SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 287

changes.mady.by.user Paul Ruggiero

Saved on

compared with

New Version 288

changes.mady.by.user Yozo TODA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: the URL of DTR24772 fixed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d78df98214facee2-f944ff38-49c24d9e-a191a2bc-e1e0ed6ccef96cfa20c8d8d2"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 2006\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf5e8120c54b7cfe-edf864b0-49294d7b-818d8f49-260cefaf71304dc9172ce0af"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 2008\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d5b9824fe508f5f-efaae5a2-4a4b41b4-99728d09-e9a342822899218b16487d2f"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 2003\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb6dfb8b31a3087d-1a6009b6-415544d4-8a67ad5d-3ecb426864a28a7190eeb355"><ac:parameter ac:name="">Barney 10</ac:parameter></ac:structured-macro>
\[Barney 2010\] Barney, Blaise. "[Mutex Variables|https://computing.llnl.gov/tutorials/pthreads/#Mutexes]," POSIX Threads Programming, 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f2f6ad22161fc50-2d8c340b-47994444-be6d95f5-cd9c717379c72c0bfab2c13d"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 2005\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0eca94020f692fa4-2379bf4e-47894c82-a1f488ba-c64d7579b83c472f56c73aac"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 2008\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="843680b1e03e1855-01cac373-4d08403d-b079984e-f81950c47473f7e8deada005"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
\[Black 2007\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="222cd5f1c991085e-9ee5764b-44a84c30-a12697e1-b107ae9334d05e19c88b6336"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9489013062f41050-8651609d-4b4749ec-8774973c-7294459ee722d28fa9e1bffb"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 2003\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd39d68c8375e8fc-552d30be-4f684d3d-a147ba6c-bda73e499deece502ff868be"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 2006\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f1ca1ab03cdc139-9b926dfc-42fa457d-ae949b4c-283da8d855a98b6e47f07756"><ac:parameter ac:name="">Butenhof 97</ac:parameter></ac:structured-macro>
\[Butenhof 1997\] Butenhof, David R. [Programming with POSIX® Threads |http://www.informit.com/store/product.aspx?isbn=0201633922]. Addison-Wesley Professional, 1997. (ISBN 0-201-63392-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c2fbf61f2deff37c-f1c1b965-47cf490b-9e399d91-1f0faab73eaabe98e4aacfd7"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 1995\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb0117401ef963ff-b710b727-405e4b78-9fedbea4-4124d192f6432af711e8187a"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 2006a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35196c5bdd07138c-408aa0bb-4d4346cb-8f639dab-9e00f19066aaef16cf1deb43"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 2006b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b91c0d63ccef17bf-3bf8e8b3-4a744309-99369e4e-93b15ade3ba13d690b79cdd9"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 2006c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6844bb0929b31cba-f28bd4a5-44a14008-9b11915a-daa6235b5744846a0035008a"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 2002\]&nbsp; Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e9846f0495d44c2-55745925-47d84e38-810cb815-7b9c6471c01aa501330d278b"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 1993\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d125e835ff0c8f8-c649d394-46fe4990-b1bab9a7-9f53c34b989a94a6eedeead3"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 2007\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9bb3a55b596fbad3-e7df96ae-420a45db-93eb9949-b1486a3733f5be8e55d2e301"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b6dc21d99035162-2bfe3b5e-4ee848f7-a200979a-83ec6054ba236c6e754dbce7"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C\++, C++ Standard Template Library|http://www.cppreference.com/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3a35f44f219d38b-83e6fdfa-4a554a11-ab428566-92a88e55eb59cb202669fb12"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 2002\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37dcf3a4ace03572-45daaaa3-4caf405f-b310aec7-c55eb632972c8b3efd64c22b"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 2005\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4b76bc2dc7a68b5-01dd7185-45e5476c-8ea4bdb1-bc19f1b6ac71470786963f18"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 2006\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5523d6a2bf1aef7f-120db911-409d4b28-ba5f8b34-77aa6b956e40f4a74aae0e5c"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
