{"id":9152,"date":"2021-02-08T07:47:07","date_gmt":"2021-02-08T06:47:07","guid":{"rendered":"https:\/\/www.auditsi.eu\/?p=9152"},"modified":"2021-01-03T13:44:18","modified_gmt":"2021-01-03T12:44:18","slug":"regles-de-programmation-pour-le-developpement-securise-de-logiciels-en-langage-c-guide","status":"publish","type":"post","link":"https:\/\/www.auditsi.eu\/?p=9152","title":{"rendered":"R\u00e8gles de programmation pour le d\u00e9veloppement s\u00e9curis\u00e9 de logiciels en langage C (guide)"},"content":{"rendered":"<p style=\"text-align: justify;\">Le langage C offre une grande libert\u00e9 aux d\u00e9veloppeurs. Cependant, il comporte des constructions ambigu\u00ebs ou risqu\u00e9es qui favorisent l&#8217;introduction d&#8217;erreurs lors du d\u00e9veloppement. Le standard du langage C ne sp\u00e9cifie pas l&#8217;ensemble des comportements souhait\u00e9s, et donc certains restent ind\u00e9finis ou non sp\u00e9cifi\u00e9s. Libre alors aux d\u00e9veloppeurs de compilateurs, de biblioth\u00e8ques ou de syst\u00e8mes d&#8217;exploitation de faire leurs propres choix. Il est ainsi n\u00e9cessaire de d\u00e9finir des restrictions quant \u00e0 l&#8217;utilisation du langage C afin d&#8217;identifier les diff\u00e9rentes constructions risqu\u00e9es ou non portables et d&#8217;en limiter voire interdire l&#8217;utilisation.<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.auditsi.eu\/?attachment_id=9154\" rel=\"attachment wp-att-9154\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-9154\" src=\"https:\/\/www.auditsi.eu\/wp-content\/uploads\/2020\/08\/ANSSI-Guide-s\u00e9curit\u00e9-langage-C.png\" alt=\"ANSSI Guide s\u00e9curit\u00e9 langage C\" width=\"647\" height=\"919\" srcset=\"https:\/\/www.auditsi.eu\/wp-content\/uploads\/2020\/08\/ANSSI-Guide-s\u00e9curit\u00e9-langage-C.png 647w, https:\/\/www.auditsi.eu\/wp-content\/uploads\/2020\/08\/ANSSI-Guide-s\u00e9curit\u00e9-langage-C-211x300.png 211w\" sizes=\"auto, (max-width: 647px) 100vw, 647px\" \/><\/a><\/p>\n<p>Le pr\u00e9sent guide de l&#8217;<a href=\"https:\/\/www.auditsi.eu\/?tag=anssi\">ANSSI<\/a> d\u00e9finit un ensemble de r\u00e8gles, de recommandations et de bonnes pratiques d\u00e9di\u00e9es aux d\u00e9veloppements s\u00e9curis\u00e9s en langage C.<\/p>\n<p style=\"text-align: justify;\">Ce guide a diff\u00e9rents objectifs :<\/p>\n<ul>\n<li style=\"text-align: justify;\">augmenter la s\u00e9curit\u00e9, la qualit\u00e9 et la fiabilit\u00e9 du code source produit, en identifiant les mauvaises pratiques ou les pratiques dangereuses de programmation ;<\/li>\n<li style=\"text-align: justify;\">faciliter l\u2019analyse du code source lors d\u2019une relecture par un pair ou par des outils d\u2019analyse statique ;<\/li>\n<li style=\"text-align: justify;\">\u00e9tablir un niveau de confiance dans la s\u00e9curit\u00e9, la fiabilit\u00e9 et la robustesse d\u2019un d\u00e9veloppement ;<\/li>\n<li style=\"text-align: justify;\">favoriser la maintenabilit\u00e9 du logiciel mais \u00e9galement l\u2019ajout de fonctionnalit\u00e9s<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Ce guide ne s\u2019inscrit pas dans un domaine d\u2019application particulier et ne veut pas remplacer les contraintes de d\u00e9veloppement impos\u00e9es par tout contexte normatif (domaine automobile, a\u00e9ronautique, syst\u00e8mes critiques, etc.). Son but est d\u2019adresser justement les d\u00e9veloppements en C s\u00e9curis\u00e9s non couverts par ces contraintes normatives.<\/p>\n<p>Plus d&#8217;informations sur le <a href=\"https:\/\/www.ssi.gouv.fr\/administration\/guide\/regles-de-programmation-pour-le-developpement-securise-de-logiciels-en-langage-c\/\" target=\"_blank\" rel=\"noopener noreferrer\">site de l&#8217;ANSSI<\/a>.