I wonder when this was written. The earliest reference I found was June 1993 in an AUUG (Australian Unix Users Group) newsletter. <a href="http://books.google.com/books?id=lbsmK77EVU4C&lpg=PA1&pg=PA36#v=onepage&q&f=false" rel="nofollow">http://books.google.com/books?id=lbsmK77EVU4C&lpg=PA1...</a><p>1) <i>run lint</i>: Not anymore. But then I'm a -Wall -Werr kind of guy and I visit Clang.<p>2) <i>don't follow NULL</i>: Well, obviously.<p>3) <i>cast function arguments to the expected type</i>: Not important now that the types are in the declarations. But if you don't force that, then yes. Got that right. Just as people got complacent with 32bit data and address, BANG!<p>4) <i>declare return types for functions</i>: That insanity has passed from practice.<p>5) <i>check bounds</i>: Yep, still causing exploits today.<p>6) <i>check error codes</i>: Yep, and triples is about right for library/system call intensive code. But the first time fclose() returns an error and you catch it you will be happy.<p>7) <i>don't re-implement the library</i>: Beating a modern C library is hard. But: if you have a special case, you can still get a significant gain by exploiting that, after you have profiled and know you aren't engaging in petty puffery. (It should be mentioned that the author is the Henry Spencer that wrote and distributed a regex library back in the days of ftp.)<p>8) <i>use K&R brace styles</i>: I care so little for brace styles I can't tell you which is K&R after writing hundreds of thousands of lines of C code.<p>9) <i>external symbols must be unique in the first 6 characters</i>: Ha ha! Good riddance SCO, the last system I met where that was an issue (in <i>ar</i> libraries only I think.)<p>10) <i>all the world's a vax</i>: s/VAX/x86/ e.g. I keep a PPC (byte order) and an ARM (char is unsigned) just to keep me honest on this.