\[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed19a9c6052aff1e-1b0cf7eb-45434520-b7b6b90c-355e289148a6ee44dd3303bc"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3c2ee231e10fc4c-a001505d-4bac40e2-91d0bd3e-d07f68ed2cb99686eebf4d6d"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 2006\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1563b6f112edfc5-bf8b89b3-4de541db-a8b6964d-c89f2918f27c4b6df74559af"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 2006\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94a9ade90e32630f-c76c9d60-4fec43d6-ac2abafd-b79b4ceaec49ae417a5d7693"><ac:parameter ac:name="">Dutta 03</ac:parameter></ac:structured-macro>
\[Dutta 2003\] Dutta, Shiv. [Best practices for programming in C|http://www.ibm.com/developerworks/aix/library/au-hook_duttaC.html], June 26, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8eab3d489b297c0d-354737b5-43944bd2-a0168b74-846b81341d51a20930a2dd4c"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 2007\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e311577e763fa6f-f63d9a93-44084f31-a78bb7ab-69e934ac2da69521e409053a"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
\[ECTC 1998\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28fd00250ecf73e6-b680f8be-4a664cbe-85328d75-8a77b37341090c26c13816f7"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J. 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57f167aafbeea1a5-13272cef-48e34436-bb91b9b6-aec1b3886d0cac73c1ca1864"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 2003\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7428644692183881-a24716d2-48a644c5-804889f9-f721dad1f2d85005eef8665b"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 1999\] Fisher, David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c5089e25ab689f5-2154e951-4258447e-933f9323-6b0734ecd271fe29a01b6e3d"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 2006\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="301376958f8811f4-e49312bd-4a59441c-9e79b659-39a85f4ad738ddb8de53d4da"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 2006\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae9278855481b123-66876599-4b6741fe-acb3b73e-c35e66379c22e48cb0352595"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 2005\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e626628adf0054d-58fab322-4a1f4105-bac49f1d-9f647ad7c3e8d0a47b13aeeb"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 1996\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="48a4f0075e426579-f8ad3e9e-4e5e41b6-a269887c-839fd0eb17b4f5c11265bc2f"><ac:parameter ac:name="">GNU 10</ac:parameter></ac:structured-macro>
\[GNU 2010\] GNU. [Coding Standards|http://www.gnu.org/prep/standards/standards.html], GNU, 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a03ca4db7d3e464c-5c9aa9e3-4e9f47d4-89f9b2ba-93f957e4aad1cebf2596a2bd"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="755fcd2a629d6e12-4ab351d3-4f4b4cef-a564b3c2-07baf3c3819888fff7c2900f"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 1991\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="651c883aa90ce21a-d3f64a64-469e4365-a14e833e-1462b8b1dc1aa343336d0265"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
\[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25342df5cefcdd25-dff95b42-4016492c-b8249365-fe61fc5dd170ed755f67c84f"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="661d271dbf823fe7-7856395d-49c547c7-b745a0ab-6f49e4d2c66320415ef09328"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 2003\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="579b79f3ce6e0768-77ca17cf-49bf4936-8de0aa82-2a128ff0d9b442bf331756d8"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 1997\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa653e8e2700066e-71ce52b9-467941b6-8feca885-fa369551f62c5c8a0147ba5d"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 2006\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1fb5e4995c8e52ae-a7ef5ee0-45a84f4f-aebea601-a7ff923c2cf693a27d92968a"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
