SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 276 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="451406cf-5adb-4cea-9cf9-1da5ff98ab6d"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
[Apple 06] Apple, Inc. Secure Coding Guide, May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0dd8a2fa-eac4-4ff8-9261-70ffaf73016f"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
[Austin Group 08] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the Austin Group. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="034c0078-9ae6-4bed-9beb-ce60e1545d24"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
[Banahan 03] Banahan, Mike. The C Book, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="948bef4d-cd36-4ceb-b9d0-6ceff25efa02"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
[Beebe 05] Beebe, Nelson H. F. Re: Remainder (%) operator and GCC, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df160f49-6612-402e-8c6e-f18616863a81"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
[Becker 08] Becker, Pete. Working Draft, Standard for Programming Language C++, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47be4be7-2402-41ae-8b79-a54df2c456c4"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
[Black 07] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4eb40bff-d203-4c62-96ec-03b4e4eb4e2d"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
[Brainbell.com] Brainbell.com. Advice and Warnings for C Tutorials.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6073ac9-9abf-491e-8667-210155482307"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
[Bryant 03] Bryant, Randal E., & O'Halloran, David. Computer Systems: A Programmer's Perspective. Prentice Hall, 2003 (ISBN 0-13-034074-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37d2c678-3cf0-45c4-9492-f44bfacea631"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, Hal, Long, Fred, & Seacord, Robert C. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c357377f-50a8-4d18-9b84-cf0953c9f869"><ac:parameter ac:name="">Butenhof 97</ac:parameter></ac:structured-macro>
[Butenhof 97] Butenhof, David R. Programming with POSIX® Threads . Addison-Wesley Professional, 1997. (ISBN 0-201-63392-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9eb6c10f-c40e-4604-84fe-0bee4a04d3d7"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] Callaghan, B., Pawlowski, B., & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a072dd3c-d0f4-4db5-a9d5-5ae35875cbcf"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
[CERT 06a] CERT/CC. CERT/CC Statistics 1988---2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="674fc4aa-ae33-48b6-903d-cf9ef6f80e4d"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
[CERT 06b] CERT/CC. US-CERT's Technical Cyber Security Alerts.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="22242d11-bf25-4d56-9a82-65cf1c882565"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
[CERT 06c] CERT/CC. Secure Coding web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4eb5b715-1099-4c3b-b93e-d54b844c7c65"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
[Chen 02]  Chen, H., Wagner, D., & Dean, D. Setuid Demystified USENIX Security Symposium, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72ee1229-e4b2-4ff6-b19d-74f713d4ff8a"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
[Corfield 93] Corfield, Sean A. "Making String Literals 'const'," November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74c15876-b6f7-4b08-b42d-ce3e78f18b05"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
[Coverity 07] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="153d5edd-7641-4f34-8b39-3eca4275d86a"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
[CVE] Common Vulnerabilities and Exposures.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a2caef9-be19-41e9-87ce-44c13b1a26e7"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
[C++ Reference] Standard C Library, General C+, C+ Standard Template Library

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="815dc880-10a8-4a78-991c-9ae1e6d7bdc3"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4990408e-30ab-40c9-8f4a-68029a7b2ae0"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
[Dewhurst 05] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fda66922-3812-4981-b590-3675a7a7fed0"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
[DHS 06] U.S. Department of Homeland Security. Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="577574bd-1946-498c-8a5a-841506f6a7a9"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
[DISA 2008] DISA. Application Security and Development Security Technical Implementation Guide, Version 2, Release 1. July, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="703949b3-677b-498b-ac43-00018a6e1323"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
[DOD 5220] U.S. Department of Defense. DoD Standard 5220.22-M (Word document).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="305a3690-806d-49a5-ba96-6ea47dc1bd78"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M., McDonald, J., & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="baae1e2a-d047-46ce-93c0-7a56d7a3a191"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong), May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8142e37-e651-43f7-be61-03dfbd433f65"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
