This secure coding standard consists of rules and recommendations.
Rules
Coding practices are defined to be rules when the following conditions are met:
- Violation of the coding practice is likely to result in a security flaw that may result in an exploitable vulnerability.
- Conformance to the coding practice can be determined through automated analysis, formal methods, or manual inspection techniques.
...
Rules are identified by the label rule.
Recommendations
Recommendations are guidelines or suggestions. Coding practices are defined to be recommendations when all of the following conditions are met:
...
Recommendations are identified by the label recommendation.
Exceptions
Any rule or recommendation may specify a small set of exceptions detailing the circumstances under which the coding practice is not necessary to ensure the security of software. Exceptions are informative only and not are not required to be followed.
Coding practices that specify one or more exceptions are identified by the label exceptions.
Identifiers
Each rule and recommendation is given a unique identifier. These identifiers consist of three parts:
- a three-letter mnemonic representing the section of the standard
- a two-digit numeric value in the range of 00-9900–99
- the letters "PL" indicates that this is a Perl language guideline
...
The numeric value is used to give each coding practice a unique identifier. Numeric values in the range of 00-29 00–29 are reserved for recommendations, while values in the range of 30-99 30–99 are reserved for rules. 00. Introduction