SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 284

changes.mady.by.user Paul Ruggiero

Saved on

compared with

New Version 285

changes.mady.by.user Thomas Plum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="975245b090d26276-2c27d1ef-4f8b400c-92928e85-12cb3cc6f35823db7c3d7a17"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 2006\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10dd56c6db2779ce-78ec8c2e-4f844388-a112a6e1-b7305202c9eedde1c7183e4e"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 2008\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ec187325f2cf72e-56138de7-4dd34691-81e4b28a-c6d76c448eb83051872459a5"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 2003\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d13640b13085331b-8def9d42-455c4b64-b351ab71-21509e923541c7554e6045fd"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 2005\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e3925d5423eaa2d0-f4a62b5e-42b64dfa-9772b72f-70da61028a1ee1e4fea267fb"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 2008\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="829e7973315685ff-97036e3b-4ede451b-818b8cee-e6554d28ae79ed9d2ea23650"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
\[Black 2007\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f7ac3de33021c37-65a66915-4df749e7-b0ab8283-f941301f8f1696356afe3a9e"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8ed91f4a67641e6-632183c4-42054218-8b5d9b65-3b9904d678d93bda49421c6b"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 2003\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4f0a59f1a087d293-6afbc2cf-4a0a4eb8-a9a29fc0-92c50da86a744b5d5242a658"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 2006\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76f1fc533619a2d0-1e9d3d60-46474a38-bdd89078-3135033b78c18e0b624f6516"><ac:parameter ac:name="">Butenhof 97</ac:parameter></ac:structured-macro>
\[Butenhof 1997\] Butenhof, David R. [Programming with POSIX® Threads |http://www.informit.com/store/product.aspx?isbn=0201633922]. Addison-Wesley Professional, 1997. (ISBN 0-201-63392-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12adf46b369ae34e-2c4cc9de-4f5a4ca5-910ca6fa-58f1f3d64d0432e15904e460"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 1995\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f51ccf7e82a25aab-a4f16192-45c54c63-a924b777-3c286c2bd30b87dc49216816"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 2006a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d82ecbd72acfbb8-2b7bc9ba-47ec46a0-9d57abcb-69c4ab3966eec013da887fd7"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 2006b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5df4299263d6fbbd-945d1e95-45574e55-b904bb5b-b8978947bc78e221a9ba75d5"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 2006c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="657036a0110eb4b7-77c24d7e-49284efc-a4a9a9cc-94561dba3d229a424eb764b5"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 2002\]&nbsp; Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3de5e8e021a1fbe-85ce8558-41884ddb-ac5f8f2b-d216ab8b87d95437f340be62"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 1993\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0335354483752be-25e26053-41ea4ca7-89ed98bd-eb3670a2fc4dd2309ba11efd"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 2007\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56ac9a7c4ed3116e-10657914-44bc4017-9f95819b-db085cf91f6e0f93ec24911e"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="258e51bdf872b326-438ba3c3-4afe4eb0-80139cd2-406189fc272cc08ec5310d4e"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C\++, C++ Standard Template Library|http://www.cppreference.com/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32b00fc547c2a976-48765fdb-46bd43c3-b826925c-9c54e3b5ab329436a050231b"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 2002\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6464cf409f6eedec-26970dfe-438a4287-94e6b438-21d24bbb8cf9da43539252c2"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 2005\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="869dcc0f0f9f7d27-3167b186-474a428f-9e5b806e-d83dc2702d794b68bc3eb905"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 2006\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0fc2af09cc1e08f8-42177387-493b4ffc-a988b7a4-b52e47ca7865b56e37160ed9"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
\[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d601480018b4a5a1-4fcb8e7e-47cf49ab-8f63aaed-191814482c88058e38d2036e"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de3a92a90960e314-6dd3ab99-46b34beb-8848b57d-92c013b0c90de9d5eaeeb5cd"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 2006\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67f48274530810df-b1bf4a44-4b7949d8-b5eabbca-25fbc022373d4dd12a8eb353"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 2006\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9481a6a598407486-785d310f-480c4995-a479a681-790cdc7d9cf9ac906c8d425a"><ac:parameter ac:name="">Dutta 03</ac:parameter></ac:structured-macro>
\[Dutta 2003\] Dutta, Shiv. [Best practices for programming in C|http://www.ibm.com/developerworks/aix/library/au-hook_duttaC.html], June 26, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="596e528eae1d854e-a6da20d8-4fe94b0a-8ff7af01-cb4044b9c06c70bf8b2093f3"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 2007\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="176d74ae940b83a3-83c7a5e5-4fbb4420-b425bfc7-7b3673c268c7be1c41409227"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
