Skip to content

system: Add Secure Coding Guidelines #10431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

system: Add Secure Coding Guidelines #10431

wants to merge 2 commits into from
+1,964 −1

Conversation

@jhogberg
Copy link
Contributor

@jhogberg jhogberg commented Dec 2, 2025

Our benefactors want a secure coding standard/guideline for Erlang, and in contrast to EEF's Secure Coding Recommendations they want it to be more along the lines of the SEI CERT Coding Standards. We need to have numbered and concrete rules, mappings to CWEs and OWASP risks and back, and must address the top N CWEs and OWASP risks.

This is an early draft to get a discussion started on how it should look, which recommendations/rules should be included, and so on. It is quite incomplete at the moment, and any and all feedback is most welcome.

@jhogberg jhogberg self-assigned this Dec 2, 2025
michalmuskala
michalmuskala reviewed Dec 2, 2025
View reviewed changes
IngelaAndin
IngelaAndin reviewed Dec 3, 2025
View reviewed changes
IngelaAndin
IngelaAndin reviewed Dec 3, 2025
View reviewed changes
bjorng
bjorng reviewed Dec 3, 2025
View reviewed changes
bjorng
bjorng reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

@bjorng bjorng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent language and sound advice. My only comments are nitpicks.

@jhogberg jhogberg force-pushed the john/system/secure-coding-documentation branch 2 times, most recently from f5002c4 to 4cd1adf Compare December 4, 2025 09:03
@jhogberg
system: Add SCS
f0819a9 
Co-authored-by: "Rickard Green <rickard@erlang.org>"
@jhogberg jhogberg force-pushed the john/system/secure-coding-documentation branch from dea105b to f0819a9 Compare December 4, 2025 11:48
@jhogberg jhogberg marked this pull request as ready for review December 4, 2025 11:48
michalmuskala
michalmuskala reviewed Dec 4, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjorng bjorng bjorng left review comments

@IngelaAndin IngelaAndin IngelaAndin left review comments

+1 more reviewer

@michalmuskala michalmuskala michalmuskala left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@jhogberg jhogberg

Labels

documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jhogberg @bjorng @IngelaAndin @michalmuskala