\[Gutmann 1996\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="065f311004736cd2-7d782eb0-415b4be3-9176b97f-41839f92d423ee5e40d22024"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 2005\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="223eb92bde595144-f4058d97-4a894c1f-92dbafc0-9e5fb61b95c6197e0d83975f"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 1995\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31ae2daf0d2639fe-ee05f6d9-4d974956-b3b886fc-864c4e7421df3192a5fc0cc3"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>
\[Hatton 2003\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf]. November 5, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcc0744e16f7ae93-756a15d3-478c496e-88b49c88-d9d2a2770c1df1ff7d07ecb0"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 1992\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f873459b5ea39b7-dd1720a6-4fd644fa-beafb6e1-bd3680aa5ec53bd577e165fc"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 1990\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5672513a2b9e9361-f220ddb0-4e774f29-ab6e9f76-06fe8ecd434ee3bca324697d"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 2002\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81f9e749bc2cdcff-ebe989fc-404d48cf-894ca12f-72ea2c68d77a45195e7c72af"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 2003\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="568327a09b008b3a-e4cd0ca5-4b1d4b2c-96f29a40-484aa7a52cf7c023e4d9949c"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="975fe187075bbfc3-b9fa691d-423045f8-96c494f6-bde55e08ca5c34b4a7aec93b"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="361f8e36961e6d5e-cc72743e-4bff4295-aeb1be33-dd7676c48697c353fde69083"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2e7de939a304a99-b1268da0-4d824720-b8d49e12-b0c6406dd33832e16e13958e"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e675d5102d883d3-8c93352c-43274f4e-85eea8e9-a78793d53551964416079db1"><ac:parameter ac:name="">IEEE Std 1003.1</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c635b0fc68fb930-73e7b86d-4a0a439e-883eb79f-56765fc01b8c130b7d3a9573"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1-2008\] IEEE. [The Open Group Base Specifications Issue 7|http://www.opengroup.org/onlinepubs/9699919799] IEEE Std 1003.1, 2008 Edition. See also [ISO/IEC 9945-2008|#ISO/IEC 9945-2008] and [#Open Group 2008].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a64b5f40bc150b1d-54e35fe0-4fb2424e-b9098a69-99627fff28521cb66697c8a2"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51c682b3237832cd-62abab77-4c954cad-9bc4ba3f-ebd3740957939e4a10d17fe6"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition. See also [ISO/IEC 9945-2004|#ISO/IEC 9945-2004] and [#Open Group 04].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23d784f660ebfad6-60011f02-448c43fb-a2919589-66337c8f582476d64ea1c6fc"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
\[ilja 2006\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ebfed9f234ecdd2-a5bf1847-48f04742-bdedbe08-bafaf90b16f5c4fd36a04487"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 2001\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b1b7109eecf2fd2-0a6c2617-42fb494f-964092e5-e13317a59f42cbfbeaa9ee92"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 2000\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="494daeb0d27c7d88-ab591187-4e3f4c4d-b2b4825a-194a028894a1b0e3b6e021d8"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47fbcba6a4f159a0-6720527c-40494a04-8ec08006-87c857cbeae9586dd47a9743"><ac:parameter ac:name="">ISO/IEC 9945-2008</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2008\] _ISO/IEC 9945:2008 Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX_ _^®^{_}_)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="134eae18e7b6ed4f-10de8d45-4ff14deb-872dbb2c-8a3293eb926904e388354ce6"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be667f4c2c9762cf-41028332-4cfa4a5e-8bedb455-9a24a275c3b5edf2a2e2fbf2"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ef21e43c040e8cc-57998864-432a4c37-a27cbbec-2f721bfa7ef62adfe006fa13"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0cfd2669d644b4fc-0515d7f6-40ed47a7-b63f8178-4e941b0986d873d5b6580042"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3a1f363e47f7232-74e73d54-420b4972-a7f08dea-accb7a7271ae386e1a9b875a"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea1bd9f46148fec0-f6822fd4-4d4c429c-b3f9b262-4989d90ed8b36acb18599e5f"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 