SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user Shaun Hedrick

Saved on

compared with

New Version 77

changes.mady.by.user Hal Burch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13ca668f616f3ffe-4848101f-4476427c-b8f4bc52-75aba520779585d7db990fc4"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf] (May 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="993ba95cd8d681f5-184779e6-497e4f46-be0c92cc-1b0de26850d5734750a076e1"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy; O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81bd983596f5df68-ab15264d-4f314c4f-bc919328-0519d593c6904d48643c7104"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ef9e097ecca0239-38edf1d1-4c9d4b03-8d368a28-2d404361e1605b6398afe59d"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B.; Pawlowski, B.; & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt] (June 1995).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8d22ade1de584db-241362c7-4a2b421c-b1c988dd-d0c689535da85d4c43a4ac6c"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbead88fb7e803e9-edbf657b-42e44d4b-9addbbc2-45ad17410c8621e997fa9c2c"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="718e55c8070e5aeb-eabc4b44-47b94325-837db0b1-43c8e54be2e26b336a3ed0e6"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b202a30b7c37ca44-d388f8ff-468745a5-ada99958-027afd440a23a9547c51e67f"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8a5a3e92d3948935-82caffd4-4ea54d49-b1fc9730-0880670f861b868df3a92a5a"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99f113cce31fc41b-0cef210b-4328465c-9f019cef-395125665f4198fc018f597a"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42dd721a4e798ed1-ebb66f88-4b714d62-84a59251-cc434e534744a77d22b405e7"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf] (May 3, 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b4f952cb27ade9f-522a8da0-4d1d47ff-b1bc82c6-51db44384928461b9b84b0a4"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dedc0f1210564470-4725c304-48584995-8bf195bc-4f80acecdd1089340d2c973e"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abd90bf5d6b73671-2b442d95-4ce8469d-ac01a39e-91bb3ae88341fbdd9f193c5e"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a7027b88a3b1711-c857630c-48194a00-a59dbbc9-ed5103fd18fadce50a2372b1"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e365ebe864a4da1a-791498cc-42d148c1-bed885f0-e4f395fb19424befc254ae5d"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56c7be6f31b3b42b-01f867cf-449146a5-a009bbd7-e24fb36c99538a44246a886f"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8f3a94c05cfbb97-8a623c07-41b14c94-9c9b901f-17d6db8a42896601837f0106"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3127bf080ea2bc2c-1439176d-467b48f7-8b74bf1f-129e6d13959a9e4b38284f37"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4f5576fde64755e-fed06c6a-43fd4d55-8e22bd64-735be81bee28554bd7a91c3d"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985) (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="357376a078a41ecf-ad272ff6-4460459f-b249b832-397c108442dea77e7bcbbc35"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7fe75e9ea97b1f0-4dd9f1fb-42884c2c-bf01b976-f969ff35ab25a6be3de414f8"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899-1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65822d525960bb2b-f7b601aa-43e2412d-a391ac31-33074c95dc1291f99de49526"><ac:parameter ac:name="">ISO/IEC 9899-1999TC2</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999:TC2\] ISO/IEC. _Programming Languages --- C_ (ISO/IEC 9899-1999:TC2). Geneva, Switzerland: International Organization for Standardization, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1cc6d3f321d55e74-f7904b72-41d246d7-90fc9508-aade5fd4ebea702f9a1134a6"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="22d18550036156ca-29c36d60-486f4769-8f6db60f-c58b9a7b3a2821bb2593ef21"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d60d2018129a4281-3ac95e8c-4c374280-ad4fb4cd-75c18cfbeb2041fe42e4b8b4"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11) (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3a04ab7085ec897-59662949-47594614-acb0bc5d-eb4124f45f155b4fbcaf2e39"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1db7669394a1949-5ed5e661-4551497c-ae128b73-db1891e6c31cc3ee65ad4a1d"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3] (December 2000).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ab595de67e14287-626fb60d-467f4283-8dcba352-ffcc220d26fb3a1650342f0a"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7df83797c8af2ff-5b5106f2-4724434d-b1918072-91213c5ba2e7f3b99763b7f1"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="568fd30692a6e013-906507c3-4be745a0-9b7cb31c-bc82343e19e1971c16ffe240"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26f009eaceba512c-83ca4d63-487a4f1f-97deb0a9-83c3439e511025bce35c355a"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2055f232589f2d5a-6dca7007-431d4f1d-b23487ad-b7fc0ed05b7fd8a44285de9f"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ff07e8184f19308-fb7004cb-4f8a4c3b-9f90932b-2f9c990dd8243b16de200410"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00f74d8e399170b4-520552b5-4fae4be2-bb5e99a2-a766c67637998570db8403bb"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. _Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program_. Document Number 2RDU00001, Rev C.  December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63ebd31bc66f0b7f-265349ff-4a2246df-9a7f8792-b2f3015ac451528d5db0c7b7"><ac:parameter ac:name="">mercy<>McClusky 01</ac:parameter></ac:structured-macro>
