...
CERT C++ Secure Coding Standard: STR31-CPP. Guarantee that storage for character arrays has sufficient space for character data and the null terminator
ISO/IEC 9899:2011 Section Section 7.1.1, "Definitions of terms," Section 7.24, "String handling <string.h>," Section 5.1.2.2.1, "Program startup," and Section 7.22.4.6, "The getenv function"
...
[Dowd 2006] Chapter 7, "Program Building Blocks" ("Loop constructs," pp. 327–336)
[Seacord 2005a] Chapter 2, "Strings"
[xorl 2009] "FreeBSD-SA-09:11: NTPd Remote Stack Based Buffer Overflows"
...