2003\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d6d9c00ba73389d-932d9904-476b47e3-99c4b0af-189249ef8e9a18ad75e2f2ba"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4108dd2d77faf171-fac4b2b2-4f53425e-82b898c9-181b06dfb6dfcacfc4bbefc4"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b405af0b507170f9-5a34de71-45f8439a-8fe1aa05-9d5cda3acc7b74c4daf279d3"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="16772a6c3c77644a-6098b29b-488d419e-9cfc9d7b-7e33b6033ef38abdd3174edf"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24772\] ISO/IEC DTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://wwwaitc.aitcnet.org/isai/_Mtg_13/DocLog/220-thru-239/22-WG23-N-0238/n0238.pdf], November 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3dae03a852b15648-67d4024c-41c04c01-8dcaa182-102e558349f8e5c44aac0e7c"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca9eacbe12b0fb37-bf59c710-4d1f48bf-b36c92cd-e46ba5252b66a8188a4d7b86"><ac:parameter ac:name="">ISO/IEC TR 24731-2-2010</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2:2010\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part II: Dynamic Allocation Functions_. Geneva, Switzerland: International Organization for Standardization, April 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4dd5cc6c1d5387af-4807213f-440d4961-86adab45-1efa486111ebf24665f490d9"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 2007\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9526d838ad19610a-be03bd22-47254f8a-9feb9d84-534b7ad1d9bfc5da6840adb7"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 2004\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08de1397d1514eca-a7002cc4-445340cd-8724bb8b-0615a81222e34aa84613277f"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 2008\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10f37ce6c98cad0b-3fc55080-4f754f6e-a289a461-120f49d1e8a343711f5bdfc7"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro>
\[Jones 2009\] Jones, Larry. [WG14 N1401 Committee Draft ISO/IEC 9899:201x|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1425.pdf]. November 24, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c754c565f75f1861-32c3ab58-4f524a02-a7b98d0b-88534070e2fbe0f36c223226"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
\[Keaton 2009\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8fcfee8cc17bf67-1435544c-45e44bb3-ba17ab75-99b3fcfe7681e3b3c258d3fa"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 2008\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c5d4df1798918f2-934f9417-4aa540d4-bd04954f-0530355f3d7bde50545d808a"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 2000\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa6b7c5d1979575f-cb10e1c9-4cb04b8e-96a5bf64-e8e9df388848139138de500e"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 1988\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9511af8e373cc18c-0264ae6d-40ed4897-87d2b003-d3679dc73aeed37a024dc1a6"><ac:parameter ac:name="">Kernighan 147</ac:parameter></ac:structured-macro>
\[Kernighan 147\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd0b8d574ad6977e-7887cd86-41de4df9-a9a0bb7a-aea98a2e604bd56952028ee0"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 2002\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="129ddaef118bc4e3-c12a2e8d-4fdc408d-a156bdc4-7fffefba04122711a46c154d"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 2003\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c9ae4c3a7b33d56-8f977a36-48ec48b7-a7a49fd4-5ef9306ed5357211e4371657"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 2002\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d119275edb616bf9-61a6e485-4877457c-b6c1bf84-d7d009d7ec1ae516e3286261"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 2004\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a201078fbfc10b83-c2f4b9f3-45da4f42-b1f78acc-17f3dc6533974e17900a0748"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 2002\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e923f4a5071858a-4aff9fda-4be54917-8c8cbe0a-6afb9b50c9423a83f2d90325"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 1989\] Koenig, Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c802d899d82d1a2-d16c2eac-4e624957-a2788098-f5f85e5d0e0f7553e17183cf"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 2006\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2dff2aee26cd02fe-7eac2d19-4757477c-b5f5a6a5-30ee3c0beb19db2a39551144"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 2006\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9852785b9e912a98-1c71c882-42e84c0e-b005989f-b0575023b0143b12a2cf244c"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