[Eckel 07] Eckel, Bruce. Thinking in C++ Volume 2, January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25f06674-d849-48a6-b0c3-8ed28081e5a4"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
[ECTC 98] Embedded C++ Technical Committee. The Embedded C++ Programming Guide Lines, Version WP-GU-003. January 6, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa084cc8-475b-4791-8f75-c549c60d0bab"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
[Eide and Regehr] "Volatiles are miscompiled, and what to do about it" Eide E., Regehr J. 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebb9947c-9530-4305-8731-32778312baff"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
[Finlay 03] Finlay, Ian A. CERT Advisory CA-2003-16, Buffer Overflow in Microsoft RPC. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac15c0d8-f98e-4702-afef-59abdd15befb"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
[Fisher 99] Fisher, David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5-8, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ce65430-4cee-4e94-bb37-90f265b6888f"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
[Flake 06] Flake, Halvar. "Attacks on uninitialized local variables." Black Hat Federal 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3b2443a-d7ae-4e32-9796-e2425059c77e"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
[Fortify 06] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70c301c9-7e05-42f2-9219-6100b09a8c92"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ed3f6e3-ae4d-4d17-9231-083b3104876d"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
[Garfinkel 96] Garfinkel, Simson & Spafford, Gene. Practical UNIX & Internet Security, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eae71102-a2e7-42c8-9f48-bec8210741d8"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
[GNU Pth] Engelschall, Ralf S. GNU Portable Threads, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef744371-76c9-44b3-9fae-33ee3d908c2b"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
[Goldberg 91] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="808cfedb-a570-48fa-a0b2-9694646f4679"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
[Goodin 2009] Dan Goodin. Clever attack exploits fully-patched Linux kernel The Register. July 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="237d0833-140b-4684-913d-d36aaee929c7"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
[Gough 2005] Gough, Brian J. An Introduction to GCC. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c33efc3-325e-4f00-9480-8e4d2b1ace22"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="acaa49c7-7b2d-48d6-8e8e-d32a30178050"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
[Greenman 97] Greenman, David. serious security bug in wu-ftpd v2.4. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f0324b7-1e05-451b-b149-7c707f9a582f"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e3ba76b-ec5d-4fe1-bd0e-1e821973e61c"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
[Gutmann 96] Gutmann, Peter. Secure Deletion of Data from Magnetic and Solid-State Memory, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffd17b9b-a925-4aa7-b25d-1372b6edc903"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b35cc08a-731d-4540-a62e-4f85717a39ca"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37ec446d-eaac-4191-9694-0dd267bce57c"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>
[Hatton 03] Hatton, Les. EC-: A measurement based safer subset of ISO C suitable for embedded system development. November 5, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="305ebc3f-e686-4155-9f91-3dd9ed81a29d"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
[Henricson 92] Henricson, Mats, & Nyquist, Erik. Programming in C++, Rules and Recommendations. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="799fd143-f7d4-434f-a5a6-ea3a7ca7ac12"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
[Horton 90] Horton, Mark R. Portable C Software. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43dcf9ba-4744-4efb-adee-44115120ef2d"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
[Howard 02] Howard, Michael, & LeBlanc, David C. Writing Secure Code, 2nd ed. Redmond, WA:. Microsoft Press, December 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0178f5f6-9ac9-4040-9c85-3064b38152d3"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c729e1e-de95-45a7-bcf0-3d58826bce8e"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44c4e438-b926-44dc-9a5d-9e67b9d3a516"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
[IEC 61508-4]  Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="815624e8-f450-464a-a15d-aaa4efdca3b4"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
[IEEE Std 610.12 1990] IEEE Standard Glossary of Software Engineering Terminology, September 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4bbf712f-ce37-49a4-81a7-ccbd6e01e205"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
[IEEE 754 2006] IEEE. Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b81b8f3a-70ff-4e8a-bec9-f765942686a9"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[IEEE 1003.1, 2004] IEEE. The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004 Edition

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba03b802-44e2-489c-ba05-2ae12fe945d2"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4587aa90-8d95-4c7f-9aad-429556941eca"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
