...
A number of existing libraries are available for managing string data; the library selected depends on the approach adopted for managing null-terminated byte strings. The functions defined by the C standard, Section 7.24 , "String handling <string.h>" [ISO/IEC 9899:2011], are primarily intended for managing statically allocated strings. However, these functions are problematic because many of them are insufficiently bounded. Consequently, this standard recommends using the ISO/IEC TR 24731-1 [ISO/IEC TR 24731-1:2007] functions with statically allocated arrays. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.) These functions provide bounds-checking interfaces to protect against buffer overflows and other runtime constraint violations.
...
CERT C++ Secure Coding Standard: STR01-CPP. Adopt and implement a consistent plan for managing strings
ISO/IEC 9899:2011 Section Section 7.21, "String handling <string.h>"
...