\[Lewis 2006\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a38ebd7e028dd04-9c4b40a7-46ad4f27-bcf581b9-58f0b893066d05cd9b075db8"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
\[Linux 2008\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49b6cfe685000e93-e38f8a77-47ec47a9-9429959c-f7877f09235f56a379c29a7e"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 1996\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c09201f9e5e5406-adbedfd6-45db4225-91ef9bc8-9b4d73de45a4b13fef733f84"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 2000\] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebbd87fe31fbcd8f-743692d6-41bc4132-94599c0d-24b6d424fdd513d166891d80"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 2006\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).&nbsp; Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87df9508515a4742-26f3d96e-4dc44f49-8247b8be-584d1435d482ac40efba7d91"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
\[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="191201df0876e2d6-674d35a6-46f34363-9ec890c2-5c2002bfb6733ca658c2a32b"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49b861649e6d70c2-2c9966c1-4ee0479f-aff2aa0e-4bf9ef28779b3a634b98ae7d"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 2007\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11, September 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="beba6ec508e860bc-aa971f01-4c164ae6-9f42b01a-72a1717aa941ea31ecf1ddef"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 2001\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89cfb77c2fdbd273-dd0e1153-4daa4e2a-acdaa1c2-7f6eb621cfcc5489d784d178"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 2007\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aea465ea2f3556b3-f8e236bc-4f7c4200-8c9a93d7-a07d4658fd98cc6be6e95ddb"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e466fbb9b219af36-5c3e13b7-42164640-bf20a730-1f14d4777240870f8ba178ee"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
\[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c91a6345ee2e332f-1d8876ab-4f3b41eb-b889aae8-635a1efabcd129bdf50962d4"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 2003\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f8a491321ea1ce9-12d26cb9-4c7d48ba-a2b48c0f-bd8cf44ef9124502ba5156a0"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 2007\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ba03227783257d4-c7c1da0a-4333434c-84e48949-10211f5fb9f5f4cc7e2f5ff7"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
\[Miller 1999\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bad01848aff63e75-576b3fcb-4e48416a-bc96be14-2b7990ccd3d9f623900937f1"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 2004\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73f45b856fd172a9-c1a415f4-496f483a-a4e5be9e-0701b0b39e8ff1aafa0bde98"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 2004\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5855612a5a7ccc0b-6af30741-4b20454c-8af3ba90-db8e64912aff938c6346d415"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
\[MISRA 2008\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="16924b80f7655957-fbe80b23-4510444f-8250a54f-d0b5593c76994201a6e06a7a"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 2004\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02dfe9b754b67713-b9fa587b-4ec3438e-985f8053-5a3fadb822e9c81e23a4da07"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 2005\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0344901ffe456cc7-570b94c3-422e410c-aa3db587-55e9e31fafb7439b44992a9f"><ac:parameter ac:name="">MITRE</ac:parameter></ac:structured-macro>
\[MITRE\] MITRE. [Common Weakness Enumeration, Version 1.8|http://cwe.mitre.org/], February 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f23424478d3fd52-82701866-4f064bcd-837e9a70-c2c99c925c24b5fd18c0003f"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 2007\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008.