\[mercyMcClusky 01\] mercy. [_Exploitingflexible array Uninitialized Data_members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4fd30746-71bb-4570-89f8-be8a5a5a541a"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="672c8eb9e4b2ee9e-c1518a50-42a34776-aebfa0b6-d8bc24803c4bcc9c66ec2ee1"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e14c6bd812902f21-a33e7767-47124fdd-823ab04b-7a13c744f758a1258011a35e"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="530dcb14ef0206bf-546392bc-4f1340bb-a9628a50-95602a5f2f259f4f62ce6984"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7495b9d8c6bbefc8-ff8cdab0-48584526-91c398db-36205eaa4506762d6488093b"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2df63f63e31f19a-aa63189d-4a994a6a-a70f80d6-9e60e3190ff247ea5437bdf2"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e8db45e4c1f82b1-12bd613b-48934444-aaada6f8-90e7a01547a6c2447297625f"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cff1496f0a72839d-a7e419ad-4dc24c51-8ecbb99e-9b3cce09988d943f28b24c21"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html] (May 1997).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de966555c2aabbee-d66be039-44894058-949faa61-e564f055d4e63512753dfaba"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm] (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a386eb974bc5b697-0eea3d72-42524cd2-9ef290bd-84763949c0ecd856f52c594d"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. _[_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html]_ (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5df8c5add094292-3ab0d9d2-41e64b3d-99f5b3ce-d0a5fe5115a87215ce744f8f"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b737ec485e3ccca-4af6d882-4b494579-a201b386-2bdd8e21f791c097d37bfc54"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c2224d3fb4ecb26-cd54e8dd-43024326-bd51bbb3-50a98356a0dbf4b857efadc3"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f010fdea183e3c0f-ff4e62d7-43cd491a-a0c8b338-5cc3fc3bb3c9df49bb30246b"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="063d865dff4dd36f-0c014945-4a4449cb-85bb83a8-117e55e1e634e4c950ab2dcf"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2251853ee9882703-6bfb5c04-4dfd4311-a657a0d0-ae249af8407aa488c1c8b46a"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8718d2833213351d-f1d4fae4-4cdc4319-9e2f8a50-0cff991d47fbc6c5c7515616"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3ee5ecb6472b031-0e2dc8ec-40534714-94bdb785-393258144883fc10c1a7072b"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. 1977. [Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647] _SIGPLAN Not._ 12, 11 (Nov. 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6820184aee985c45-089fcbaa-460346a4-a0b283ca-938fd33ce4b324a78f49d43e"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1de53e514c8d7ed8-281167d0-4fe64111-a63db8df-213ffcd5f17a1b86bfbf7611"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4fa1f490a7d8f888-01aa3485-42884607-9fd68356-56bb5ca428f0754314d25c21"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf] (January 29, 2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0233fa17b9d8e1f1-f1c9dc82-46aa496e-9119b95d-93c46b4621581ae7b5824a32"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e3062da4dd6ddbba-0a94c111-48624208-8332a557-f78b35ab164bea230ad07275"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="790f3c23adbe70b4-31239a16-4b574dc9-84c4bf6f-187f2366088a1f41e402cc02"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6399eb5b4c58df76-2e9e48e9-4a9f45bb-90b4a724-b480c48c8ccf83a287451137"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85bab6a1a9b6ffdb-3f32560f-405b4f20-93509a83-bf98e1c43f76e892c8b96e18"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79c444b34cd9ac5b-92b046e4-42f2468f-b69b8a1b-b5c7e288e472f46effe5dd59"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function_ (2005).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37862368aba01504-1b4a3df3-4b0347aa-9f069a81-244b97b10c66db0a9773183f"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f47eb6823c8ffada-b1a0fab3-433f4a02-a573a083-95b8d0f530b11efac67559f1"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="534a2fefe0ba26e2-54021fd9-43414d63-90068240-45bf6745ca87f8d8c34279de"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9eab7f639dc4d8cb-77c72d5e-42364432-8cd194fe-279febcc9ecb9563be08b372"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010 |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/] (March 2003).