[Intel 01] Intel Corp. _Floating-Point IEEE Filter for Microsoft* Windows* 2000 on the Intel® Itanium™ Architecture_, March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e631a7ea-af2e-413d-ac6a-dde6112ad2a2"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
[Internet Society 00] The Internet Society. Internet Security Glossary (RFC 2828), 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41dd05cb-e4c8-45c0-a58f-ad4ff8598f8a"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
[ISO/IEC 646:1991] ISO/IEC. Information technology: ISO 7-bit coded character set for information interchange (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aafa8826-f75b-4d9f-86a4-a5a267438b9b"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
[ISO/IEC 9945:2003] ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology — Programming languages, their environments and system software interfaces — Portable Operating System Interface (POSIX®).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4175e61b-121e-4bde-b87a-10ee1b0bff7c"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899:1999] ISO/IEC. Programming Languages---C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c8b29f4-e0b0-461a-9cd4-58a00bd592ef"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
[ISO/IEC 10646:2003] Information technology - Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d083d833-ce24-40b9-ae4e-52aa4611c932"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
[ISO/IEC 14882:2003] ISO/IEC. Programming Languages — C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57b276b3-fe68-45d5-958a-bc69da5a3a19"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
[ISO/IEC 23360-1:2006] Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87e9f47b-2810-4bf7-8846-dbffda41722c"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] ISO/IEC. Rationale for International Standard — Programming Languages — C, Revision 5.10. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="020f8f5d-f57b-4deb-99b5-638b34f8b88b"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
[ISO/IEC JTC1/SC22/WG11] ISO/IEC. Binding Techniques (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c718964e-b7a8-4e58-8be2-9200eedee59d"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
[ISO/IEC DTR 24732] ISO/IEC JTC1 SC22 WG14 N1290. Extension for the programming language C to support decimal floating-point arithmetic, March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="862cbf14-1d79-43cf-927a-68c837162e06"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
[ISO/IEC PDTR 24731-2] Extensions to the C Library, — Part II: Dynamic Allocation Functions, August 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c0ef846-d918-407a-85bc-174739ab08bc"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>
[ISO/IEC DTR 24772] ISO/IEC DTR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8625b82-f385-4b8b-8112-34d00af4a20d"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-1:2007] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b33f5a0-202d-4b55-8da1-32e5b3af15f9"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
[Jack 07] Jack, Barnaby. Vector Rewrite Attack, May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3cd473c-e4f6-4288-846b-8c624d25a8dc"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
[Jones 04] Jones, Nigel. "Learn a new trick with the offsetof() macro." Embedded Systems Programming, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f1af42b-9ce6-4fc6-ae03-6f9664b2bd60"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
[Jones 08] Jones, Derek M. The New C Standard: An economic and cultural commentary. Knowledge Software Ltd., 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06dc091f-9217-4477-abb1-26ad51f34da0"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro>
[Jones 09] Jones, Larry. WG14 N1401 Committee Draft ISO/IEC 9899:201x. November 24, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a645918-4ae5-4fcb-af72-a393fc2dd66c"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
[Keaton 09] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. As-if Infinitely Ranged Integer Model. CMU/SEI-2009-TN-023. July, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47f3a640-3a58-49a2-8d9d-31394cdb8a8b"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
[Keil 08] Keil, an ARM Company. "Floating Point Support." RealView Libraries and Floating Point Support Guide, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="20c053d2-4266-4f75-b756-dc445784e89e"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kennaway, Kris. Re: /tmp topic, December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51a78ca3-886c-4ff3-a46a-dd91a19753f9"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
[Kernighan 88] Kernighan , Brian W., & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b164633b-34a9-4bfa-8c2b-62926bb16ded"><ac:parameter ac:name="">Kernighan 147</ac:parameter></ac:structured-macro>
[Kernighan 147] Kernighan , Brian W., & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae8d3c8b-e694-494a-85cd-f78ce7d554ac"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eff13d58-1aa8-49f2-8975-d378490f16a0"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C, March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8369d7d-5f3a-4ff5-a0f7-2d9769d25bb8"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
