Has anyone used CERT for C?

On a开发者_运维技巧 recent search I've found that some developers program following guidelines from MISRA C (not free). I got a little more interested about it and I've found a free option, CERT for C.

Does anyone use it? Is that helpful for an embedded developer?

CERT C is more lax than MISRA-C and intended mainly towards desktop programming, and it addresses security issues like buffer overflow etc that most of the time aren't relevant to embedded systems.

If you are developing embedded applications, you should use MISRA-C:2004, as it is a more suitable standard and widely recognized. Its main concern is safe, bug-free code, though it also addresses writing more portable and maintainable code.

The document is only £15, so hardly a steep investment. The big investment is buying the static analyzer tool that MISRA enforces. But all professional programmers should have a static analyzer, so if you aim to be one of those, you would have to invest in one anyhow.

CERT provides guidelines to avoid security vulnerabilities in your code (stack-integer overflows etc).
Overall you could benefit, but I am not sure what you are looking for related to the embedded programming.
If you are looking for optimization techniques etc, I do not think you will find much.