Secure coding guidance may vary depending on whether code is hand-coded versus automatically generated. Categories of code include:
- Hand-coded - code that has been manually written by a programmer using a text editor or interactive development environment where the programmer maintains source code directly in the source code format which is provided to the compiler.
- Tool-generated, tool-maintained - code which is specified and maintained in a higher-level format, from which language specific source code is generated. The source code is generated from this higher level description and then provided as input to the language compiler. The generated source code is never viewed or modified by the programmer.
- Tool-generated, tool-maintained - code which is specified and maintained in a higher-level format, from which language specific source code is generated. It is expected or anticipated that at some point in the development cycle, however, that the tool will ceased to be used and that the generated source code will be visually inspected and/or manually modified and maintained.
- Hand-coded - code that has been manually written by a programmer using a text editor or interactive development environment where the programmer maintains source code directly in the source code format which is provided to the compiler.
- JIT compilation - also known as dynamic translation, is a technique for improving the runtime performance of a computer program. JIT converts code at runtime prior to executing it natively, for example bytecode into native machine code. The performance improvement over interpreters originates from caching the results of translating blocks of code, and not simply reevaluating each line or operand each time it is met (see Interpreted language).
- Interpreted execution - Interpretation is one of the two major ways in which a programming language can be implemented, the other being compilation. The term interpreter may refer to the program that executes source code that has already been translated to some intermediate form, or it may refer to the program that performs both the translation and executionTranslated code.
Source code that is written and maintained by hand needs to have the following properties:
- readability
- comprehensibility
These requirements do not exist for source code that is never handled directly by a programmer, although requirements for correct behavior are still applicable.