...
[Apple 2006] Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations"
[CERT C Secure Coding Standard 20102006c] MSC34-C. Do not use deprecated or obsolete functions, FIO01-C. Be careful using functions that use file names for identification, FIO07-C. Prefer fseek() to rewind(), FIO12-C. Prefer setvbuf() to setbuf(), INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs, INT06-C. Use strtol() or a related function to convert a string token to an integer, STR06-C. Do not assume that strtok() leaves the parse string unchanged, STR07-C. Use TR 24731 for remediation of existing string manipulation code
[Drepper 2006] Section 2.2.1 "Identification When Opening"
[Klein 2002]
[Linux 20072008] strtok(3)
[Open Group 2004] "The open function"
[Seacord 2005a] Chapter 2, "Strings," and Chapter 7, "File I/O"
[Seacord 2005b]
...