Software systems can be validated as conforming to the CERT C Secure Coding Standard. Source code analysis tools, including compilers and static analysis tools, can be certified as able to validate source code as conforming to this standard.
...
Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Consequently, developers must ensure that this trust is not misplaced. Ideally, this should be achieved by the tool supplier running appropriate validation tests. While it is possible to use a validation suite to test a compiler or source code analysis tools, no formal validation scheme exists at the this time of publication of this book.
Levels
| Wiki Markup |
|---|
Rules and recommendations in this standard are classified into three levels (see \[Priority and Levels\]). Emphasis should be placed on conformance Level 1 (L1) rules. Software systems that have been validated as complying with all Level 1 rules are considered to be L1 Conforming. Software systems can be assessed as L1, L2, or fully conforming depending on the set of rules to which the system has been validated. |
Rules versus Recommendations
...