SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 54 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="425edd2e-3c3f-4f02-b39a-4680492690c1"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d27a0a99-e261-4bad-aab9-9f31af548593"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] B. Callaghan, B. Pawlowski, P. Staubach. IETF RFC 1813 NFS Version 3 Protocol Specification. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="161697a6-4555-494a-aa96-87442b85887a"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ece82da8-81e9-4c7d-9b95-7b639555861d"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2c8e31c-dbbb-48e4-99fb-c1f4b35b723c"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="464d4cf9-ce2a-4c56-be05-b4a692b26a71"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ceab061b-d495-4a57-93cd-5eaf712d1dd9"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation. (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="706c4002-7e53-40d4-914d-22985cf81ba3"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40dfedd5-aba5-4813-8d4e-dd4f599637f1"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer." 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd1de2d9-63c7-4633-a416-40d11a7f45e3"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0bfaed5e-2b73-4195-93e8-b8fa1a0d9cd3"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf7537e0-c922-434c-a750-cf47d34eb03c"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6cd11233-94cc-4dbe-add4-d01a9e0b3fb1"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03299707-2c30-4af3-9357-dbc9278ddb73"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="196ed5bf-de06-46be-9a62-f54c549b7dc3"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. April, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9aafa052-87ea-4722-930f-167f938e7bb2"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kris Kennaway. Re: /tmp topic. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9ba10c1-8290-45c1-8d12-4e8f8d47d868"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="605cdd09-beae-4672-adb8-020fdf704800"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38ea6130-c302-4e35-86b1-df19a0f55012"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1254e42c-ad67-4bd9-8aed-b2cbdfc53c99"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42a5f3d6-77db-401e-883a-43c01f90f38e"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Ray Lai. Reading Between the Lines. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25e47e3d-9b12-4b97-8648-b517bf34911d"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="734bb2db-48b0-4763-a7af-4d4603ee3925"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7de272c-dece-4817-9d11-7df2a3486239"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80328a66-d596-4c7f-ba41-79a218392a12"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a09470df-b9ba-41c7-ba57-f1c8970cc9ab"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1fd02eca-da4b-4248-860d-4e6af370b682"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2eb5f8cd-0812-4e31-9722-acba24dd8e9d"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35dc9ecc-39ef-4f34-857c-77ea22eaf207"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, and Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d443caa3-ebe7-4e23-a511-9622e1a18123"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e10f3c91-ecef-4c02-9406-e5eed3b7d340"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7803625-cadc-41fe-acfb-fda87a9a7153"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3a97f77-b21a-4c96-84fc-4a48c662cdac"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9df8753c-ef71-4336-b43b-4bbe105f1eb4"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3827038f-849e-4812-97ac-f2f4872b5a4f"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d95c11e-45bb-4822-986f-ecda6e489a77"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cee1efc8-1d68-4b97-aabe-5b537f531d9c"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83850ff7-105f-4e11-a701-d29d3b321e59"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9cafe4d-7e31-4145-ab6f-a8e130da29ab"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f21c89be-aefb-4791-8870-b7d919b3c054"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] David Wheeler. Secure Programming for Linux and Unix HOWTO, v3.010. , March 2003.

  • No labels