>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PW.5.1Follow all secure coding practices that are appropriate to the development languages and environment to meet the organization’s requirements.

PW.5

>Control Description

Follow all secure coding practices that are appropriate to the development languages and environment to meet the organization’s requirements.

>Practice: PW.5

Create Source Code by Adhering to Secure Coding Practices

Decrease the number of security vulnerabilities in the software, and reduce costs by minimizing vulnerabilities introduced during source code creation that meet or exceed organization-defined vulnerability severity criteria.

>Notional Implementation Examples

  1. 1.Validate all inputs, and validate and properly encode all outputs.
  2. 2.Avoid using unsafe functions and calls.
  3. 3.Detect errors, and handle them gracefully.
  4. 4.Provide logging and tracing capabilities.
  5. 5.Use development environments with automated features that encourage or require the use of secure coding practices with just-in-time training-in-place.
  6. 6.Follow procedures for manually ensuring compliance with secure coding practices when automated methods are insufficient or unavailable.
  7. 7.Use tools (e.g., linters, formatters) to standardize the style and formatting of the source code.
  8. 8.Check for other vulnerabilities that are common to the development languages and environment.
  9. 9.Have the developer review their own human-readable code to complement (not replace) code review performed by other people or tools. See PW.7.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

SC.2
SC.3
LO.1
EE.1

BSIMM

SR3.3
CR1.4
CR3.5

EO 14028

4e(iv)
4e(ix)

IDA SOAR

2

IEC 62443

SI-1
SI-2

ISO 27034

7.3.5

Microsoft SDL

9

OWASP ASVS

1.1.7
1.5
1.7
5
7

OWASP MASVS

7.6

SAFECode FPSSD

Establish Log Requirements and Audit Practices
Use Code Analysis Tools to Find Security Issues Early
Handle Data Safely
Handle Errors
Use Safe Functions Only

SP 800-181 (NICE)

SP-DEV-001
T0013
T0077
T0176
K0009
K0016
K0039
K0070
+9 more

Ask AI

Configure your API key to use AI features.