The CERT C Secure Coding Standard was developed specifically for versions of the C pro-gramming programming language defined by
- ISO/IEC 9899:2011 ISO/IEC, Programming Languages—C, 3rd ed. [ISO/IEC 9899:2011]
- ISO/IEC 9899:2011/Cor.1:2012, Technical Corrigendum 1
Although the guidelines for this standard were developed for C11, they can also be applied to earlier versions of the C programming language, including C99. Variations between ver-sions versions of the C Standard that would affect the proper application of these guidelines are not-ed noted where applicable.
Most guidelines have a noncompliant code example that is a C11-conforming program to ensure that the problem identified by the guideline is within the scope of the standard. However, the best solutions to secure coding problems are often platform specific. In many cases, this standard provides appropriate compliant solutions for both POSIX and Windows operating systems. Language and library extensions that have been published as ISO/IEC technical reports or technical specifications are frequently given precedence, such has those described by ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2:2010]. In many cases, compliant solutions are also provided for specific platforms such as Linux or OpenBSD. Occasionally, interesting or illustrative implementation-specific behaviors are described.
...