\[ECTC 1998\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="61cfccc5a9ceca3d-70bdfb80-43594c81-a0d29aa4-196ec9c210357994230c3836"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J. 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffce25023f1a3fbc-21ff014b-45b34eb0-8b748640-c4b42c1274c0184df1b73f96"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 2003\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="867824d903590891-d06f2e67-41c74d69-899a8d5a-410acff285f9cae88418dcc8"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 1999\] Fisher, David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="596dad2d0f04414a-2e37338d-43a34fe8-b49eb86e-2a316b84e831b7b6b0b6bafd"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 2006\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd22a9a4ac2df9b3-47ec810c-47fa4821-a9ee851a-8c8229ff953d6b993c5b10ec"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 2006\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c793625b910cbdbc-857d0dbc-44914d20-9834a1b0-d5fb055b3a56a09d5f882f8e"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 2005\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0588d7da7d81b576-251380bf-41554073-85368775-38fad2812d8ed62c5e93510d"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 1996\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f7c7f9450fc40e0-d6beb8c2-464c466c-8119b1d9-2c165748eb8de62150bdb3b6"><ac:parameter ac:name="">GNU 10</ac:parameter></ac:structured-macro>
\[GNU 2010\] GNU. [Coding Standards|http://www.gnu.org/prep/standards/standards.html], GNU, 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6016a6de825ad9f8-49a3e2fc-44284148-bb76baf2-a0af31f1d3c11dba6d571702"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73673f1cfb268df8-0a263266-427a4248-81f5b3a3-9c1d610c296ad37022f98e0f"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 1991\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="806883d1cf032ecc-6fd75533-4ec740bd-a386be8c-118d5fe60d02a164e9408df9"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
\[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8bfc6829bf12438-5c76ff57-466e488c-899cb782-5371456ea0ce421654b0e322"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed3d56d43a1a0ac7-eac1cadd-4a1f4dfb-91f28404-613a59e8e8b223ac77a88896"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 2003\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6749d6f8f0e199a4-f3fdbd01-4804406a-9dd59fb2-0992a2e68f94eaac0944a007"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 1997\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="971ba68de6fe02f1-1fa7a1d9-4fd44fcb-8c229cdc-003e8d475d6fb10771a9b6d1"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 2006\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5a862663e9fbf46e-84de9f1b-44dd457a-8213bf93-e63bb135cd63b72ed3c20d3b"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
\[Gutmann 1996\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89f374dacacfd0da-e38089c8-49cb4d96-aeb59da0-c6011278b3c2bab02b42ae09"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 2005\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc2379cc48c108d9-522cab6c-41f84b9d-a2529dce-544e9b46b71f5a18ccddb717"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 1995\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12c28d7d3a116e87-c5472035-42604843-b47c8d04-d07dc54f4bbf2d84cd3d644c"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>
\[Hatton 2003\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf]. November 5, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad13f7cb5186682b-c1b65db2-4e864636-a3a7bd45-74ae0bdc3c523c03058a0e23"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 1992\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b149797d85b99efd-fadb3af1-421640cc-a9488b37-80d7ea90da87ca55926b73b5"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 1990\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="318a3e681c09351b-c35fa456-490d4411-8860ab24-78e3c96875d65efd613aa4d6"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 2002\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="487f69c659b36496-dbb0ac83-48764ecd-bc008ac5-e6ce7881ec4c0883700de105"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 2003\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38be62e1f52c0bda-0d6cfc84-4fe641e2-a8a7ab67-1915433035add7da9db25eaf"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="456f454ee8a2eb84-1dac74f6-47f24e32-a5a6b4cb-b87801470944a0123de49de3"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bca5769c1cd88c70-6a2ced3a-43724600-92f7a9a8-4853deee49bb6273e1e110c1"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b86f317eab8e8aa1-09fde28a-45b843b0-932fa09e-c9859044674cd3e0b52c6afd"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c01fa819236e67f-09815a20-42f24bef-984a99dc-6f4c90ede1ecdbd3fb500b29"><ac:parameter ac:name="">IEEE Std 1003.1</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e4d8562e567e6eb-b486d0cb-4e0847c7-848da7b2-4cc09d42b8459e6662b60504"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1-2008\] IEEE. [The Open Group Base Specifications Issue 7|http://www.opengroup.org/onlinepubs/9699919799] IEEE Std 1003.1, 2008 Edition. See also [ISO/IEC 9945-2008|#ISO/IEC 9945-2008] and [#Open Group 2008].