[Kirch-Prinz 02] Kirch-Prinz, Ulla & Prinz, Peter. C Pocket Reference. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eadb75b5-1305-4bab-9eda-85c71c636612"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
[Klarer 04] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C++ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd79729a-7a37-495c-9dbe-13e0673673c4"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol(), 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="601d2bc9-5b2d-45b6-8e2a-d241ce26165d"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
[Koenig 89] Koenig, Andrew. C Traps and Pitfalls. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4b739f4-48a7-47ff-b674-fc809ea401e4"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
[Kuhn 06] Kuhn, Markus. UTF-8 and Unicode FAQ for Unix/Linux, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fbe43e8c-aaf1-431a-b646-9feeda006ebd"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c302422-c6cd-40fe-a8c1-202d0e1c0f9e"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
[Lewis 06] Lewis, Richard. "Security Considerations When Handling Sensitive Data." Posted on the Application Security by Richard Lewis blog October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9554a37f-0d79-489b-b396-fe3766411871"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
[Linux 08] Linux Programmer's Manual, October 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25da3a94-f420-4407-bdc0-3615dbda6dac"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
[Lions 96] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3114cdc6-82e7-4f65-85ff-8b4a4fde5e22"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
[Lipson 00] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23dd9b1a-2c27-4131-a2b0-4ee5d7492658"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
[Lipson 06] Lipson, Howard. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks (CMU/SEI-2006-TN-027).  Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ee32c28-fac2-4697-bfa2-9ded9bc80ff4"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
[Liu 2009] Likai Liu. Making NULL-pointer reference legal, Life of a Computer Science Student, January, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de49207d-1797-4f69-8e33-dcae7c1dae09"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
[Lockheed Martin 05] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc85b1d5-d10e-4435-9ff8-572a4177ec2c"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
[Loosemore 07] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. The GNU C Library Reference Manual, Edition 0.11, September 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09ab22f8-b281-440a-9ebe-e1ae117ab000"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
[McCluskey 01] flexible array members and designators in C9X ;login:, July 2001, Volume 26, Number 4, p. 29---32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8bba9a36-ef7c-4bc9-a556-7dcb4a850d17"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
[Mell 07] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa3008d7-723e-4fd4-bb41-2036704978e7"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="297b4582-2427-4e40-a002-1808443dc280"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
[Meyers 2004] Randy Meyers. Limited size_t WG14 N1080. September, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c4e0f3e-5655-4b94-a915-6d8824a737a0"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
[Microsoft 03] Microsoft Security Bulletin MS03-026, "Buffer Overrun In RPC Interface Could Allow Code Execution (823980)," September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7de75f66-655b-4126-99a9-28915e1a44ff"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
[Microsoft 07] C Language Reference, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c3340a2-bd4d-435d-9f74-da200a7053be"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
[Miller 99] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa9eebb7-1fb3-42ea-959b-9f443c65fa39"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
[Miller 04] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing." Proceedings of the Nuclear Explosives Code Developer's Conference, December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13718a3f-23d6-4213-a0fc-66c9b01e7c76"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MISRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e70a804-d27a-4c7f-853d-2fb4491e6a4c"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
[MISRA 08] MIRA Limited. "MISRA C++: 2008 "Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb1d882a-05da-414e-8999-197c8a302338"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
[MIT 04] MIT. "MIT krb5 Security Advisory 2004-002, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="75a2b32b-6b67-4a24-beb0-11e8c7b1d286"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
[MIT 05] MIT. "MIT krb5 Security Advisory 2005-003, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90add330-64b3-4519-ab42-8eac439c19d6"><ac:parameter ac:name="">MITRE</ac:parameter></ac:structured-macro>
[MITRE] MITRE. Common Weakness Enumeration, Version 1.8, February 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9020fd29-8e98-45ba-b37a-ad249292c58b"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
