Here is a list of Secure Coding Standards links from Source Code Auditing, Reversing, Web Security, re-posted here for my own easy reference. Code review is admittedly not (currently) my strong suit. I have done some old school reverse engineering in the lab back in the day, and messed around with static and behavioral analysis, even done some 3D game programming, but I am still a n00b.
- http://community.corest.com/~gera/InsecureProgramming/
- https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
- https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637
- https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
- CERT Oracle Secure Coding standard for Java
- http://www.viva64.com/en/a/0065/ (A Collection of Examples of 64-bit Errors in Real Programs)
- http://www.viva64.com/en/a/0042/ (Seven Steps of Migrating a Program to a 64-bit System)
- http://www.viva64.com/en/l/ (Lessons on development of 64-bit C/C++ applications)
- http://www.oracle.com/technetwork/java/seccodeguide-139067.html (Secure Coding Guidelines for the Java Programming Language, Version 4.0)
- http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
- Apple’s Secure Coding standard
- https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/305-BSI.html
- Klocwork’s CERT C and C++ Secure Coding Standard
- https://www.securecoding.cert.org/confluence/display/seccode/Klocwork+Cross+Reference
- http://grouper.ieee.org/groups/plv/
- https://www.owasp.org/index.php/Secure_Coding_Principles
- http://developer.klocwork.com/klocwork-university/security-innovation/secure-coding
- http://www.saferc.com/
- http://stackoverflow.com/questions/4780410/secure-c-coding-practices
- http://www.bits.org/publications/pr/BITSSoftwareAssurance020112.pdf 50-page guide for a mature, strategic secure software dev program.
If you have any more, please add it in the comment.