Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.
|LANG.FUNCS.ASSERTS||Not enough assertions|
Can detect the specific instance where assertion contains an operation/function call that may have a side effect
|CERT_C-MSC11-a||Assert liberally to document internal assumptions and invariants|
|CERT C Secure Coding Standard||ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy|
|SEI CERT C++ Coding Standard||VOID MSC11-CPP. Incorporate diagnostic tests using assertions|
|MITRE CWE||CWE-190, Reachable assertion|