...
Rules must be followed to claim compliance with this standard unless an exceptional condition exists. If If an exceptional condition is claimed, the exception must correspond to a pre-defined exceptional condition and the application of this exception must be documented in the source code.
...
Compliance with recommendations is not necessary to claim compliance with a coding this standard. It is possible, however, to claim compliance with one or more verifiable guidelinesrecommendations (especially in cased where compliance can be verified). The set of recommendations that a particular development effort adopts depends on the security requirements of the final software product. Projects with high-security requirements can dedicate more resources to security and are thus likely to adopt a larger set of recommendations.
Implementation of the secure coding rules defined in this document standard are necessary (but not sufficient) to ensure the security of software systems developing in the C programming languages.