...
Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions, such as the C11 Annex K functions, that might not be available on all platforms. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.)
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE09-C | High | Likely | Medium | P18 | L1 |
...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| PRQA QA-C |
| Secondary analysis | Fully implemented |
...
Related Guidelines
| CERT C++ Secure Coding Standard | PRE09-CPP. Do not replace secure functions with less secure functions |
| ISO/IEC TR 24772:2013 | Executing or Loading Untrusted Code [XYS] |
| MITRE CWE | CWE-684, Failure to provide specified functionality |
...