SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 139

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 140

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="649c76a81007c986-92be4a1d-4a7b4c65-95ff86d3-f9e5dcb2b2b338378cd152f7"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f11802c684ba34cf-6b49d43d-4c3e4c6b-9acc9982-5765f533bdddda69dbd024c8"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37a900930b509e06-6ad823b6-42234ab3-a593a393-724b1002e1388db9011f2ca8"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ecfcd7a7ae769d1-d5317b7f-470a4f5f-a146b3cf-a12d8d3543142bcf12535c02"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5b2e07024f3b6a05-985799a0-43704710-a21991bd-41f758c5e588f5f99dcf3aaf"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82a8917acb6e50e0-84a405ca-4c1949cd-bd19a6d1-06c6815b6bc7699bd936e007"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e6094a78160867d-6c8abb4b-49704404-bd33b68a-61f620a59a074c885c5e83ca"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4da4a471f8a2583a-2f306f5d-46a1430f-ac2eb9ab-3ebd67127ad6fefb5bcc2b7f"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d5ffd07dead2915-1f60fba1-40e34dc4-a5078519-6b424052ddbf1ac6a55e6a35"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]" 24 November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f33f0a1d642a0ab-1cde8406-4a0b410f-bda4826b-56a2ad4f8671879a60af14bb"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab7c27bbe1eac1f3-7857b5b7-48e6424c-9e839b63-72ddb3f54a342aae91a3b15d"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c89f031c932112e0-e964d0ea-46524f4d-9f1fb719-e8d872dbd66c37f22e43f79f"><ac:parameter ac:name="">Dewhurst 03</ac:parameter></ac:structured-macro>
\[Dewhurst 03\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="206e36166afb55b2-024e00f4-42c94918-bd2ba712-4908c61caaf324c224352863"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b0ac066b7a8f678-5379f9ca-40794a4b-9cda98ef-3fb51ead0f167c95c127cea3"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7372f4eeee33b3a-c94534f2-4d5b4687-96899464-668bd8fbb93d243dfb44e5c2"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72346f280f6fc567-dbec520b-4f25401f-a483b541-9030d021eb783460daf7fbfa"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9910dd89f1ecf11e-004e6a6a-48c544b2-b7ab92e4-430183b19851f614a05fae57"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fa8252ca8a1f5fe-015a6b6f-4a1b4eac-b2f1bc42-d43e4e9bea0065111a956e59"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="053d53304e64c677-82880dd7-44334bb2-b420afbc-c08682177e31d2ce83237048"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2bac491f102c6b6-208c4462-4bba466d-b3ce8895-4325b12ac000f952cbf760b8"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6746fbe864280fe2-30066d70-44f84e00-956095f2-dc40096d67567286e94c16f7"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7245a5bf74da43fc-a81c0c70-41184044-935ba9b6-fa53a3a65465f7250fd3b906"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9de122ebd4e3eb9-52c8e134-4727452f-96e3a7c6-5097376662276ab1b433477a"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="139372615b41119a-71d475de-47574cf0-b5febe0c-14aa74f9451413b9662202e9"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d8324d9d845b169-6832948f-405b4d5d-aaf7b58c-a34423d458e9850856e7e5b7"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c16cb7a23479de0-53b28ae9-49cf428e-845b9d0c-7def0d61ddb8022309cdb8d9"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc33365c83fdd2a0-5857f633-432a4312-a1f1be54-bc19e5be320a693a15501c82"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b66dc05aa4e1e769-2c4c1d54-42914c4d-899cb119-509984d4eff4eaa9718a571d"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="211b5c8bff10dbc9-17aa09fb-4535494f-8012b9b6-ae7c48bdc292ad49a0454417"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Michael Howard, David C. LeBlanc. [Writing Secure Code, Second Edition|http://www.microsoft.com/mspress/books/5957.aspx] Microsoft Press; 2 Sub edition, December, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63f103e5ff4ef5c0-93afd1d9-4e164acd-86a193c2-50cbfbf19ef7a3a364a9f34d"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00be2e09438c82bc-693b88cd-4d134f37-b443b078-4206da95e062414c24d6e41f"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb9e4e9b433fea65-7deb7bcc-4ced4041-8b0d993b-99a9e23874ea8f2ee1ada53d"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b96c280a3674ea3b-09d81d58-459b41f1-b989bf99-c39ae84991c4dfc04a70cdbe"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36a954a98859885a-dba7e0fb-4a2e473a-94809c40-bc5eac9a9dd53ce519bc61e4"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebb61d5d6bd84da3-5588b7ec-4ebb450f-8848a754-7e04d03f3257a90b470b2ed8"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society (2000). [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="956f6ed8f9de9367-30f49ea1-467a4e0a-a417997d-832252be6ee06ce3fc9409c5"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology -- Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3e89b965c3899f2-c614b1a2-470645ed-9fe8bb52-ba53de106f34be936db098d3"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76696a6b282fde3a-89b94674-40394c95-a73fb7a7-68c92f28ff8be4f8df24f398"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1433e0505e0e4f32-ec2eb168-40074aa0-9fbab416-d9ce8cc968f87636baccff54"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6db6c065459208a0-df8b1859-4bac47e0-9bf289dc-c4a9d862768eeb1b22f4dbcc"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00f1e8ffe93b66b7-9ef08013-4b28482e-b878bfbc-d51aaa76edeeb9e08e5ada4c"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88e253a5efa182f8-e057d92d-463c4d77-8962a4e8-6cffa87c61722c55661b73ea"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="496a4c145f6cca91-6d12f42e-48424749-b3a6bab3-f1740f6f0d9de55813989d92"><ac:parameter ac:name="">ISO/IEC DTR 24772-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24772-2007\] ISO/IEC DTR 24772-2007. [Information Technology - Programming Languages - Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-n-0106/n0106.pdf]. November, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1847dbe97b256f49-8de10daf-458a4caf-9858a0b7-393e0a31ef33cf6ceafac8bc"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72dd6a6df97d40f0-d4f4d212-41ca4245-9fe28ec5-c88a6dbce5e363e173642361"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f419ddef9fd10b4-46625934-414e4609-a79594de-51a5195d9976f163f0dd1103"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8cad188f2c4f5a14-7251b753-426c4773-94378547-3c812bc8251a135a801326d1"><ac:parameter ac:name="">Kerrighan>Kernigan 88</ac:parameter></ac:structured-macro>
\[KerrighanKernigan 88\] KerrighanKernigan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44edb676738d2f60-11c82f8f-41654183-b2c0939d-057e1d435a6a06cad3d97787"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f9b85bc216de3a7-73dd460c-46da429f-b47cb5e2-0265540bbc6fbd9341da1e3c"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60fdc3947c6e6b7a-376272fa-4d77481c-8b1aa859-0cd0697d596b078db271e815"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Ulla Kirch-Prinz, Peter Prinz. _C Pocket Reference_.  O'Reilly, November 2002, (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90b4615a96692522-1cbcf2a0-47d14282-a7589af6-bf20d22a9e660c974bc18600"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b03caf78fd5607e0-7429c03c-461047f6-86c284c3-4608167ea9516476cb4339e7"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Andrew Koenig. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="637b6afddcb49f99-2909f158-466640e4-a611a456-446509229cc9a75bc56f8001"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c72841828264416-d8586452-4aea41d3-9668b3ce-a1e7c35742adaf2954c60830"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6295c9497881d5c-9afbc696-42e94704-8069b504-2ec2cfddd9d4ea0648654e0c"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2dc5234af3ee2fbf-dcd84afc-4b5c460b-922e84f2-3ff1b6f75960efaab39eb618"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcc1bd39d16ec031-eda8ebb8-4ec14c0a-9589b875-668341faa69e41a9f4158c77"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Sandra Loosemore, Richard M. Stallman, Roland McGrath, Andrew Oram, and Ulrich Drepper. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/]. Edition 0.11.  September, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="131c20407a07af0e-152f0e95-4dd34aea-a4928066-1deb4c15e90987a4a72f3fec"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66e39b7153bc6826-92378c5b-491c4178-924d9ac9-c8323392a9d3cb88ef568d85"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88986d2de6d890ca-154aab5e-40534f44-a340b7d9-cb0d1d15463577d24479136a"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b0f5e88002fb788-adf3c321-47c84fd4-b5cf9375-52462b83abc629f9cbfc34d7"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f9180d46e54093d-f6cb28eb-411f47cb-a03b8d66-eaf2c6c05922e501f299d171"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1b95c4163ceb1c1-dce097a1-452d4894-8606be38-7ae2fe88acfa7708f05045b2"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7729afae0395f85f-ec4ffa18-4467413b-893e9ceb-9dd7ca6dbf38608734adad72"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 7|http://cwe.mitre.org/],  October 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c45b7f87f31d7b7-6a9fff9e-4c71410d-b7ceb8ca-1d4281f77cc7388b097f406b"><ac:parameter ac:name="">MSDN 07</ac:parameter></ac:structured-macro>
\[MSDN 07\] MSDN. [Inheritance (Windows)|http://msdn2.microsoft.com/en-us/library/ms683463.aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcdb80ea12e2f075-bc61710d-4a754664-ab1480de-942525698121cd6b1fdfc93f"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Constantine A. Murenin. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbeef2def0d057a4-2c55abdb-466343ad-96d58e33-5381f8bc678f06cf8421b418"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e33a2e53b6fb0e4-6b62dac0-42844780-a2528f85-ac8e4c9e39e46df5c1207eea"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ce099d46ba016d7-41c01951-4aed49d8-b244a346-4287b45c1543fa981e36bc6c"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88c9b4aecc61d1d7-1dd1041f-47b64c3e-927395e6-f5e1edd21e0347bbc6afd2a2"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab05ba4666f87b0a-7b973c01-4b7d48a3-9482b1fc-638d7ad7b7b46c484cd21789"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2403ce685208f2d5-b99334cb-4c7c4cdc-b848a94e-451cef9a7eef8ac99c139710"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26c25e06092fbea0-ca1393d2-42244c5f-8ea29915-1b3909de0cfaa34007df041a"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