Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff37ffc86acfe0ed-9dac7727-4f644a08-8fc79c5b-bff182439768c41dc6b03ea0"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="764450917185a533-76fcb932-487d408a-838c90d2-72cbe180eff21f1b7064b077"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4bd3303ac9290a6-77723291-4bd14cbb-8261b441-517e8e7c5a69c9b2bcacb9b4"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c5a7dec76b9a257-3c254f66-414047a4-bb01a37a-feb5cfa211c2b9c92ad16905"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c85d20e8a0eb8a2c-eaaf5a6f-41934d40-b28eb345-041a7f19f94b2080d5316283"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8a610dbd7c52fb69-77c48002-46484e97-a89f8bb5-3ca6cc77ebe19d87a3124ffc"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cff8ea6e9cfdc3d2-131d493f-4cfb4722-aef5b97e-0714e0d42313c28662024cb8"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2557fae2076c57aa-4fa4331f-449d4b70-8a73b5ff-6c2a3b37b707220c822580bd"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a993a9426e8bf3af-008841e2-47bc4987-8ccbb393-a152822ec25bac7f831d38c2"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="960f1aada61e817d-4a8a16d4-451f4a0c-ba9a9004-f3031075db2496fbf1c084bc"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4305306c13850d68-2a25a977-49bd4656-b82d94f3-922245768f44b9cf94864ddd"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b72d0e526151c4e1-43c3af25-4e674ce2-9ec58e1c-5729762aa1bd769b81907683"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="827c2100e575c425-1ff10a89-48ec4a9e-90b3a0ac-01aaa7bd1273105173562282"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6358f2712d4f781d-1c62646c-448244c7-b1f79f83-0ca96a2e73f3fcaeb35c9bb5"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="18085f59d18b3775-32758f83-4b5f40a6-85fd95db-6c24deaa53b28317dd94bf25"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="498aae9c65bb3e7f-bd8a856c-424d4382-84c48d50-4ae875a420bc4ebb08884006"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8952d9c4e2740952-c3392e00-40b24109-bde68c45-7fad7d2835bb7c7a87b637df"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c299a9900e3de904-1b6420a5-46334b23-b5399275-b0e874476ec7d484969b7771"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74fe219bce6e03ea-82643a00-425d4dcf-87668c7a-b799f1f49c8c18b19460012d"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d6ab21eac84c4f0-c6a235a8-49be445f-b041ad2b-eb1930c0f916f8ada8bec329"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce14a9fe1a2f1596-1e60a7f8-4ae540bc-89748c78-04db1e425dd9ee3617374ee5"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a0065e7dca304fb-9973e70d-4d434d2f-9f3e8aeb-c1a3bdd1d6e9e89b1a873c80"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d845eebdad944f9c-f0f30afd-43e84e2f-af669320-aca47323f3257969be0a8b6e"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="096e1205298d25f3-4c03fa59-4b27459e-8627be4c-7c62c06e63ab30a818996e85"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="455dbf037adf8110-923fe35b-45304f84-97d1b77f-adc0c12f9469b28ead0bf004"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3864a5515aa4808-8722b6db-4ebb4e6c-99bd858c-7a480ec26905c8dcfde19ee0"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e9b305ecf735927-a3bd2cef-43594611-b8d0949d-7999939be3bbd019e0f6bad7"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40f483379cb9f569-370d82fa-43f04cdc-b561a65c-492b974204004ec402d43793"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="def9fbdf3aa1a3f9-863b4275-4fb5484d-bcbfa8bd-f1621750fbab2e61daafe8d2"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e350cc116693e99d-9a4288df-471243c6-b6faa1a9-f9a1efbb5c3cf33d3784b76f"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="544347cfefee514d-7d82a7ba-416044cf-80f99c9d-0549682b3f8a74471813bb01"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f5e2b71e03560248-bfad4616-4b0e4445-881bbc54-39162780045a09750d07cc03"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1bdf63c7be5bff8d-63f76be9-4c814e45-9925a3b8-d277dd34199e8756ec450e27"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68ddaf637027770c-73e5d7c7-4d1743d8-8eefb454-0b95c3d678fcd2a05ca76669"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="413c9bdc773ec295-d62e54b4-439f4b6a-804a9307-a8e1e23bf43db8c1e4178247"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6893f0d1e180d263-13a41ebe-43374105-a8b9bf30-f2c77b9902a83dc76c0abea6"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d684d9742e42347b-346dd9ca-4ca34a43-bab9a471-df196ea5c87c59f7a521ad73"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3bd9e93fda4462fa-585a6ad2-4ff742ff-81da95df-cfd6c6e11713c4133169fde5"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57d2cc5284d380b1-14ff881f-4f724e75-822f9332-31806caa91af34e72a0eaab9"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\]  Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79dca3e0bd7d208f-0013b6c2-46a842ee-959c8abd-417b8b5a3ef1e878cb1b9137"><ac:parameter ac:name="">Warren 02<>VU881872</ac:parameter></ac:structured-macro>
\[Warren 02VU#881872\] WarrenManion, Henry SArt & Taschner, Chris. [_Hacker's Delight_Vulnerability Note [VU#881872|http://www.hackersdelightkb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e168b046fe02e3db-89dc3e9a-494a445a-bc3b91b0-cb28a00ac0f54da0bcff2008"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.