| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| MSC30-C | Medium | Unlikely | Yes | No | P4 | L3 |
| MSC32-C | Medium | Likely | Yes | Yes | P18 | L1 |
| MSC33-C | High | Likely | No | No | P9 | L2 |
| MSC37-C | High | Unlikely | Yes | No | P6 | L2 |
| MSC38-C | Low | Unlikely | Yes | No | P2 | L3 |
| MSC39-C | Low | Unlikely | Yes | No | P2 | L3 |
| MSC40-C | Low | Unlikely | No | No | P1 | L3 |
| MSC41-C | High | Probable | No | No | P6 | L2 |
...
Recommendations
MSC00-C. Compile cleanly at high warning levels
MSC01-C. Strive for logical completeness
MSC02-C. Avoid errors of omission
MSC03-C. Avoid errors of addition
MSC04-C. Use comments consistently and in a readable fashion
MSC05-C. Do not manipulate time_t typed values directly
MSC06-C. Be aware of compiler optimization when dealing with sensitive data
MSC07-C. Detect and remove dead code
MSC08-C has been renamed APP00-C. Functions should validate their parameters
MSC09-C. Character Encoding - Use Subset of ASCII for Safety
MSC10-C. Character Encoding - UTF8 Related Issues
MSC11-C. Incorporate diagnostic tests using assertions
MSC12-C. Detect and remove code that has no effect
MSC13-C. Detect and remove unused values
MSC14-C. Do not introduce unnecessary platform dependencies
MSC15-C. Do not depend on undefined behavior
MSC16-C. Consider encrypting function pointers
MSC17-C. Finish every set of statements associated with a case label with a break statement
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
MSC19-C. For functions that return an array, prefer returning an empty array over a null value
MSC20-C. Do not use a switch statement to transfer control into a complex block
MSC21-C. Use inequality to terminate a loop whose counter changes by more than one
MSC22-C. Always provide feedback about the resulting value of a method
Rules
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
MSC31-C. Ensure that return values are compared against the proper type
MSC32-C. Ensure your random number generator is properly seeded
MSC33-C. Do not pass invalid data to the asctime() function
MSC34-C. Do not use deprecated or obsolescent functions
Risk Assessment Summary
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC00-C | medium | probable | medium | P8 | L2 |
MSC01-C | medium | probable | medium | P8 | L2 |
MSC02-C | low | likely | medium | P6 | L2 |
MSC03-C | low | likely | medium | P6 | L2 |
MSC04-C | medium | unlikely | medium | P4 | L3 |
MSC05-C | low | unlikely | medium | P2 | L3 |
MSC06-C | medium | probable | medium | P8 | L2 |
MSC07-C | low | unlikely | medium | P2 | L3 |
MSC08-C | medium | unlikely | high | P2 | L3 |
MSC09-C | medium | unlikely | medium | P4 | L3 |
MSC10-C | medium | unlikely | high | P2 | L3 |
MSC11-C | low | unlikely | high | P1 | L3 |
MSC12-C | low | unlikely | medium | P2 | L3 |
MSC13-C | low | unlikely | medium | P2 | L3 |
MSC14-C | low | unlikely | medium | P2 | L3 |
MSC15-C | high | likely | medium | P18 | L1 |
MSC16-C | high | unlikely | low | P9 | L2 |
MSC18-C | medium | probable | medium | P8 | L2 |
MSC19-C | low | unlikely | high | P1 | L3 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC30-C | medium | unlikely | low | P6 | L2 |
MSC31-C | low | probable | medium | P4 | L3 |
MSC32-C | medium | likely | low | P18 | L1 |
MSC33-C | high | high | low | P9 | L2 |
MSC34-C | medium | likely | low | P18 | L1 |