<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d342451a-3509-45c0-b9e1-292d01f735af"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings
(CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ee8ec56-a00a-4a3c-b481-4569e0fa59d4"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] B. Callaghan, B. Pawlowski, P. Staubach. IETF RFC 1813 NFS Version 3 Protocol Specification. June 1995.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41214656-cfeb-4aff-96a9-1f64d9639db1"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5cc05629-c08c-4d0e-bac3-7bd7e2d518a3"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="562589a7-1ceb-43a7-aff6-09ca4d2c81ca"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="233f7637-0600-4083-8228-eea8b540dcb5"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d6114421-2681-4137-b26a-54a07835e96e"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation. (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e519dd0-fa93-481e-8104-61b9997b1a96"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="413383fe-0699-47fc-93c9-3aac341406f6"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer."
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2487475c-8091-4afb-a98c-72c17dc1fd80"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c4394d2-c1cf-4391-b246-ceb0a371eea4"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94b8bafb-297f-4b12-9186-4955b19e7263"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks. January 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="486d1f9c-31e1-476d-881a-2d8415ed3daf"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e792565-5d98-48cb-af57-ac2b6a1b2b0c"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f03448aa-4dc1-4b38-82fe-933b62fd61e2"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] Rationale for International Standard?Programming Languages?C Revision 5.10. April 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="355c6089-32e9-42ee-9214-9e428f4de70d"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. April, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85703c87-3bf3-4f94-ab11-92c3df989c99"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kris Kennaway. Re: /tmp topic. December 2000.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af4f2b1a-bfe8-4bc3-9f1e-be80775ea7a4"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a18773a-95b9-4c32-8a73-5e03ce61c1f6"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a318f489-7124-4fde-9d37-0808afb90083"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4c9504a-02be-4841-a878-f81708b9f4ef"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="349b5ccb-b7a3-4aac-9816-0fb294925e11"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Ray Lai. Reading Between the Lines. OpenBSD Journal. October, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64af0a91-96ac-4322-b886-be63c67626a1"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31ccc375-eb01-4c44-8d84-30da39a8658d"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c03c0905-c3e3-4586-b34d-2e7baddffa45"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33f90a1d-ac40-4956-ba55-41d9ba0ab912"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f049d742-fbbf-4a13-b165-9b961d192a5a"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9993f652-aef2-4551-92f5-8c6b229a8bcf"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="894bf740-b3bd-44f8-ac7d-585326f64710"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ee7db8b-12b6-4216-af90-55510f7ac63c"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, and Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4efdf771-e884-4110-8907-028313444a0a"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ecd4f466-b64b-41b5-9ef0-0bc948f1b87f"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e80568a-51c0-4d71-a5d5-87eeea0fbf97"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e672d106-e536-4ff5-9b8e-955152bd7bba"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f74f2112-a9ad-4452-8334-0d88c538f482"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8152c617-d7ac-4237-bcc7-859bbbd0f64a"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7abac14-19a4-462c-a2be-28171a1e0e1d"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0376c0df-b573-492c-8a44-3012a215ba4c"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4244764c-27a3-4c88-9124-745f1a9bc5f8"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software. (2005)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="86693f92-4913-40f2-8331-4d05920e81ab"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d65cbd6-fe1a-4efd-ad29-c63e77f0a014"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="22e9c17a-03ed-4cff-af56-3c26febac550"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] David Wheeler. Secure Programming for Linux and Unix HOWTO, v3.010. , March 2003.