\\

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bfc6c2526f0dec86-c0d0a1f8-49b04be4-8a09869e-d317a9b5bee49aa87cd0ab6e"><ac:parameter ac:name="">MKS</ac:parameter></ac:structured-macro>
\[MKS\] MKS Inc. [MKS Reference Pages|http://www.mkssoftware.com/docs/api_index.asp/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8115bcf8843634fe-4a21feb1-4ca24b7f-98879c9c-5d0708a0d211313b74c28093"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="925bb6e335b2c7a0-87360c5f-46544f50-a0999f69-a7e2ac748c1e4531d08f43aa"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro>
\[Murenin 2007\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="625a8246915dd7bd-92068490-4e2f4dd8-bc84b284-a4aee81909ab0a63ae66c0dd"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 1998\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="751c9e24f015e879-3411987e-4b2844c8-824f843f-97a25ef41c102a6aabee67f2"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9de0dd7522e7957-60d0f083-4fcc4032-ad229a0b-d300b400f1f13590d2b671c9"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 2006\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5e2654b9c378e0a-d2b7e77f-4d9f4a28-9b1d85a3-ca800338b730dda9d78c0f8f"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23cc71246d5dd550-7698cb4b-43734571-b95d8514-3c53a1e759e5f7d967ce3aeb"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dc4b035e686877c3-23baaaab-403f4f24-86e5a599-a9000cb59d40c5a521382f52"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6ef647bf97d84fe-4bd6088c-482a4c8c-89e69c71-34ca4cd60c53060c1035f4cf"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec17e9f761be3734-1c95b1c9-411847dd-a1f1af8e-9971386be5e7f41fe317fdd2"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>\[Open Group 2008\] The Open Group. "[_The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition_|http://www.opengroup.org/onlinepubs/9699919799/toc.htm]." (2008). See also [IEEE Std 1003.1-2008|#IEEE Std 1003.1-2008].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a4ebb4c850afd7a-b2e84911-418a4450-aa938df6-9af48609a44d81386aee4768"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 1997a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33cde97f852d8bf9-3d81d17d-47ab406b-96c5ba52-a5acf8f51077025fd73a57fe"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 1997b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="481b9515efe9c23a-3a0e903a-43d541af-b1f29128-82bf16c88683f85223bc6071"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a08990c68d2efbc3-7c19c99b-46004289-80318c1c-b37e622e65405c34d688b926"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2fadf54b6c5b2402-28d38b9c-46f2452c-96d0b149-1c5a5246d2dd142bb5c7a8ee"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c745cdc9392b2414-8a034315-40fb4f22-bf33ab92-0355dc86987d34d9d22bcaea"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>\[Open Group 2004\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004). See also [IEEE Std 1003.1-2004|#IEEE Std 1003.1-2004].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f1bc33539cfe623-15641e99-44b440f8-a73baa55-995e40fa0b8cb908512b1698"><ac:parameter ac:name="">OpenMP</ac:parameter></ac:structured-macro>
\[OpenMP\] [http://openmp.org/wp/|http://openmp.org/wp/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8460e2f176fb39b9-c6c6cb1a-4bf049fd-82d5bf0a-a3fcf1ba82e467d10dfc1de5"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee9db95b3cc64fc9-161a6147-41114033-93fc8ae8-860475d2e8914fc57f653d7f"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5987123eb23afd90-c48c2604-457d4f1d-a9aba887-2a7ecf93f99680620317c795"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 2003\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dc80d150164b1d4a-b910373d-453049a1-89cd88bb-dabb4f7a46451eaada1df5bd"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 2004\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b21ff3be851fc0a-97c8a2b8-497e4319-bb0cb506-bf02da0541c745c1110d1f2b"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 1993\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12ebdd6622c7612b-411982f2-43394055-aa3a97fb-1e8ac08da5515f6002212b41"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 2005\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13027833c032cceb-efa12e10-46e14aca-9bdb9437-2cdac21f4ebebfbe8153ca96"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 1985\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6160848c5d301a65-00b5e822-4575495e-919ab30d-b809a498b87386b92c10553e"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 1989\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4d15be74ad82fd5-3ef80fa3-4e524f4a-aab091e6-132030681011a5cfc94b2ec7"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 1991\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c5c864e9aa68fae-d7e3a587-4d5747ed-b0339645-c3f652d35f04ed35cff9bc02"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 2008\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0812dcce3ba6d4ff-7ac49d56-4f38472a-81f9aa51-424109187db2c7864b46a49b"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 