[MITRE 07] MITRE. Common Weakness Enumeration, Draft 9, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1afe5ee7-91c2-44bf-a874-06f1ddf706a1"><ac:parameter ac:name="">MKS</ac:parameter></ac:structured-macro>
[MKS] MKS Inc. MKS Reference Pages

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0aab354-452a-41ee-8327-b08c864f41f1"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
[MSDN] Microsoft Developer Network.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba093b18-eebf-4645-b359-affeb134013e"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro>
[Murenin 07] Murenin, Constantine A. "cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging," June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f458ff7-e9ee-4607-9d2f-f2f157691def"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
[NAI 98] Network Associates Inc. Bugtraq: Network Associates Inc. Advisory (OpenBSD), 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7dab1a00-7524-43a6-af05-7bff098d1c3c"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7483af6-5337-4fde-be37-cf0b1150b3ad"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ead7542-7fc6-4f94-8df9-159dbe473aa7"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
[OpenBSD] Berkley Software Design, Inc. Manual Pages, June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="043a6e39-ea6b-4097-b2ab-27fcb4acd53f"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
[Open Group 97a] The Open Group. The Single UNIX® Specification, Version 2, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b691b86-7d58-40ba-b0ad-317211a2775e"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
[Open Group 97b] The Open Group. Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification, May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8a45954-2a3a-489c-8e1b-64ad456911a6"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group and the IEEE. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77045611-9ed4-48b9-8139-be06dcee1134"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
[OWASP Double Free] Open Web Application Security Project, "Double Free."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ea40596-2b7c-4e3a-9115-0f79fe93c179"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
[OWASP Freed Memory] Open Web Application Security Project, "Using freed memory."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed3655ac-53ba-447c-bdb1-842665c99ada"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
[Pethia 03] Pethia, Richard D. "Viruses and Worms: What Can We Do About Them?" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c1a6973-d142-43a8-9e5e-d54a0bdb396f"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
[Pfaff 04] Pfaff, Ken Thompson. "Casting (time_t)(-1)." Google Groups comps.lang.c, March 2, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0dc8a11f-d4bb-4351-ba5b-7cb035926f81"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
[Pike 93] Pike, Rob & Thompson, Ken. "Hello World." Proceedings of the USENIX Winter 1993 Technical Conference, San Diego, CA, January 25--29, 1993, pp. 43--50.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c9453bc-08d1-419c-87cd-b728f0c5fa7c"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
[Plakosh 05] Plakosh, Dan. Consistent Memory Management Conventions, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c1a5a5b-f821-4802-8310-78a64af5cfcb"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
[Plum 85] Plum, Thomas. Reliable Data Structures in C. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abf9fdc8-3d64-49a0-a8cc-a6abdacdd324"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63b08e12-2d9d-4cde-b463-b44551fe4cab"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c31887a-8d66-4181-9af7-b62a7d008bf9"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
[Plum 08] Plum, Thomas. Static Assertions. June, 2008. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28823d89-faa8-49a5-b21c-d9bce82a4fe6"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
[Redwine 06] Redwine, Samuel T., Jr., ed. Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1. U.S. Department of Homeland Security, September 2006. See Software Assurance Common Body of Knowledge on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d5b0041-4283-4e7d-9f2e-f4d597e55ce4"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
[RUS-CERT] RUS-CERT Advisory 2002-08:02, "Flaw in calloc and similar routines," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4e29769-bdf9-4375-a029-a191a3fc5f03"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
[Saltzer 74] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388---402.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="30b4da67-8ab4-4369-9be3-b195408aaea5"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
[Saltzer 75] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278-1308.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85d33ec6-458d-4afc-b288-356139b9645c"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1678f603-0406-4ce2-a819-d8d4cb817199"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
[Saks 00] Saks, Dan. "Numeric Literals." Embedded Systems Programming, September 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80c2b5e9-a355-42e2-a7ed-d3365aebd1ef"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
