Secure Coding Standards ...

I was (actually still am) looking for a comprehensive set of secure coding standards that I can implement for my development teams. Ideally, I would like to find a set of standards that

can be updated automatically/easily - that way, we are working to current recommendations

I can add our own specific recommendations without making the content upgrade difficult - for example, we have our own encoding routines

can be implemented internally - e.g., it comes as a web portal

is prescriptive and can be easily applied

I would appreciate pointers to either publicly or commercially available sets. Here is the list so far

OWASP Development Guide and OWASP Backend Security Project - thanks to Bedirhan Urgun for the pointer

CERT Secure Coding Standards - thanks to Robert C. Seacord for the pointer

Joint Strike Force AV C++ Coding Standards and MISRA C Coding Standards - thanks to Robert C. Seacord for the pointer

OpenOffice C++ Coding Standards

Andrew van der Stock's Coding Standards - thanks to Jim Manico for pointer

Microsoft's MSDN Secure Coding Standards - thanks to Jim Manico for pointer

Some other relevant sites include

DHS Build Security In

SANS Software Security Institute

CERT Top 10 Secure Coding Practices -

SANS GIAC Secure Software Programmer

Hope you find this helpful. I plan to keep this list current.

An0n S3c