本文件规定了在安全、安全、任务关键型和业务关键型软件需要确保行为的系统开发中应避免的软件编程语言漏洞。一般来说，本指南适用于为任何应用程序开发、审查或维护的软件。 本文件描述了用C语言显示或避免ISO/IEC TR 24772-1中列出的漏洞的方式。

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application. This document describes the way that the vulnerabilities listed in ISO/IEC TR 24772-1 are manifested or avoided in the C language.