[Saks 01a] Saks, Dan. "Symbolic Constants." Embedded Systems Design, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46938862-6d36-4325-843f-4320e351da18"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
[Saks 01b] Saks, Dan. "Enumeration Constants vs. Constant Objects." Embedded Systems Design, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64601b1a-473a-4809-b4ab-7a3231a173f4"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
[Saks 02] Saks, Dan. "Symbolic Constant Expressions." Embedded Systems Design, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2671e6ba-7cc6-4f07-8f52-b00db93414d7"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
[Saks 05] Saks, Dan. "Catching Errors Early with Compile-Time Assertions." Embedded Systems Design, June 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ddb2f218-91b4-4a79-a643-e5ec4120b65b"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
[Saks 07a] Saks, Dan. "Sequence Points" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9202dac-7d48-4e64-b649-3604a048c005"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
[Saks 07b] Saks, Dan. Bail, return, jump, or . . . throw?. Embedded Systems Design, March 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1dc36c5b-d292-4bcd-95a9-6326410d9262"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
[Saks 08] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="530212b9-a3ee-4046-9620-42c824969d01"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
[Schwarz 05] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." Proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8a58a9f-0711-48ab-b598-cfc15e54a56a"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
[Seacord 03] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="061ab1f5-58e8-44f0-874c-ff7b1dc1be40"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="543b2517-1ba0-49db-822c-33bf9c00fbd5"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, Robert C. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4723892c-b5c7-45a6-891a-c79f7b88c85a"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30---34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fb4e090-3016-4277-b79c-f0c2d766fb53"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
[Seacord 05c] Seacord, Robert C. Variadic Functions: How they contribute to security vulnerabilities and how to fix them. Linux World Magazine, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="402d77ca-d8ca-470d-a7d6-af9b71d02d2e"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
[Secunia] Secunia Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability," 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3d17ffb-62a6-4c63-8660-81cb6ee57a6d"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
[SecurityFocus 07] SecurityFocus. "Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc30c788-0e52-400e-9cb9-463b60526c5a"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
[SecuriTeam 07] SecuriTeam. "Microsoft Visual C++ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)," February 13, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4382760b-09a0-448a-a2bb-ef783aa08dcc"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
[Sloss 04] Sloss, Andrew, Symes, Dominic, & Wright, Chris. ARM System Developer's Guide. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb618910-f2ce-4fa8-814e-1b91be19606d"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
[Spinellis 06] Spinellis, Diomidis. Code Quality: The Open Source Perspective. Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b2d9e40-344e-4b85-88ef-ac8ad8535997"><ac:parameter ac:name="">StackOvflw 09</ac:parameter></ac:structured-macro>
[StackOvflw 09] "Should I return TRUE / FALSE values from a C function?" StackOverflow.com User Questions. March 15, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2f2e950a-3018-4c7e-b31c-59796c993836"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
[Steele 77] Steele, G. L. "Arithmetic shifting considered harmful." SIGPLAN Not. 12, 11 (November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8e5062f9-ca7d-4b34-9e3b-c8bfa7984dbe"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82256892-13bc-4629-9311-20125c1c7010"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="648bccf7-c100-4aae-b70a-7771d545942d"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
[Sun] Sun Security Bulletin #00122, 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2f3d9376-1485-4c75-a0fd-ebbf61a6d2e0"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
[Sun 05] C User's Guide. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="91c2d4c6-6ee6-48a2-a3fa-7cb343a67a33"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
[Sutter 04] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09addc21-b820-4814-bdce-8e1a608f16b3"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
[Tsafrir 08] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. The Murky Issue of Changing Process Identity: Revising "Setuid Demystified" USENIX, June 2008, pages 55-66

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdbaad12-fc23-4bbe-aeab-f05c91524628"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
[Unicode 06] The Unicode Consortium. The Unicode Standard, Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5dc1984d-a45a-42d2-b8f0-475337c92d9e"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
