What is ISO TS 17961:2013?

ISO/IEC TS 17961 is a comprehensive framework consolidating two prior ISO publications, namely ISO/IEC TS 17961:2013 and ISO/IEC TS 17961:2013/COR 1:2016. The primary objective of this framework is to establish a set of secure coding rules.

• ISO/IEC TS 17961:2013 comprises a compilation of guidelines designed to ensure secure coding practices in the C programming language. Additionally, it offers code examples that demonstrate both noncompliant and compliant coding approaches. The non-compliant examples highlight language constructs that possess vulnerabilities leading to potential security risks. Conversely, the compliant examples serve as illustrations of code expected to be devoid of diagnostic vulnerabilities.
• ISO/IEC TS 17961:2013/COR 1:2016 represents an updated version of the aforementioned secure coding standard. It introduces a new rule specifically about memory allocation.

ISO/IEC TS 17961 [ISO/IEC TS 17961:2013] aims to define a fundamental set of prerequisites for analyzers, encompassing static analysis tools and C language compilers, to be employed by vendors seeking to identify insecure code beyond the stipulations of the language standard. These rules are intended to be enforceable through static analysis. The selection of these rules is contingent upon analyzers that can proficiently detect secure coding flaws while minimizing the occurrence of false positives.