...
Most guidelines have a noncompliant code example that is a C11-conforming program to ensure that the problem identified by the guideline is within the scope of the standard. However, the best solutions to secure coding problems are often platform specific. In many cases, this standard provides appropriate compliant solutions for both POSIX and Windows operating systems. Language and library extensions that have been published as ISO/IEC technical reports or technical specifications are frequently given precedence, such has as those described by ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ ISO/IEC TR 24731-2:2010 ]. In many cases, compliant solutions are also provided for specific platforms such as Linux or OpenBSD. Occasionally, interesting or illustrative implementation-specific behaviors are described.
...
In general, the CERT coding standards try to avoid the inclusion of controversial rules that lack a broad consensus.