Wiki Markup
 <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="810b9c73d4fe89a6-baf0b3e3-4ed040b4-9544a3e4-cee8a432d2e00f8225911264"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26b693de70c585dd-3ac0fd15-483a41a0-ba9db3e7-3a1b9fe0e4d43962b9252ea1"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition. See also [ISO/IEC 9945-2004|#ISO/IEC 9945-2004] and [#Open Group 04].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1f4669d5b979b7f-19eee07a-4bf245ca-ae499aa4-68890978934f30310d60a233"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
\[ilja 2006\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e74a1a23afd7b39a-fb712de7-46f84987-b99b86f9-3e078b166d91ea19b2693624"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 2001\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f236f359bc54a264-a95c19b8-48c14035-8cdf98f8-957974ca97e1cee45dfcb204"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 2000\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ff58ea3fd6391de-b0eaaeec-4b524325-a3958b55-2a8714137296249e443dae07"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68c1eb71334796ac-d366f4e7-4d154155-b91895b0-2b9b79e337d098a88de4bca5"><ac:parameter ac:name="">ISO/IEC 9945-2008</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2008\] _ISO/IEC 9945:2008 Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX_ _^®^{_}_)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0a15c383eb9fc60-5750d701-4708406e-bb278a77-70b44b5a2422df91f934e44d"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56465074b1915279-70f33ce8-46f44fc1-a7c78467-69a155b866eeeeaeca5a6299"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12c7b99c4d5aad6b-f33ed616-48aa4459-99fea264-834ddfebbe54c3167e16b1ac"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1fc25a37a72277c6-f5ae9460-456940ab-9f7f8baf-ef42febbcacae185a6d9f910"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f964922d8bbe878f-6ceae9dc-483a4172-ba529256-f61ce17bece3874e1501aa32"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6268dbf8ace0d2a-e3a45bae-4b3446ca-bac6a0bd-1da50571024033bf37337734"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 2003\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92a813b0c8e92ca8-4c6104de-4685435b-8c2391ce-fe6afd8fee793225030dda00"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79c37537d9f251af-ba79ce0c-4e254705-aad7a047-3dcf554c20070ba0e3061818"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2cf32d124d691254-083185cd-458d4bd8-ab899d19-1807786c9d4c7cd8e8937f4b"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="216ab995ef2ea328-04e4a26d-49f44796-a1b28d79-bdaf0b38bf17b756d9c9a2a5"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24772\] ISO/IEC DTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_Mtg_13/22-WG23-N-0238/n0238.pdf], November 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63791f0cdc7e3f02-26f91a8a-42eb4efb-a3b8961f-90a8b3605b2fa09ab9cf9f28"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4f003b92795a3bf-1b79d47a-4dc24b95-a1499230-ea43f01902856a69695ef220"><ac:parameter ac:name="">Jack 07<>ISO/IEC TR 24731-2-2010</ac:parameter></ac:structured-macro>
\[Jack 2007ISO/IEC TR 24731-2:2010\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part II: Dynamic Allocation Functions_. Geneva, Switzerland: International Organization for Standardization, April 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e60cc4b-aa64-4e99-bf78-db0097a228b4"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 2007\] Jack, Barnaby. [Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed2867db853743ee-56d69695-43b5414f-84d488d7-7d8867e11708e4b32d223019"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 2004\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b2048eda9bef2c6-ba1a3262-439c4ac0-8a13832e-7012af359249953a15ae26e1"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 2008\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec99b9f4b8f0a4c3-824f935c-41de4557-8e02a06e-01b19944eecc6971c2dd486a"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro>
\[Jones 2009\] Jones, Larry. [WG14 N1401 Committee Draft ISO/IEC 9899:201x|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1425.pdf]. November 24, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7fc4569fd99d439-9cafa60a-494c4c78-aca68fe9-1f7a56bd121538611dd18aaf"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
\[Keaton 2009\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46e32ac30b27deee-16f12e8f-4bc3407b-93428a42-37ee7b1d4e02a4b8f9e1c4a6"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 2008\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="027df6ee5abb19cc-99e323b4-4ee845fc-885ab563-df40995a6a43f1d603341386"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 2000\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14f237a985286842-aaa38650-4bd04097-aa61bd96-525770cef48232b0cc397d66"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="420e964c9b60fa10-63151e82-424849bf-8cb396d5-39fd4c599cec9a86b92fadc2"><ac:parameter ac:name="">Kernighan 147</ac:parameter></ac:structured-macro>
