...
Compass/ROSE can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the first argument does not involve O_CREAT, and exactly three arguments if the first argument does involve O_CREAT.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...