<\/p>\n<div style=\"padding-bottom:20px; padding-top:10px;\" class=\"hupso-share-buttons\"><!-- Hupso Share Buttons - https:\/\/www.hupso.com\/share\/ --><a class=\"hupso_counters\" href=\"https:\/\/www.hupso.com\/share\/\"><img decoding=\"async\" src=\"https:\/\/static.hupso.com\/share\/buttons\/lang\/fr\/share-small.png\" style=\"border:0px; padding-top:2px; float:left;\" alt=\"Share Button\"\/><\/a><script type=\"text\/javascript\">var hupso_services_c=new Array(\"twitter\",\"facebook_like\",\"facebook_send\",\"email\",\"print\",\"linkedin\");var hupso_counters_lang = \"fr_FR\";var hupso_image_folder_url = \"\";var hupso_twitter_via=\"BenoitRiviere14\";var hupso_url_c=\"\";var hupso_title_c=\"R%C3%A8gles%20de%20programmation%20pour%20le%20d%C3%A9veloppement%20s%C3%A9curis%C3%A9%20de%20logiciels%20en%20langage%20C%20%28guide%29\";<\/script><script type=\"text\/javascript\" src=\"https:\/\/static.hupso.com\/share\/js\/counters.js\"><\/script><!-- Hupso Share Buttons --><\/div>","protected":false},"excerpt":{"rendered":"<p>Le langage C offre une grande libert\u00e9 aux d\u00e9veloppeurs. Cependant, il comporte des constructions ambigu\u00ebs ou risqu\u00e9es qui favorisent l&#8217;introduction d&#8217;erreurs lors du d\u00e9veloppement. Le standard du langage C ne sp\u00e9cifie pas l&#8217;ensemble des comportements souhait\u00e9s, et donc certains restent ind\u00e9finis ou non sp\u00e9cifi\u00e9s. Libre alors aux d\u00e9veloppeurs de compilateurs, de biblioth\u00e8ques ou de syst\u00e8mes &#8230;<\/p>\n<p><a href=\"https:\/\/www.auditsi.eu\/?p=9152\" class=\"more-link\">Continue reading &lsquo;R\u00e8gles de programmation pour le d\u00e9veloppement s\u00e9curis\u00e9 de logiciels en langage C (guide)&rsquo; &raquo;<\/a><\/p>\n<div style=\"padding-bottom:20px; padding-top:10px;\" class=\"hupso-share-buttons\"><!-- Hupso Share Buttons - https:\/\/www.hupso.com\/share\/ --><a class=\"hupso_counters\" href=\"https:\/\/www.hupso.com\/share\/\"><img src=\"https:\/\/static.hupso.com\/share\/buttons\/lang\/fr\/share-small.png\" style=\"border:0px; padding-top:2px; float:left;\" alt=\"Share Button\"\/><\/a><script type=\"text\/javascript\">var hupso_services_c=new Array(\"twitter\",\"facebook_like\",\"facebook_send\",\"email\",\"print\",\"linkedin\");var hupso_counters_lang = \"fr_FR\";var hupso_image_folder_url = \"\";var hupso_twitter_via=\"BenoitRiviere14\";var hupso_url_c=\"\";var hupso_title_c=\"R%C3%A8gles%20de%20programmation%20pour%20le%20d%C3%A9veloppement%20s%C3%A9curis%C3%A9%20de%20logiciels%20en%20langage%20C%20%28guide%29\";<\/script><script type=\"text\/javascript\" src=\"https:\/\/static.hupso.com\/share\/js\/counters.js\"><\/script><!-- Hupso Share Buttons --><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"ngg_post_thumbnail":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[1839,29,35],"tags":[1076,828,14,99,912,1812,1628],"class_list":["post-9152","post","type-post","status-publish","format-standard","hentry","category-c","category-livres-ouvrages","category-securite-informatique","tag-anssi","tag-compilateur","tag-confiance","tag-faille-de-securite","tag-fiabilite","tag-langage-c","tag-securite-informatique"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/posts\/9152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9152"}],"version-history":[{"count":2,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/posts\/9152\/revisions"}],"predecessor-version":[{"id":9156,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=\/wp\/v2\/posts\/9152\/revisions\/9156"}],"wp:attachment":[{"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.auditsi.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}