[metadata]
id = "MEM06-C"
type = "recommendation"
category = "MEM"
number = 6
title = "Ensure that sensitive data is not written out to disk"
description = """
Developers should take steps to prevent sensitive information such as passwords,
cryptographic keys, and other secrets from being inadvertently leaked.
Preventive measures include attempting to keep such data from being written to
disk. Two common mechanisms by which data is inadvertently written to disk
areswappingandcore dumps. Many general-purpose operating systems implement a
virtual-memory-management technique calledpaging(also calledswapping) to
transfer pages between main memory and an auxiliary store, such as a disk drive.
This feature is typically implemented as a task running in the kernel of the
operating system, and its operation is invisible to the running program.
"""
severity = "Medium"
likelihood = "Unlikely"
priority = "P2"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.MEM06-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk"
cwe = ["CWE-591", "CWE-528"]