ISO/IEC TS 17961:2013 specifies
- rules for secure coding in the C programming language, and
- code examples.
ISO/IEC TS 17961:2013 does not specify
- the mechanism by which these rules are enforced, or
- any particular coding style to be enforced.
Each rule in this Technical Specification is accompanied by code examples. Two distinct kinds of examples are provided:
- noncompliant examples demonstrating language constructs that have weaknesses with potentially exploitable security implications; such examples are expected to elicit a diagnostic from a conforming analyzer for the affected language construct; and
- compliant examples are expected not to elicit a diagnostic.