2006\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef117f7157cc8c56-4b838ffc-47614318-a5d2b74b-b7144ae60deca8af77ea2dd0"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46aea5d38a84022d-2f20f95c-4c694927-90d684ee-6029827aa4595094f40aedb5"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 1974\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7fdc93422f1cacb-b1163ed1-4b4a4f45-9848a9f6-c15e153e0d70c800ba651778"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 1975\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a5ccea367c038ca8-112e7a75-465043ef-8e998786-fd4b84af0af0bc7bf864927a"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 1999\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04e4695e98bbe35a-ff5374a9-444542aa-b88a8eb2-b33615d84c5b7c5170cc889c"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 2000\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a2f81dc94909a67f-8f87c0da-4ef945f0-bd869f37-111ff6e130f5f256221b7f86"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 2001a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95b40a4874ff6870-bab04dfd-44334b4b-b6b3a0ac-f935595cfe3138ab81c7e393"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 2001b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3533e6fc2868bdac-91db5c52-422d406b-9ba6963f-730045ababc8b4a61c020fd0"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 2002\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b81240ef3d81b939-b99d1907-43f34dff-89fa805d-4e39c950b4c7db794c598c1c"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 2005\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c67edb1acc3b3a5b-793fe171-45ef4cdb-9aed939e-659fd3d34b846dde09df5d43"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 2007a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="562ed70c1b576db8-b4cd53fc-4aae4322-a3a6b872-fcc8af74b1cded76a1a615e9"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 2007b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8478f222c5ff94b4-864db1a7-4c284b31-a2b292dd-996847069616fc740341dcfc"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 2008\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="279bf2afa53e9759-a5e255a4-4b914633-aa37922a-27cd5c0833379226ea7ffc3c"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 2005\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4fad4454dff8b2dc-39380eb9-4fdb4db2-b4aab410-84f186c701990de1ea7c7a8c"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 2003\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a26c731d37e47b21-2ba4faa0-4f564425-8846b067-0420b698c539702d29200c63"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d11ef1c7be073704-65f38aba-4f22469d-bdcd9b4f-a4f22b5f1362e387651b7a5c"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 2005a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e49fd9b303dd4c5c-ffa67d93-410342b7-9a87a64c-7ccc7b443d158240c19a86c7"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 2005b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4e09f6839011c01-15a5e342-40b04f21-895393c0-a2f793c7e9d6fac90454d38e"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 2005c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fe656311a78e915f-db813001-499c49e9-b8ba8406-4125291860be4734815c4b90"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36fa5f1864a57562-c21cc043-46614e11-92268fca-b6264883cb756eb189112627"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 2007\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0997f4d580bde054-0126eb55-4f4b4b77-9bfca11f-99acb41f885ef91cad4901e9"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 2007\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="20a9f3ed016871f6-f573a7ff-4a7b4d4e-9ccb811d-a4d88ec36a4f074ab9864580"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 2004\] Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57e6ea7355bb5167-55c9355f-425e44b9-8a468ea5-944c75dbba4733e847964986"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 2006\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1911a6dd892ab8d6-8348acb3-4a5d4841-bc7290c2-8f7a37711e471ba943aea8a5"><ac:parameter ac:name="">StackOvflw 09</ac:parameter></ac:structured-macro>
\[StackOvflw 2009\] ["Should I return TRUE / FALSE values from a C function?"|http://stackoverflow.com/questions/559061/should-i-return-true-false-values-from-a-c-function] StackOverflow.com User Questions. March 15, 2010.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0916e6b74b2b2a12-773c1585-41344764-8bdeb7af-aabaf215e7b5361c3b271837"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 1977\] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="586789ce6a17bf48-c9107a1c-42194353-a39fb4e3-a5384e893d214e539e8cc7c3"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 1995\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="208b456e1df05d71-08a9cc11-45304892-9685af92-7e61585c0a996b55b696f6f4"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 2005\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://www.faqs.org/faqs/comp.lang.c/C-FAQ-list/?], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80fb69e014ffe6ed-0223d2f0-421b4b09-ba129329-f5dc17280b2c82be579e47f5"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fbcddcde733bcc24-4dd65f8b-47824ac8-9f5bb955-7cf7dcd90ada6514da3ab8be"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 2005\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21a1161e88dd55f4-f6ab2cdc-436546d0-83188bbe-585343267802ec15b1a41341"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 2004\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bb1a3268d71ff15-188bf0db-41004d59-b83eb020-c449e3b4c2a1b7570e52b24d"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
