diff --git a/fsw/src/mm_app.c b/fsw/src/mm_app.c
index f099a04..27acd31 100644
--- a/fsw/src/mm_app.c
+++ b/fsw/src/mm_app.c
@@ -455,6 +455,7 @@ bool MM_LookupSymbolCmd(const CFE_SB_Buffer_t *BufPtr)
     /*
     ** Check if the symbol name string is a nul string
     */
+    /* SAD: Using strlen since SymName is null-terminated by CFE_SB_MessageStringGet() */
     if (strlen(SymName) == 0)
     {
         CFE_EVS_SendEvent(MM_SYMNAME_NUL_ERR_EID, CFE_EVS_EventType_ERROR,
@@ -508,6 +509,7 @@ bool MM_SymTblToFileCmd(const CFE_SB_Buffer_t *BufPtr)
     /*
     ** Check if the filename string is a nul string
     */
+    /* SAD: Using strlen since FileName is null-terminated by CFE_SB_MessageStringGet() */
     if (strlen(FileName) == 0)
     {
         CFE_EVS_SendEvent(MM_SYMFILENAME_NUL_ERR_EID, CFE_EVS_EventType_ERROR,
@@ -520,6 +522,7 @@ bool MM_SymTblToFileCmd(const CFE_SB_Buffer_t *BufPtr)
         {
             /* Update telemetry */
             MM_AppData.HkPacket.Payload.LastAction = MM_SYMTBL_SAVE;
+            /* SAD: Using strncpy since FileName is null-terminated by CFE_SB_MessageStringGet() */
             strncpy(MM_AppData.HkPacket.Payload.FileName, FileName, OS_MAX_PATH_LEN);
 
             CFE_EVS_SendEvent(MM_SYMTBL_TO_FILE_INF_EID, CFE_EVS_EventType_INFORMATION,
diff --git a/fsw/src/mm_dump.c b/fsw/src/mm_dump.c
index cc6bcb6..efe183b 100644
--- a/fsw/src/mm_dump.c
+++ b/fsw/src/mm_dump.c
@@ -318,6 +318,7 @@ bool MM_DumpMemToFileCmd(const CFE_SB_Buffer_t *BufPtr)
                         ** Update last action statistics
                         */
                         MM_AppData.HkPacket.Payload.LastAction = MM_DUMP_TO_FILE;
+                        /* SAD: Using strncpy since FileName is null-terminated by CFE_SB_MessageStringGet() */
                         strncpy(MM_AppData.HkPacket.Payload.FileName, FileName, OS_MAX_PATH_LEN);
                         MM_AppData.HkPacket.Payload.MemType        = CmdPtr->Payload.MemType;
                         MM_AppData.HkPacket.Payload.Address        = SrcAddress;
@@ -512,6 +513,7 @@ bool MM_DumpInEventCmd(const CFE_SB_Buffer_t *BufPtr)
                 */
                 CFE_SB_MessageStringGet(&EventString[EventStringTotalLength], HeaderString, NULL,
                                         sizeof(EventString) - EventStringTotalLength, sizeof(HeaderString));
+                /* SAD: Using strlen since EventString is null-terminated by CFE_SB_MessageStringGet() */
                 EventStringTotalLength = strlen(EventString);
 
                 /*
@@ -522,9 +524,11 @@ bool MM_DumpInEventCmd(const CFE_SB_Buffer_t *BufPtr)
                 BytePtr = (uint8 *)DumpBuffer;
                 for (i = 0; i < CmdPtr->Payload.NumOfBytes; i++)
                 {
+                    /* SAD: No need to check snprintf return; CFE_SB_MessageStringGet() handles safe concatenation and prevents overflow */
                     snprintf(TempString, MM_DUMPINEVENT_TEMP_CHARS, "0x%02X ", *BytePtr);
                     CFE_SB_MessageStringGet(&EventString[EventStringTotalLength], TempString, NULL,
                                             sizeof(EventString) - EventStringTotalLength, sizeof(TempString));
+                    /* SAD: Using strlen since EventString is null-terminated by CFE_SB_MessageStringGet() */
                     EventStringTotalLength = strlen(EventString);
                     BytePtr++;
                 }
@@ -533,6 +537,7 @@ bool MM_DumpInEventCmd(const CFE_SB_Buffer_t *BufPtr)
                 ** Append tail
                 ** This adds up to 33 characters depending on pointer representation including the NUL terminator
                 */
+                /* SAD: No need to check snprintf return; CFE_SB_MessageStringGet() handles safe concatenation and prevents overflow */
                 snprintf(TempString, MM_DUMPINEVENT_TEMP_CHARS, "from address: %p", (void *)SrcAddress);
                 CFE_SB_MessageStringGet(&EventString[EventStringTotalLength], TempString, NULL,
                                         sizeof(EventString) - EventStringTotalLength, sizeof(TempString));
diff --git a/fsw/src/mm_utils.c b/fsw/src/mm_utils.c
index 3bc16bf..4999c14 100644
--- a/fsw/src/mm_utils.c
+++ b/fsw/src/mm_utils.c
@@ -348,6 +348,7 @@ bool MM_VerifyLoadDumpParams(cpuaddr Address, MM_MemType_t MemType, size_t SizeI
                     MaxSize = MM_MAX_FILL_DATA_RAM;
                 }
                 PSP_MemType = CFE_PSP_MEM_RAM;
+                /* SAD: No need to check snprintf return value; "MEM_RAM" fits within MemTypeStr's buffer without risk of overflow */
                 snprintf(MemTypeStr, MM_MAX_MEM_TYPE_STR_LEN, "%s", "MEM_RAM");
                 break;
             case MM_EEPROM:
@@ -364,6 +365,7 @@ bool MM_VerifyLoadDumpParams(cpuaddr Address, MM_MemType_t MemType, size_t SizeI
                     MaxSize = MM_MAX_FILL_DATA_EEPROM;
                 }
                 PSP_MemType = CFE_PSP_MEM_EEPROM;
+                /* SAD: No need to check snprintf return value; "MEM_EEPROM" fits within MemTypeStr's buffer without risk of overflow */
                 snprintf(MemTypeStr, MM_MAX_MEM_TYPE_STR_LEN, "%s", "MEM_EEPROM");
                 break;
 #ifdef MM_OPT_CODE_MEM32_MEMTYPE