If a code-generating tool is to be used, it is necessary to select an appropriate tool and undertake validation. Adherence to the requirements of this document may
provide one criterion for assessing a tool.
Secure coding Coding guidance varies depending on how code is generated and maintained. Categories of code include the following:
- Tool-generated, tool-maintained code that is specified and maintained in a higher-level format from which language-specific source code is generated. The source code is generated from this higher-level description and then provided as input to the language compiler. The generated source code is never viewed or modified by the programmer.
- Tool-generated, hand-maintained code that is specified and maintained in a higher-level format from which language-specific source code is generated. It is expected or anticipated, however, that at some point in the development cycle, the tool will cease to be used and the generated source code will be visually inspected and/or manually modified and maintained.
- Hand-coded code is manually written by a programmer using a text editor or interactive development environment; the programmer maintains source code directly in the source-code format provided to the compiler.
...
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...