For Turing-complete languages we cannot reliably decide offline whether a program has the potential to execute an error; we have to just run it and see
Secure Coding Standard for C, C++ and Java
Eine VIelzahl an Informationen zu Sicheres Programmieren, zusammengestellt von cert.org