[van de Voort 07] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ), January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="999707d8-da48-468d-bde5-8ad620a54e52"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
[van Sprundel 06] van Sprundel, Ilja. Unusualbugs, 2006. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e13d15ae-8a7b-4daa-bf9f-d9dd9cd78583"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
[Viega 01] Viega, John. Protecting Sensitive Data in Memory, February 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d5a5d7c-61a2-43a2-a818-2ea6181e39c2"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John, & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9de92587-4443-482f-afcb-ea373014c566"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1cf2df1-d30a-429f-aab3-3ce5586c9bff"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523, Adobe Flash Player integer overflow vulnerability, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c420dfe7-1db0-4150-b9fc-2469da2f2375"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
[VU#162289] Dougherty, Chad. Vulnerability Note VU#162289, gcc silently discards some wraparound checks, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63f4642d-6d15-4d0f-8a78-aa780211bd54"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
[VU#196240] Taschner, Chris & Manion, Art. Vulnerability Note VU#196240, Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b061c353-f9dc-4f0f-9cc4-214b28049f4c"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap contains a format string error in the "curses_msg()" function, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6dc53e65-2a86-40a8-9b25-45820b2b51ac"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
[VU#439395] Lipson, Howard. Vulnerability Note VU#439395, Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem, 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0773733-3021-423b-844a-b391fba6e15c"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
[VU#551436] Giobbi, Ryan. Vulnerability Note VU#551436, Mozilla Firefox SVG viewer vulnerable to buffer overflow, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06616e26-97bb-4348-ac09-25d4bad44a47"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
[VU#568148] Finlay, Ian A. & Morda, Damon G. Vulnerability Note VU#568148, Microsoft Windows RPC vulnerable to buffer overflow, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f95c211e-5dd8-4813-aa1a-486083ee7bf3"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
[VU#623332] Mead, Robert. Vulnerability Note VU#623332, MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c87051f8-5c87-4d5b-bf21-59092104e539"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="731c12cb-f591-41e6-b69d-a30f8a5d66b6"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
[VU#654390] Rafail, Jason A. Vulnerability Note VU#654390, ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions, June 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69a68e61-6d4a-4478-a248-87d6474c67b3"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
[VU#743092] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note VU#743092, realpath(3) function contains off-by-one buffer overflow, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e3668d04-fdb7-4aa7-ab53-c76cc0f49941"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
[VU#834865] Gennari, Jeff. Vulnerability Note VU#834865, Sendmail signal I/O race condition, March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1bfe1a8-5a3c-4fdf-8d8a-ab0cab5e344e"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
[VU#837857] Dougherty, Chad. Vulnerability Note VU#837857, SX.Org server fails to properly test for effective user ID, August 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="555f0d0c-ef7c-4ca3-907b-8f5336b0463d"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b522d48b-755e-445e-b484-b4318f73049a"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f010e1f-e501-402c-9e4c-8fa7b1fc2024"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro>
[WG14/N1396] Thomas, J., Tydeman, F. "Wide function return values", September 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c21b50b-4a01-4eda-a09f-d4fac8e5ec47"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010, March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94be583f-fac9-40fc-8c4f-425f96bac2cc"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
[Wheeler 04] Wheeler, David. Secure programmer: Call components safely. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be6c6f20-c36f-4a25-bc6c-5dbb2456e52f"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
[Wojtczuk 08] Wojtczuk, Rafal. "Analyzing the Linux Kernel vmsplice Exploit." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fe24cc7d-8957-4c0e-9ed1-bc1b56dc7028"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
[xorl 2009] xorl. xorl %eax, %eax.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88ae272a-5d2b-4e64-ab54-41a4d511ea20"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
[Yergeau 98] Yergeau, F. RFC 2279 - UTF-8, a transformation format of ISO 10646, January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a274053-6094-48bf-bd28-52591f19cc94"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
[Zalewski 01] Zalewski, Michal. Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities, May 2001.

      CERT C Secure Coding Standard      

  • No labels