Software systems can be validated as conforming to the CERT C Secure Coding Standard. Source code analysis tools, included compilers, and static analysis tools, can be certified as able to validate source code as conforming to this standard.
...
The CERT C Secure Coding standard can be used as a measure of software security by determining the degree to which a software systems system complies with the rules and recommendations in this standard. While compliance does not guarantee the absence of vulnerabilities (for example, vulnerabilities resulting from design flaws), it does guarantee the absence of coding errors that are commonly found to be the root causes of vulnerabilities.
...
When choosing a compiler (which should be understood to include the linker), a C99-compliant compiler should be used whenever possible.
When choosing a source code analysis tool, it is clearly desirable that the tool be able to enforce as many of the rules in this document as possible.
Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Consequently, developers must ensure that this trust is not misplaced. Ideally, this should be achieved by the tool supplier running appropriate validation tests. While it is possible to use a validation suite to test a compiler or source code analysis tools, no formal validation scheme exists at the time of publication of this document.
...
It is recognized that in some instances it may be necessary to deviate from the rules given in this standard. For the rules to have authority, it is necessary that a formal procedure be used to authorize these deviations rather than an individual programmer having discretion to deviate at will. The use of a deviation must be justified on the basis of both necessity and security. Rules that have a high severity and/or a high likelihood require a more stringent process for agreeing to a deviation , than rules and recommendations with a low severity that are unlikely to result in a vulnerability.
...