\[Kernighan 147\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bcd7e0ae72e6f5d-e52e8754-4b30490a-934d9de1-859b7fef001fb50bbcb17b7b"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 2002\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3849b992bcb5bc7-afe43684-41d34b33-bd4e95eb-c342cab4b5a0259d1247d08a"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 2003\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdcf0a0fa5ab0b07-4c5e0bfa-46f54278-a276a043-fbaa3517f203a815db2d95f1"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 2002\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98588faab6008bb6-8cb5d6ba-40b84e59-acefaffe-676c64a898cb4052b284905a"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 2004\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38fb3e22ed73653b-9a8f58d3-499a4821-b10d8c3d-28783c8310ed2fc275e340ac"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 2002\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c5047af42b1523a-9297794c-42f3476c-b5d7af11-5ffef89b7218f11a3a847357"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 1989\] Koenig, Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8e83e845b4067d14-c74b83e5-432840bd-b56b8e18-9f473d42fe4e27a12086a878"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 2006\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb9d52f9e342e6c2-892f9afe-4137433f-adecb67c-f8d07a2e216f777cae82fe3a"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 2006\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c16f4d30b109d662-5cdf2a4e-4d074b38-8bc2bd54-a6ab7fd7f5ab078c437085c2"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
\[Lewis 2006\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59cfc992f0d028a6-52f3ef5d-4fd044dc-aa9d8ca3-b1dc7fcd3595c82de6fbaf90"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
\[Linux 2008\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="daefefeaac215939-6de6937f-4b934c96-b100971d-becc54e6c08dadfe4a0217dc"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 1996\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c174bffb9be14b4a-44b97fbb-42e2422b-b2fbb423-d61324d5bb37416b2b864732"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 2000\] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="09f26959ce05795b-145af65a-497e4a15-a41abe18-eb97fbd63ba596d3a74ec9fc"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 2006\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).&nbsp; Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d40dbfc59b86103e-c50211e4-4cfb4b5b-8e08a5b4-5199ea4ac4c6c012edb3d4e0"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
\[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a121560638c40b03-897a52fd-40314d6d-87f4b03f-89aa8db76471e462403ecb58"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1c5e153d8f1b3a4-29f79f55-4e5248b1-9a6b99c3-2f747ed5c675eb7b976a780a"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 2007\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11, September 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11955a88388271e4-96c5d77a-495c4a86-9375afba-fbd444bee66503947bb958f1"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 2001\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="495faf789f983efd-e53c71a8-423d4367-897a9090-4011cd1355f324905be56c77"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 2007\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6017f61f09274061-a27d42dc-40994a77-933bacd4-0d35bc2bd0db175443fef8b8"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="001eb4d406708b96-9383a7e2-49e0499d-9af49f27-1921f38947ad4b5cf6adbc92"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
\[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="455bf5e498e7eba9-d0e4e778-42f74094-b961b1da-9e0f89867e596c304b670823"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 2003\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c6112788482d671-69f72174-43b043fd-aa7687a6-30b8f11818b481ffb386d3c5"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 2007\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6763f49b904b5b00-5a9b7d2c-48ab4351-9513918f-b47f0c3363322f94fe98fe4c"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
\[Miller 1999\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5956b9043e4a7ad0-40825cff-407d43e5-95159a26-4207aa4ece4405bbb6d55f39"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 2004\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5bd19b0ceb9457d-7fe7c2bd-4cd742ac-9ba384f0-200e94cdc118961e243e0e8f"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 2004\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af9c1496acd4c84c-40e3f8b3-48ce4348-993390e6-1fb5f1efc55a008d674596e3"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
\[MISRA 2008\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7231f51e58af1bb0-ba74338c-46764bfa-b019906c-c834ef59ddd9ad0828db2f61"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 2004\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26b4d8ed46853b26-5c53bb61-46854652-a10aba84-a506655d29c15bc8126f4b76"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 2005\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4eacb37ac212a214-3172b113-4bd541b9-9d8996dd-962fcc56ff15fe3c7688c224"><ac:parameter ac:name="">MITRE</ac:parameter></ac:structured-macro>
\[MITRE\] MITRE. [Common Weakness Enumeration, Version 1.8|http://cwe.mitre.org/], February 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3fa38dd46955297b-12cd7848-454443c2-96c4b790-f158054292dfe2824ea662a4"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 2007\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008.
