On top of that, if one really needs to use C, then:
- Enable all warnings as errors
- Sanitize all inputs via assertions, or similar
- Provide proper unit tests
- Have a static analyzer configured for the continuous build that breaks the build if issues are found
- Specially don't allow anything to go through the static analyzer that is labeled as undefined or compiler specific according to the ANSI/ISO C standard
- Enable all warnings as errors
- Sanitize all inputs via assertions, or similar
- Provide proper unit tests
- Have a static analyzer configured for the continuous build that breaks the build if issues are found
- Specially don't allow anything to go through the static analyzer that is labeled as undefined or compiler specific according to the ANSI/ISO C standard
- Read MISRA C