Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

49. Miscellaneous (MSC)

Created by Robert C. Seacord, last modified by David Svoboda on Nov 07, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MSC00-C. Compile cleanly at high warning levels

MSC01-C. Strive for logical completeness

MSC02-C. Avoid errors of omission

MSC03-C. Avoid errors of addition

MSC04-C. Use comments consistently and in a readable fashion

MSC05-C. Do not manipulate time_t typed values directly

MSC06-C. Be aware of compiler optimization when dealing with sensitive data

MSC07-C. Detect and remove dead code

MSC08-C has been renamed APP00-C. Functions should validate their parameters

MSC09-C. Character Encoding - Use Subset of ASCII for Safety

MSC10-C. Character Encoding - UTF8 Related Issues

MSC11-C. Incorporate diagnostic tests using assertions

MSC12-C. Detect and remove code that has no effect

MSC13-C. Detect and remove unused values

MSC14-C. Do not introduce unnecessary platform dependencies

MSC15-C. Do not depend on undefined behavior

MSC16-C. Consider encrypting function pointers

MSC17-C. Finish every set of statements associated with a case label with a break statement

MSC18-C. Be careful while handling sensitive data, such as passwords, in program code

MSC19-C. For functions that return an array, prefer returning an empty array over a null value

MSC20-C. Do not use a switch statement to transfer control into a complex block

MSC21-C. Use inequality to terminate a loop whose counter changes by more than one

MSC22-C. Always provide feedback about the resulting value of a method

Rules

MSC30-C. Do not use the rand() function for generating pseudorandom numbers

MSC31-C. Ensure that return values are compared against the proper type

MSC32-C. Ensure your random number generator is properly seeded

MSC33-C. Do not pass invalid data to the asctime() function

MSC34-C. Do not use deprecated or obsolescent functions

MSC35-C. Do not include any executable statements inside a switch statement before the first case label

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00-C	medium	probable	medium	P8	L2
MSC01-C	medium	probable	medium	P8	L2
MSC02-C	low	likely	medium	P6	L2
MSC03-C	low	likely	medium	P6	L2
MSC04-C	medium	unlikely	medium	P4	L3
MSC05-C	low	unlikely	medium	P2	L3
MSC06-C	medium	probable	medium	P8	L2
MSC07-C	low	unlikely	medium	P2	L3
MSC08-C	medium	unlikely	high	P2	L3
MSC09-C	medium	unlikely	medium	P4	L3
MSC10-C	medium	unlikely	high	P2	L3
MSC11-C	low	unlikely	high	P1	L3
MSC12-C	low	unlikely	medium	P2	L3
MSC13-C	low	unlikely	medium	P2	L3
MSC14-C	low	unlikely	medium	P2	L3
MSC15-C	high	likely	medium	P18	L1
MSC16-C	high	unlikely	low	P9	L2
MSC18-C	medium	probable	medium	P8	L2
MSC19-C	low	unlikely	high	P1	L3

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30-C	medium	unlikely	low	P6	L2
MSC31-C	low	probable	medium	P4	L3
MSC32-C	medium	likely	low	P18	L1
MSC33-C	high	high	low	P9	L2
MSC34-C	medium	likely	low	P18	L1

CERT C Secure Coding Standard

No labels