...
| CERT C++ Secure Coding Standard | FIO06-CPP. Create files with appropriate access permissions |
| CERT Oracle Secure Coding Standard for Java | FIO01-J. Create files with appropriate access permissions |
| ISO/IEC TR 24731-1:2007 | Section 6.5.2.1, "The fopen_s Function" |
| ISO/IEC TR 24772:2013 | Missing or Inconsistent Access Control [XZN] |
| MITRE CWE | CWE-276, Insecure default permissions CWE-279, Insecure execution-assigned permissions CWE-732, Incorrect permission assignment for critical resource |
...
| [CVE] | |
| [Dowd 2006] | Chapter 9, "UNIX 1: Privileges and Files" |
| [OpenBSD] | |
| [Open Group 2004] | "The open Function""The umask Function" |
| [Viega 2003] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" |