality, security, and consistency.

C++ Coding Standards

Specific rules for using C++ in different contexts.

MISRA C++

Best practice guidelines for safe and secure C++ development.

Google C++ Style Guide

Specific guidelines for writing C++ code, focusing on formatting, naming conventions, and coding style.

Avoid global variables

It's best practice to avoid using global variables where possible.

Clear comments

Comments should explain the intent of the code, not repeat the obvious.

Consistent naming style

Use a consistent style for variable names, functions, and classes to enhance readability and maintainability.

User Input Security

Code handling user input must be cautious to prevent vulnerabilities.

Static Code Analysis

Tools that automatically analyze code for potential problems.

Security Vulnerabilities

Weaknesses in your code or system which allow malicious attacks.

Secure Coding Implementation

Techniques and practices used to develop secure computer programs that are resistant to vulnerabilities.

SEI CERT Coding Standards

Guidelines for writing secure code in various programming languages, including C, C++, Java, and Perl.

Clean Code Strategies

Methods used to write code that is easy to read and understand.

Coding Standards for Quality

Guidelines that increase the code's reliability and maintainability.

Naming Conventions

Rules defining how to name variables, functions, and classes in a consistent manner.

MISRA

An automotive coding standard that enforces rules to improve the reliability and integrity of software.

Microsoft Secure Coding

Microsoft's guidelines for developing secure code in applications.

Clean Code Practices

Writing code that is easy to read, understand, and maintain.

Study Notes

CSC 1029 Coding Standards

• Course covering coding standards for secure coding implementation
• Objectives include identifying and describing secure coding, outlining coding standards and rules, and applying secure coding principles based on industry standards
• Week 7 agenda includes: review, clean code, SEI CERT coding standards, quality and compliance coding standards, C++ core guidelines, coding conventions, MISRA, Google C++ style guide, Microsoft secure coding, todo list and resources for help

Good Programming Practices

• Programs are meant to be read by humans and only incidentally by computers to execute.
• Key attributes of good programmers include persistence, attention to design, problem-solving and precise solutions/
• Qualities like patience, precision and design thinking are emphasized

Review

• Complete the 1.8 Matching exercise

Clean Code Strategies

• Strategies for writing clean code with links to relevant YouTube videos to aid in learning coding

SEI CERT Coding Standards

• The Software Engineering Institute's (SEI) CERT Coding Standards provide coding practices for commonly used programming languages like C, C++, Java, and Perl, including the Android platform.
• These standards are developed through community and software security efforts
• Guidelines for secure coding in C/C++, Java, Perl and Android are covered

Coding Standards for Quality and Compliance

• This section links to an article providing coding rules guidelines, importance of coding standards, key C++ coding standards, and static code analysis to enforce these standards

C++ Core Guidelines

• Coding standards are needed for specific purposes and environments in C++
• Specific questions regarding naming conventions like namespace std, local variable declarations, and global variable usage are discussed
• Guidelines for commenting and naming conventions are covered

C++ Core Guidelines: Comments & Naming

• Guidelines for comments and naming variables include specific examples and rules around avoiding obvious comments that repeat code statements and naming conventions for consistency and clarity

MISRA

• MISRA provides best practice guidelines for safe and secure embedded control systems and standalone software, with particular relevance in critical applications.
• MISRA C++ was initially published in 2008

Google C++ Style Guide

• The style guide is available as a file that needs to be read through for guidelines

Microsoft Code Security

• Security vulnerabilities often result from incorrect assumptions about user input or a lack of understanding of the development platform.

Earn Your Pre-work Grade

• Post weekly discussion questions and research solutions in D2L.
• Complete Week 07 Content Module in D2L to 100%

Questions, Clarifications, and Help

• Students can get help via appointment, drop-in times, email, and online tutoring resources.