This standard specifies the audit process of code security and security function defects, code implementation security defects, resource use security defects, environmental security defects and other typical audit indicators and corresponding verification methods. This standard is applicable to guide code security audit related work.