\\

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2176bb6d113318e-dc248d7f-4a2f4a00-9015a53c-0055261221f4dbd14f0c844d"><ac:parameter ac:name="">MKS</ac:parameter></ac:structured-macro>
\[MKS\] MKS Inc. [MKS Reference Pages|http://www.mkssoftware.com/docs/api_index.asp/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04fe65107709565e-a6f03e46-48bd458f-a57e93f5-87a319b4c4b77dd747f7499e"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b7055234e1079ac-65c28b94-42154125-b0a9a641-2481b40c91669a5f7f1fced6"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro>
\[Murenin 2007\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db3260f75375f0a6-c419e842-4e31439a-958197a4-dfec93fb060d2d08a0f62055"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 1998\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80bd3cf9687452ec-3812d382-45bf439f-aa43880b-73bcfa1bb96f0baa8648edc3"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59c233b21334db0b-51ef7c86-46a44457-9e80b232-ea88c7c5e0391eed261245d4"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 2006\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3461efde93557a5c-111a4db6-4ceb4aca-a4a0b5ff-fa9427ca7f04ffcc0b0847f0"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e27f0b963ae36419-297d7f63-4e844d3b-83009a4e-b05110896a8097d85f59764f"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab10cf878c69157c-da8a65f6-434d4f70-8218b848-e73d5ba2391528ebdc80cfae"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f47684fdbc56f24-9a0f9a3d-493142d8-8236b688-c1475196b774a7dd09dc6015"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="785073de13a58302-ae248b95-40cc4215-8424bb18-5414dccc39952c38018858a3"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>\[Open Group 08\] The Open Group. "[_The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition_|http://www.opengroup.org/onlinepubs/9699919799/toc.htm]." (2008). See also [IEEE Std 1003.1-2008|#IEEE Std 1003.1-2008].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66b8fd5402a12009-d04ff1b3-40e84701-a556aff0-80029502513037cf3eec9be0"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 1997a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b08fa3c120316e52-a94ded9b-44f044d8-9d2cba1a-32dc74e615ba647f56dfe92b"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 1997b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58dded8fcf7a8099-8598c159-49da4bd2-bb02adeb-6e300d14e676da095bdae770"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ee76976ce4199d2-d78b6c2d-419b4f77-8f0593dd-e904407411de3a4bec93036b"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6610cb2530faf259-c44993f1-47ad473a-ba9b8df8-b742dd61c2a8758427ffd897"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro> <acmacro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54ef9420c2238012-b090611b-4a5447ba-9486bb0f-a537cb142369b42b11b98af5"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>\[Open Group 2004\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004). See also [IEEE Std 1003.1-2004|#IEEE Std 1003.1-2004].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8fbdeadafe88a3a9-f5683afb-4b7b4f9d-97b4adc7-cd26df5a66ac96771b1d3672"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c829f6dad59466c-1b35cdc3-4fbc4007-be2fbb11-59c10ab3201fc447ceccb614"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f3654f6646089d1-14217ac8-4c234bf5-bccda853-e34d085347f20bcdd7839341"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 2003\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be89ae5323b65f54-d3d73e31-48c048f6-a9f794f4-3f4e9ce9372dd0dab3efa9f7"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 2004\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf6b0fbd3633c6ff-ec063bb5-4265431a-934bb9a4-50cb3fe34d491d2bf2e79db5"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 1993\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cdbe88308f208e1f-953793e8-44f3470f-a2099e30-b3969d141bee0825430f7e63"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 2005\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="663d43c5b875de25-b4a919fa-47db4084-bb4fbf93-56ab3c292d588c1a1322ef44"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 1985\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b88ed93f540190d2-c2f54bb8-427242ba-b823a9e8-467b46fcbabeeb77c372ae08"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 1989\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d0c240c53996a91c-0839e476-4e434497-ba2dbc65-fb07c419f9e0eb03658ead54"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 1991\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="17d4b105269ecba0-03b44444-4ebb4828-b59195cb-94d0e07afddb56238f802a47"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 2008\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0ab4ebe40b62a58-cd2e4e90-4d3c463e-ba819402-def3e6c2bb4ac3f22776f68b"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 