...
Note that this recommendation does not apply (in all cases) to character arrays initialized with string literals. See guideline rule STR36-C. Do not specify the bound of a character array initialized with a string literal for more information.
...
In this example, the compiler allocates an array of four integer elements and, and because an array bound is not explicitly specified by the programmer, sets the array bound to 4. However, if the initializer changes, the array bound may also change, causing unexpected results.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: ARR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer
Bibliography
Wiki Markup
MITRE CWE: CWE-665, "Incorrect or Incomplete Initialization"
Bibliography
...
06. Arrays (ARR) ARR30-C. Do not form or use out of bounds pointers or array subscripts