6475d2bdfe7aedd5-62dff12a-4a4c481b-92fcb003-174ce29df31e67e8fa2f9826"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. _[_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html]_, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e30c4439cf7375c-73c6e5a5-4f114cb3-bf32aa52-29f16d2078eee5396f3e35f9"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a3656f10fd5f33c-38416d91-487243b7-828dbef8-1f3f64b7325f8a639a7ba7d8"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bee409c4f8c62e91-aa486eed-4dc24e03-ad9dab24-4f9d962cd77d6575d5161440"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efe73e843e6b6f40-eab005bd-41734a69-80518a60-d867ed21fd96ecd693fd51f3"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec41d1674cc9b9fc-853eb9ec-42f34e8b-958a8248-42f05facae42e6e704740b7f"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8deb071a7c2b7b0a-f75552c4-4e114172-9831aaa5-24a6796ce32a5273f3bee6a0"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e2f79594dea8ca5-1b2f0603-48f74a9d-88d0913a-e0e2ec0c1392b5b9e2ea90af"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B. Hao Chen Wagner, D. Morrison, G. West, J. Lin, J. Wei Tu. _Model checking an entire Linux distribution for security violations_. Published in proceedings of the 21st Annual Computer Security Applications Conference,  December 2005 (ISSN: 1063-9527; ISBN: 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69ede3cdd66cc4aa-95916a25-44ef4375-8593baec-8d5183310a03f9f66d560ece"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro> 
\[Seacord 03\] Robert C. Seacord, Daniel Plakosh, Grace A. Lewis. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f236592eb7fc6ea8-6d509c67-4f6644ee-84958b30-a4951bd872c3dd7dad292cec"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c1e4cf5cb0ad279-7e0f3756-46e642e9-929d9fb1-159f4662d91e5b0f4ce881b8"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4424c720601e13f7-5b9d817f-48b540fd-89f58455-517098e24920db7566fb40d3"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eda465904ded13de-c8e2201c-40104ec1-b2c9bbd2-a91d4ec296307d0b13dbd782"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Robert C. Seacord. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4e5306418987add-0b383d98-4e164a82-91f48103-3efcfb67140fde8b051ee562"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Andrew Sloss, Dominic Symes, Chris Wright. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html] ISBN-10: 1558608745. ISBN-13: 978-1558608740. (2004).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d2ef92f8046f34b-57e4f5f2-4f3f47a8-b791a5b3-a211528721bf19121b59dc5b"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2feec18e98f80c68-67a75177-4de448b1-bd79be55-04d08700886d7a9959867cbe"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. 1977. [Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647] _SIGPLAN Not._ 12, 11 (Nov. 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25ec0aefb461b69f-fbffbf4c-45644376-82d59901-32318d4c61a6a21192801a21"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e731177e38952a8-14963b36-49b244b9-a767b1ec-caf760d55a5ba4909ed826b5"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f75711ceca1e28b2-4781a152-495049c6-9e2eb2d4-847c040961ad5d9516ea0e84"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d9ea32200eb072d-9460d144-430c4e44-a0bea609-85d9426da996537d5e9a71de"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

...

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="511b5e4805cc443f-1ff920e9-4560462b-a79e830e-3f25c638ac0e389dbf0553ac"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41fc312cbc7838ad-5ed8fe77-47464cf1-bc6591a3-718550041dd7216a5182adf6"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74fffea3378b86c4-d5626bd2-41854886-a31e94dc-49cd8b884cdcc414f8f5f16c"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2565d508c476584f-52a673c3-4b8b4503-82ad93c5-181313096a6547127eff274c"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="75ab448ed63fbc0e-cef76a87-4e294694-965781da-6903802dc36442d4e48172d0"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1df7e412caa0951c-a699baf4-4e7042ac-b12c9684-0912f2c5d8d99741b74f580e"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="394851c3bb2905d9-1b6d1b72-42cf4f54-bf5ea605-52fb492c57204b770d67dda0"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37dc0454e669e5d1-6baa94a7-4ee341b8-930fbc7c-4cbe4d02d35f3bee4d452a14"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c109916d08b41f03-c1b4384a-4d5746d9-9133a1da-c5a14a6d30cdb982018dd841"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Jason A. Rafail; Jeffrey S. Havrilla.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d257335a8c1c7a9-b78ffed5-4a9d4ead-a0e8b0d9-6bd3372141e438a5f628d57c"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33c69f751c6a9023-f66c24a5-47c043ef-9709bc00-cb85fd47aba9521478114f1e"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b808e14c5d6dcb8-c753c22b-4b844762-b385a2ee-15bd8edf8d868b5b050441a1"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab195a712bdcfd03-795b74c7-49df4e5d-8bbaa241-df97077759895de131fb9e7a"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8769381be1c44542-8d0bb0ec-44574cd0-8565a4b6-13d720213fa693cb26aba03e"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Michal Zalewski. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May, 2001.