Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

13. Miscellaneous (MSC)

Created by Robert C. Seacord, last modified by Justin Pincar on May 28, 2008

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MSC00-A. Compile cleanly at high warning levels

MSC01-A. Strive for logical completeness

MSC02-A. Avoid errors of omission

MSC03-A. Avoid errors of addition

MSC04-A. Use comments consistently and in a readable fashion

MSC05-A. Do not manipulate time_t typed values directly

MSC06-A. Be aware of compiler optimization when dealing with sensitive data

MSC07-A. Detect and remove dead code

MSC08-A. Library functions should validate their parameters

MSC09-A. Character Encoding - Use Subset of ASCII for Safety

MSC10-A. Character Encoding - UTF8 Related Issues

MSC11-A. Incorporate diagnostic tests using assertions

MSC12-A. Detect and remove code that has no effect

MSC13-A. Detect and remove unused values

MSC14-A. Do not introduce unnecessary platform dependencies

MSC15-A. Do not depend on undefined behavior

MSC16-A. Limit access to the filesystem by creating a jail

Rules

MSC30-C. Do not use the rand() function for generating pseudorandom numbers

MSC31-C. Ensure that return values are compared against the proper type

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00-A	high	probable	high	P6	L2
MSC01-A	medium	unlikely	medium	P4	L3
MSC02-A	low	unlikely	medium	P2	L3
MSC03-A	low	unlikely	medium	P2	L3
MSC04-A	medium	unlikely	medium	P4	L3
MSC05-A	low	unlikely	medium	P2	L3
MSC06-A	medium	probable	medium	P8	L2
MSC07-A	low	unlikely	high	P1	L3
MSC08-A	medium	unlikely	high	P2	L3
MSC09-A	low	unlikely	low	P3	L3
MSC10-A	medium	unlikely	high	P2	L3
MSC11-A	low	unlikely	low	P3	L3
MSC12-A	low	unlikely	medium	P2	L3
MSC13-A	low	unlikely	medium	P2	L3
MSC14-A	low	unlikely	medium	P2	L3
MSC15-A	high	high	medium	P???	L???

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30-C	low	unlikely	high	P1	L3
MSC31-C	low	probable	medium	P4	L3

12. Error Handling (ERR) MSC00-A. Compile cleanly at high warning levels

No labels