You might also be interested in the MISRA C coding standard, which is geared towards reliability and safety rather than security. The MISRA C standard is fairly strict and mostly (but not entirely) machine checkable.
There was a Usenix talk on developing code for Mars rovers in which Gerard Holzmann pointed out that for large projects coding standards are much more effective when you have automated compliance checking.
https://www.usenix.org/conference/hotdep12/workshop-program/...
There was a Usenix talk on developing code for Mars rovers in which Gerard Holzmann pointed out that for large projects coding standards are much more effective when you have automated compliance checking. https://www.usenix.org/conference/hotdep12/workshop-program/...
I note that there is a tool for checking the CERT rules called Rosecheckers: http://www.cert.org/secure-coding/tools/rosecheckers.cfm? It looks like it might be incomplete and/or outdated.
And the CERT pages include a reference to a deleted summary of other automated checkers such as Coverity and Klockwork: https://www.securecoding.cert.org/confluence/display/seccode...