The goal of each coding standard is to define a set of rules that are necessary (but not sufficient) to ensure the security of software systems developing in the respective programming languages.
A This secure coding standard consists of rules and recommendations. Coding practices are defined to be rules when all of the following conditions are met:
...
Rules must be followed to claim compliance with a this standard unless an exceptional condition exists. If an exceptional condition is claimed, the exception must correspond to a pre-defined exceptional condition and the application of this exception must be documented in the source code.
...
Compliance with recommendations is not necessary to claim compliance with a coding standard. It is possible, however, to claim compliance with one or more verifiable guidelines. The set of recommendations that a particular development effort adopts depends on the security requirements of the final software product. Projects with high-security requirements can dedicate more resources to security and are thus likely to adopt a larger set of recommendations.
Implementation of the secure coding rules defined in this document are necessary (but not sufficient) to ensure the security of software systems developing in the C programming languages.