This secure coding standard consists of of rules and recommendations.
Rules
and recommendations, collectively referred to as guidelines. Rules are meant to provide normative requirements for code, whereas recommendations are meant to provide guidance that, when followed, should improve the safety, reliability, and security of software systems. However, a violation of a recommendation does not necessarily indicate the presence of a defect in the code.
Rules
Rules must meet the following criteriaCoding practices are defined to be rules when the following conditions are met:
- Violation of the coding practice guideline is likely to result in a defect that may adversely affect the safety, reliability, or security of a system, for example, by introducing a security flaw that that may result in an exploitable vulnerabilityexploitable vulnerability.
- The guideline does not rely on source code annotations or assumptions.
- Conformance to the coding practice guideline can be determined through automated analysis (either static or dynamic), formal methods, or manual inspection techniques.
Implementation of the secure coding rules defined in this standard are necessary (but not sufficient) to ensure the security of software systems developed in the C programming language.
Rules are identified by the label label rule.
Recommendations
Recommendations are guidelines or suggestions . Coding practices for improving code quality. Guidelines are defined to be recommendations when all of the following conditions are met:
- Application of the coding practice a guideline is likely to improve system securitythe safety, reliability, or security of software systems.
- One or more of the requirements necessary for a coding practice guideline to be considered a rule cannot be met.
The set of recommendations that a particular development effort adopts depends on the security requirements of the final software product. Projects with high-security requirements can stricter requirements may decide to dedicate more resources to ensuring the safety, reliability, and security of a system and consequently are consequently likely to adopt a larger broader set of recommendations.
To ensure that the source code conforms to this secure coding standard, it is necessary to have measures in place that check for rules violations. The most effective means of achieving this is to use one or more static analysis tools. Where a rule cannot be checked by a tool, then a manual review is required.
.
Recommendations are identified by the label recommendation.
Noncompliant Code Examples and Compliant Solutions
Noncompliant code examples illustrate code that violates the guideline under discussion. It is important to note that these are only examples, and eliminating all occurrences of the example does not necessarily mean that the code being analyzed is now compliant with the guideline.
Noncompliant code examples are typically followed by compliant solutions, which show how the noncompliant code example can be recoded in a secure, compliant manner. Except where noted, noncompliant code examples should contain violations only of the guideline under discussion. Compliant solutions should comply with all of the secure coding rules but may on occasion fail to comply with a Recommendations are identified by the label recommendation.
Exceptions
Any rule or recommendation may specify a small set of exceptions detailing the circumstances under which the coding practice guideline is not necessary to ensure the safety, reliability, or security of software. Exceptions are informative only and are not required to be followed.
Coding practices that specify one or more exceptions are identified by the label exceptions.
Identifiers
Each rule and recommendation is given a unique identifier. These identifiers consist of three parts:
...
The numeric value is used to give each coding practice a unique identifier. Numeric values in the range of 00-29 are reserved for recommendations, while values in the range of 30-99 are reserved for rules.
...