\[Tsafrir 2008\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efb835f489695ec3-5e188c77-4d894104-aacd94ef-8903b91945f683e4881aee57"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
\[Unicode 2006\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4be027fc65a113ec-7a1e9315-43104119-902a8889-1c5e3d358300bf938d676f4b"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 2007\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="490aa1b9afc71ed1-7a1dccc7-4f734d74-8822b78e-4dea6b56d6ab2adafa038bd6"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 2006\] van Sprundel, Ilja. [Unusualbugs|http://www.ruxcon.org.au/files/2006/unusual_bugs.pdf], 2006.&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="608c0b1f48fff2ed-e07ad205-43844f4a-90f9ac4f-745b63b59c9a005c4a4190d3"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
\[Viega 2001\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0bf50eed34f93aad-f279bd15-493145c0-8d4eb99a-857a726a5f66d1242ac5535a"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 2003\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fbe52bbb4b0c7931-21a5594b-4afa49df-9e5d82ec-fe74d9ecf3a3205db6b0d5d5"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 2005\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9c8f82acf4192cd-0030cee5-45f44b84-965ca617-bccbfc8140b4f6d049b728c4"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ea6960b1caec31a-ec844bbd-4fad4a17-8b8aae27-cb7421c82723456bffe8ae22"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1746e0702ffb5db-049ae224-411549b0-a4b5a69b-06421cf5d265690d69a0175e"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f1ca413cc662e263-d8d4d4b6-42714762-9c078126-ce26c426713b49d4fff39fd1"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="748e6c0e38d221c3-66f82ce8-4b5044b1-beb2a4a0-dff68f41b45733f52675d56e"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c143a5c427890624-d294eebe-4b5545b2-bcdf8edb-a4462bd71804fc4e48b83009"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5719a834cda0cc45-179a82ae-4e654e6e-9d7491e2-7bba35e3f7fca82c52b11751"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd1701f761a87ef7-8e5283f2-49fc42ba-a19ab977-bba14142e30f2d1108202a74"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3cc9644844f443b4-0f8d4c82-4b6a42ee-8ca49842-dc479cfae7f438dc9791c8ff"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abf5502c9cc49fd1-7fde3afc-457c427c-bd8b8ab8-4ff9207a095641261da0c1a9"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7577cd419700dfac-616db06a-4e3b4d4b-bc2297d0-1cc057b3b6eb540b2cced83a"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b84cde4cb10f3db-920e1a58-40f64fc7-8c54a714-dadb626dad05e8aa2d61781c"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59c8ca5680942092-ae5cc395-458644e5-aaa39844-1af5a8bdfa2d86627221dcef"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80de346832fae209-129aa11d-453d4730-80579e18-b98b0a7dc2486117d1e36455"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcdc546769039fc3-7f64e521-4023462f-89f98e4c-c107b5d95ecab7f52ba1a232"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 2002\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11f86e0212b20b4b-9a2c3484-46434ab8-a1c5bf67-5cd1f1ddb7904d07307449c6"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro>
\[WG14/N1396\] Thomas, J., Tydeman, F. "[Wide function return values|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1396.htm]", September 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0463a122b867256-e7dda895-4e2842de-b8f492f4-72f070db40ad9bc3089ff6d0"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 2003\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c473776b13735f5-b0f2738b-4cf14e31-8dde9b40-b23800dcd7b4819b7f866ab5"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 2004\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1124235c52610747-2fcde952-4e2447be-b15e8fe8-396847e814a8a7731b2a1c37"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 2008\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7738ce4af2d40647-09e6aaac-4a9942e5-8bbcb031-a3949dccf06b3d2af9667065"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
\[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d137cafd2bae6859-ed55d9b6-49fe4f17-8fbfb1a3-b0f163b6adfec638948b7818"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 1998\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67b0297baf4c7072-20965ec0-4e6e4d80-bb42b67e-7d99a861815dd4d7f924c35c"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 2001\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001.

...