1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC TS 17961-2013

ISO IEC TS 17961-2013 PDF

St ISO IEC TS 17961-2013

Name in English:
St ISO IEC TS 17961-2013

Name in Russian:
Ст ISO IEC TS 17961-2013

Description in English:

Original standard ISO IEC TS 17961-2013 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC TS 17961-2013 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso27711
Choose Document Language:
€25

Full title and description

ISO/IEC TS 17961:2013 — Information technology — Programming languages, their environments and system software interfaces — C secure coding rules. A Technical Specification that defines a concise set of secure-coding rules and illustrative examples for the C programming language to help reduce common security vulnerabilities in C code.

Abstract

ISO/IEC TS 17961:2013 specifies a set of language-level secure coding rules for C and provides both non‑compliant and compliant code examples for each rule. The document is intended to guide developers, tool vendors and assessors on security-relevant language constructs and programming practices; it does not prescribe enforcement mechanisms or a particular coding style.

General information

  • Status: Published (Technical Specification, confirmed).
  • Publication date: November 2013 (ISO/IEC TS 17961:2013).
  • Publisher: ISO and IEC (joint deliverable via JTC 1 / SC 22, WG14).
  • ICS / categories: 35.060 (Programming languages).
  • Edition / version: Edition 1 (2013); Technical Corrigendum 1 issued 2016.
  • Number of pages: 80 (original TS document).

Scope

The Technical Specification defines security-focused, language-level rules for programs written in C. Its scope covers common C language constructs and usage patterns that have been observed to lead to exploitable security weaknesses (for example, unsafe memory and pointer usage, undefined behaviour, integer handling, and improper use of standard APIs). Each rule is stated succinctly and accompanied by noncompliant and compliant examples. The TS does not mandate coding style, nor does it specify how rules must be enforced (for example, by a particular static analysis tool or process).

Key topics and requirements

  • Concise set of secure-coding rules for the C language (46 rules in the TS).
  • Each rule paired with non‑compliant and compliant code examples to illustrate the issue and the remediation.
  • Focus areas include memory and pointer safety, bounds checking, integer safety, defined vs. undefined behaviour, safe use of library and system interfaces, and resource management.
  • Rules are language-level and tool-agnostic; the TS avoids prescribing enforcement mechanisms or coding style conventions.
  • Designed to be used as a baseline for static analysis, code review checklists, and secure-development policies.

Typical use and users

Software developers and architects working in C who need to reduce security vulnerabilities; static-analysis and security-tool vendors mapping checks to an international baseline; code reviewers and security auditors in safety- or security-critical domains (embedded, telecoms, automotive, medical, defense); standards bodies and organizations aligning coding guidelines (for example as a mapping target for MISRA, CERT C, or CWE-related activities).

Related standards

ISO/IEC 9899:2011 (C language standard, C11); MISRA C (and MISRA C:2012 addenda that map to the TS); CERT C Coding Standard; CWE (Common Weakness Enumeration) and other vulnerability taxonomies; various static-analysis tool specifications and coding-style guides that map their checks to ISO/IEC TS 17961 rules. A Technical Corrigendum to the TS was published in 2016 to correct and clarify content.

Keywords

secure coding, C, C secure coding rules, static analysis, vulnerability mitigation, buffer overflow, integer overflow, undefined behaviour, pointer safety, ISO/IEC TS 17961

FAQ

Q: What is this standard?

A: ISO/IEC TS 17961:2013 is a Technical Specification that defines a compact set of secure‑coding rules for the C programming language, accompanied by compliant and noncompliant examples to illustrate each rule.

Q: What does it cover?

A: It covers language‑level security issues in C (memory and pointer use, bounds and integer handling, undefined behaviour, safe API usage, resource management, etc.) and provides examples for correct and incorrect coding. It does not mandate enforcement methods or stylistic conventions.

Q: Who typically uses it?

A: C developers, security reviewers, auditors, static-analysis tool vendors, and standards or compliance teams use the TS as a baseline for identifying and remediating security-relevant coding issues.

Q: Is it current or superseded?

A: The document was published in November 2013 (Edition 1) and a Technical Corrigendum was issued in 2016. As a Technical Specification it remains a recognized deliverable; users should consult the ISO catalogue or their national standards body for the absolute current status or any later revisions (status checked as of March 2, 2026).

Q: Is it part of a series?

A: It is a stand‑alone Technical Specification produced under the ISO/IEC JTC 1 framework (SC 22 for programming languages). It is commonly used alongside the C language standard (ISO/IEC 9899) and referenced by or mapped to other coding guidelines such as MISRA C and CERT C.

Q: What are the key keywords?

A: Secure coding, C, coding rules, static analysis, memory safety, pointer safety, buffer overflow, integer overflow, undefined behaviour.