The set of guidelines that a particular development effort adopts depends on the security requirements of the final software product. Projects with high-security requirements can dedicate more resources to security and are consequently likely to adopt a larger set of guidelines.
To ensure that the source code conforms to this secure coding standard, it is necessary to have measures in place that check for guideline violations. The most effective means of achieving this is to use one or more static analysis tools. Where a rule cannot be checked by a tool, then a manual review is required.
Identifiers
Each guideline is Each rule and guideline is given a unique identifier. These identifiers consist of three parts:
- a three-letter mnemonic representing the section of the standard
- a two-digit numeric value in the range of 00-49 for rules, and 50-99 for guideilnes
- the letter "J" indicates that this is a Java language guideline
The three-letter mnemonic can be used to group similar coding practices and to indicate to which category a coding practice belongs. The numeric value is used to give each coding practice a unique identifier.