Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b3ad0058221cbed-ab8b11a8-41aa4a27-9728be2a-35f03d7d9bd224d16e599acf"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b6542be9483db6a-011064e5-4f964d76-8232b26b-c7aa5ba381c2a60de72463da"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51a0562023f74ad6-c33b73b0-40504d6c-9351b938-aa1956734cf4c52dd2ed16ca"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2f165c6df1b9411-da9e6a4a-496a41f2-b0508702-5e2dedda2e9a540f284ce4fc"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85c269b3da0cf794-3dba528e-40c04af9-a99a9038-d77ea60a69970588d643548f"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2aa64e1a4b77cb8-eaea2cf2-4161456f-b19ba398-a78fa79cde4a98f0d90e1d58"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b4cd7bb6d7be445-28ac60db-4fbb4ce2-af2e92c5-410044956fd858eb9f8ffe27"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d35d80e8a244cb9-ffa5825c-469d45c1-9ff09522-9c03dd169a7179dd3e01df05"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8ef3e4bb819974c-6d833f94-4f6a4412-8af0819b-1920dcfcccbbb04f4dd1e94a"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3acb0ed1861762b1-db751305-4d2f4efd-8609943f-09b163eb225f6d0cf903429c"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be99add6482da827-e37fae2b-4d734b7b-808aa7ca-5663ed3d35d8e9bcfa5330e0"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b1feca9233b0ed1-3f6d5439-4ef04418-8e409499-f6a89882383a8b5f5a13e932"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8987620aaaef1115-768c1060-4dd84c26-9e649b53-baaf18ffa1aa652502142a41"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fb505a3652671c5-1bc9265f-4f7043ca-819ab102-83d6034406ec09ede6315187"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3d64112e6da9259-3b64bba5-43a4-884d-70413d6069cb"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d05df1bd65352513-a541a111-4a3640c6-a616b459-5617a8485ce75c9955eb12b8"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="977fd1341597b8c4-5042dc8a-40984fe8-ba9f9793-83660b5408d4db54928bd332"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c3222c782d96d9e-9a228a5e-44dd4451-8c9b898b-5ad27c0c302749ffbfc4321b"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4e24a90fb551cfa-6a575029-42744998-830f909b-3a0f8ad472d5d6f6c658cf05"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1880f6017376d136-0e0e261d-42fe4e5f-9a19af32-9261d94cda47b12dbff60454"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="179fe5283d2d39cf-b05bbed2-487b4278-8d94a0d3-83ce089d3692556adac573f9"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="965822967b7f3667-4e7a008a-408c48f7-84039f4c-77fd6ea22e1666b9ee3ca736"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="30d717401a81de40-138e33b5-42af4c44-963e85f1-ea68ba502a6f4b87160cc8f2"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a053e0cc3160e3f-3f82f247-49204777-93bdbd7a-75c68b07bf74e47e2fc91dc9"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c56eb38c683061e-e1a46917-4ee24fac-8ceea0d0-c07fd6c8b7889dd2ec122c12"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ce4dbedb6ce914b-4694b1a8-42bd4a4d-aba5b8fe-ff958bd0eac5b049447f64b6"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49a6a78dcc05cd6f-a8f7a2d1-488b4261-a55fa897-5bcb6122989661b11f5e8e5e"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9470b8bc7cd739af-7d9ffddd-483f45dc-a9529e80-c8a507e3494df8a4194011fb"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5a5081402e24113-76fda4bf-492641c5-af32a65e-40bc5c0187e21bb414ac366a"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a1a820578280be3-03e40f20-40ab491f-be08a7c4-571707002f9dc9130fad9311"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d98691f504b1294-807470e5-4dfb4a35-8b2cb3fd-1c3e5407bc82af0388c8f4b6"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="590ae38fd82e0fe1-fb4c9eb7-424345cb-a87e8b09-e376c1f6959d07ee27a421d2"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67f3cf6d445fc168-15377185-4459402a-b2569a49-6f09fc9ae6d7c088094d64d9"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4dd134b55c924979-e2ee03ad-4fe54df3-8ad48e4f-e3f38304ad6c74868c74f272"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6fc2f0cb2158eacb-348f2591-469d4946-9b538e74-2838f61404c25d4a12404a9f"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ca7c6685e054ad0-bc1c3664-45504b53-8cb68783-6991d37580c8be105f541440"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4717903cdee7b18f-827324d5-4c594491-b83faf0e-40e3e1016904661f63295be6"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="148863eb830b6b44-e57b7b4f-4e834f00-84759f1d-8aced5b84e6070cb7a3b6303"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\]  Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5379fb4c197426c-8303b28f-42934954-95eda6fa-7b26c16388a4dd07ff2f17fb"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52cb8d3514be26c0-83b96466-4d9249e8-90239274-da7d40b99adea93273e6ddc2"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.