2006\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a6062175206be42-999549d7-4dc6446b-80df9bcb-b896de3d672d71efbad8fa99"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76d4ee99e7d190a6-bca1ac81-4df0442d-8d34a16e-a7def59b70df89430f8b6502"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 1974\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9bb63fbf53b6e916-5b8fb0f1-4c604839-94a5bb13-3d47ad3073199e8687d98f76"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 1975\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fe88845b874a6ef3-dcc89f42-411b4792-8bc9a005-8f04bae7d764876cbc8fcf17"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 1999\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="477c7a29eb7bf932-371072c8-4f564337-b785b975-d868d7f31834da38cc042929"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 2000\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f67041a7a523841d-1a82fde8-4c174492-8868af52-7f5cec8c81323817cacae4a5"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 2001a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0cb5a3e7b7355116-b18be48d-4a1946c4-b59484f6-d97db4d9ec594770f013c3b0"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 2001b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b65f3343561634d-aba7af97-44f64a08-acb8931d-052ccca174ae91d44040000a"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 2002\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="162e8be6ce0b03bd-03892e44-44ef414c-9aab96e5-d9bf561dc2ee102234d8dcfe"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 2005\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a2d269742937163-fca0d73f-4ece4f57-9fc1a2b4-7ada0c97bbb861fb92e3e5b6"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 2007a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08a329f77cb3b08e-8e5bcc2a-46c544f6-af2881ee-15bed6f3f5ea6167151632b0"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 2007b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="666366e7431cb761-45020a05-43564af1-95deb3bc-ce0bcd458bb451f7fb3e835c"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 2008\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ff6a282d3e13f12-4bcdb148-4a5b4551-8ad48876-658f7f16e396924883905bc7"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 2005\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81019d84a1171c6f-505cedaa-46604c24-9e589e49-20e46c050501025df7d17a7d"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 2003\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b03b8d6845c67c13-3eada4a5-47da4665-8ea6a731-def08767a9d2db4e8b190ac6"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fef9e3d31ae9220-edade98b-4d5246c5-8139aaa4-f30473946ef7404fcff29473"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 2005a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1736298b730696f9-6aa402f8-4914408a-b9488a47-c93501aa968ea36dad3c4d8e"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 2005b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40f3a9347ca98d97-4cbd1b43-44d44c73-b87fafb9-7996f9cf381ab3d2df18a58b"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 2005c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0bc5d0310f5f9c4a-a107b6a2-400e4747-b51c9430-07885db2f11f1967fe05647c"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b5558cdc6b09223-dea56d28-42c4449c-b163875f-8f76e47f57712ff3b05c493e"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 2007\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0342043308b3a96-80654f20-4b3742bc-9126a352-3f327ae0fbe107a016cba453"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 2007\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="216dd1f29c20f480-621e4ea0-49ab4150-9fe495f7-1df6ca412df0fb19614e6fea"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 2004\] Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65e4460200857971-96c57ca1-45a346f2-b913a314-1d433fad002d6675d770b20f"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 2006\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2cc4b00793eb30c4-4981541f-4a9148df-9402947a-87180e375c7510e66d85e0c1"><ac:parameter ac:name="">StackOvflw 09</ac:parameter></ac:structured-macro>
\[StackOvflw 2009\] ["Should I return TRUE / FALSE values from a C function?"|http://stackoverflow.com/questions/559061/should-i-return-true-false-values-from-a-c-function] StackOverflow.com User Questions. March 15, 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0326f8190a50258-017dbcee-43a749ea-a5c6b9c8-ab3625abe81338c0d8f8cea1"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 1977\] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58ef07c02e269963-3874ef3c-4e3b4eb2-852388ce-23d667a6d3555f421965428b"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 1995\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="259dbf630a566441-ad9fd412-41d740fd-b812b60c-efcefc01c3f043624aa3291c"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 2005\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://www.faqs.org/faqs/comp.lang.c/C-FAQ-list/?], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de74dadf13d7f92e-4b97e5e1-4d0d4617-964183ab-6e7ca2fe75a0f7c07f148745"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63169ac9f9f3af5f-4f858325-4d904dc5-87f88c69-21f81a5d59203ceaaaf18f7e"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 2005\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87a6b7651133361c-7ad66180-42734f0a-a01ea91c-4d964ffa99a6c810418f0802"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 2004\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c630134f0743a73-ba57061b-4c0c4bd7-8085b5b1-04c4a25374c0d2c1cecb717f"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
