[C-safe-secure-studygroup] Rule 8.9

[Aaron Ballman]

Rule 8.9: An object should be defined at block scope if its identifier
only appears in a single function

This rule is basically suggesting to not define global variables and
is an advisory rule. While the gist of the rule is reasonable, it does
not strike me as plausible to enforce in a real world system because
the analysis tool cannot tell the difference between good use of
global variables and poor use of global variables. The rule itself
states that some projects may not wish to apply this rule due to
common, reasonable coding practices such as unit testing.

I do not think it makes sense in the security profile as the presence
of a global variable does not indicate a vulnerability. I am not
convinced it makes sense in the safety profile either, but could see
it being more of a concern in that domain due to possible confusion
with variables hiding other variables in outer scopes.

~Aaron