Recommendations
MSC00-A. Compile cleanly at high warning levels
MSC01-A. Strive for logical completeness
MSC02-A. Avoid errors of omission
MSC03-A. Avoid errors of addition
MSC04-A. Use comments consistently and in a readable fashion
MSC05-A. Do not manipulate time_t typed values directly
MSC06-A. Be aware of insecure compiler optimization when dealing with sensitive data
MSC07-A. Detect and remove dead code
MSC08-A. Library functions should validate their parameters
MSC09-A. Character Encoding - Use Subset of ASCII for Safety
MSC10-A. Character Encoding - UTF8 Related Issues
MSC11-A. Incorporate diagnostic tests using assertions
MSC12-A. Detect and remove code that has no effect
MSC13-A. Detect and remove unused values
Rules
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
MSC31-C. Ensure that return values are compared against the proper type
Risk Assessment Summary
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MSC00-A |
3 (high) |
2 (probable) |
1 (high) |
P6 |
L2 |
MSC01-A |
2 (medium) |
1 (unlikely) |
2 (medium) |
P4 |
L3 |
MSC02-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
MSC03-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
MSC04-A |
2 (medium) |
1 (unlikely) |
2 (medium) |
P4 |
L3 |
MSC05-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
MSC06-A |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
MSC07-A |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |
MSC08-A |
2 (medium) |
1 (unlikely) |
1 (high) |
P2 |
L3 |
MSC09-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
MSC10-A |
2 (medium) |
1 (unlikely) |
1 (high) |
P2 |
L3 |
MSC12-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
MSC13-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MSC30-C |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |
MSC31-C |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
ERR33-C. Only examine the value of errno when it is indicated to be valid by a function's return value 13. Error Handling (ERR)