On reading the outline of SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems, one may feel the advices are so mundane; of course I shouldn’t do that, and I never will. The thing is that on actually writing C, it’s super hard to realize those violations if developers are not paying strong attentions on those dark corners constantly. I wonder if it’s possible to implement those rules in a static checker to enforce them.