\[Tsafrir 2008\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36cde4fc4273cada-4274ac50-48e84811-b5cf88b6-51426f4bbc674c239508f65c"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
\[Unicode 2006\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15dc17f5722a9609-1362b4c4-4d3d4fc9-924180bd-c6aef31e38a25ee74d0545d4"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 2007\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed4b1b857443dfec-46dd46fc-4d7a4d2a-b1fe9f51-4856f16c7a9ea4f678738cf4"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 2006\] van Sprundel, Ilja. [Unusualbugs|http://www.ruxcon.org.au/files/2006/unusual_bugs.pdf], 2006.&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="949b92c13f71136b-6bccc224-481e4aff-80738f9d-ddda2bd1d469ddbe5ad604c0"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
\[Viega 2001\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d398aa91727b8e17-f34a12ec-4f644026-a311b9b6-cc8d51e49db01a958f33d1b9"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 2003\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5df1383b11106185-c73b8763-45344bab-a8de8bd9-ad99d58b0b61bae9ed75160e"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 2005\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6baefdc5f07aa29e-8df00831-47574d90-a0eeb31b-31874cd1346db03128718a22"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="61965babd22e994c-553bdeb6-4f584890-a7af9a53-c4b2958e905438a9e9a7cadd"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="414357121923bf7d-5fca42d5-43354d86-aade97f9-6fbcfdbdc88efcec5c33f76f"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa09ee2c9bd71e82-2c1ae213-4b4a4c15-88418a5b-f48fa55a9042fb98a1dcfa38"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f63f176e7e401d9-5c9fddfd-4a8740b9-ae0db257-a5337c0b91f9d40fd9db435e"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3f21a05405e5b39-2bc355e6-455344db-9938ab01-cde1e27172a558a4fe052e99"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c10c72032f9e2cb-27f55219-48b54c1e-a0a2aaf7-cf57c3b937734874c2e6f7ef"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43471bd136c16116-d5ee6245-40154ae5-b4f19927-607328d373cbad863ded800d"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e23ce31be9072727-cb0b3774-4f0543b3-b157bde6-b3160c6bea4eaf90b8894bc0"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5961ecda769a8187-795dd4e8-4b994db8-b852b026-6b948fa2882edc86d917f0c3"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a54c80099f91676-51accc5d-475443f5-b7478ecd-7d4b2513a704df3e43eb05a0"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81750d9c6128c1c5-885924bd-4bf04b53-82c6b6e9-3affaf0028f8820c6ea104f0"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04ef3d7c9d58c34d-9a01f5db-47124f78-9866bc47-9f69c290d4b022b5db11c5be"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5db6a3c9ef42b1ce-fa50104d-40534335-8e368b05-eed749e2cd999dec5f696f3f"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c7a89f282914202-e6a92c04-45954c8d-9b459e65-22d0b0472d8a29331b86f545"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 2002\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f60fd31a9a8339a-04bf6b32-49d34c82-b7abbe2d-58031a507e2879158321ce38"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro>
\[WG14/N1396\] Thomas, J., Tydeman, F. "[Wide function return values|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1396.htm]", September 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95d532b3897a3457-9d83224f-41ab488e-8ab285ba-865b5c13521576b447d24631"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 2003\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81050d747a3b3f43-361415be-46d04eed-ac22a54b-6aba427ad44213470bd857b2"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 2004\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="240d11ff5a80dd80-5cea62f7-418c49b7-b624a689-af4c5a85dce6c4e96699d57d"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 2008\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54cb75850868511c-0aea0e8e-4e524738-ab2a9ebb-49f3b617e0f67b9a83d1c885"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
\[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2b9c2f30fa0dd60-672aec71-4968437e-aea99f93-72fa7322d76e6e2ee16b188a"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 1998\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="438aa1008153bee2-0837b1e9-46a44241-8f7b9336-60ce13b7584817bf006bfd68"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 2001\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001.

...