Secure coding guidance may vary depending on whether code is hand-coded versus or automatically generated. Categories of code include:
- Tool-generated, tool-maintained - code which that is specified and maintained in a higher - level format, from which language-specific source code is generated. The source code is generated from this higher level description and then provided as input to the language compiler. The generated source code is never viewed or modified by the programmer.
- Tool-generated, hand-maintained - code which that is specified and maintained in a higher - level format, from which language-specific source code is generated. It is expected or anticipated, however, that at some point in the development cycle , however, that the tool will cease to be used and that the generated source code will be visually inspected and/or manually modified and maintained.
- Hand-coded - code that has been manually written by a programmer using a text editor or interactive development environment where in which the programmer maintains source code directly in the source code format which is provided to the compiler.
Source code that is written and maintained by hand needs to must have the following properties:
...
These requirements are not applicable for source code that is never directly handled by a programmer, although requirements for correct behavior still apply. Reading and comprehension requirements apply to code that is tool-generated but and hand-maintained , but does not apply to code that is tool-generated and tool-maintained.
...