...
[ISO/IEC 9899:1999] Section 7.20.2.1, "The rand function"
[MITRE 2007] CWE ID 327 , "Use of a Broken or Risky Cryptographic Algorithm," CWE ID 330, "Use of Insufficiently Random Values"
[MSDN 2010] "CryptGenRandom Function."
...
CON04-CPP. Ensure objects are fully initialized before allowing access 49. Miscellaneous (MSC) MSC31-CPP. Ensure that return values are compared against the proper type