Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e3f0094f75eec285-ab471211-4c344e7f-9fa29cdf-4be0511aa74d58c083f096b6"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29b575631b3d490e-c2732f3d-48df490c-b3f0aa31-e7d216031b5552629d5deb19"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fab700a39b141bfc-c345b664-468e43b2-b4fdb749-b410f32bcfdcd471771fbf65"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c46998f43e2718c7-e8771722-42e2465f-af73b0ac-21c517035566c679d38ff28d"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5d9a6d91620f3ff8-16ad02d5-4ac94582-99889d25-14993fd6f0362a99dbcb02db"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4da2a9b7409c056f-f7dbb52b-49724fb0-8c93bfe7-02826eb810538ee77296756a"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ed2452c5a901087-c9f9f3b8-4a3c43f6-a219b968-915902fbb34277a8243a313c"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68c9af3a9b9dfbdc-31433bff-40c64b60-bd628f53-6216ac012815f5368000d20a"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c40a9733e23653b-4fbaa31a-41ee424a-871aba4d-ec9d10447627673d5cd303af"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3d19518852f8b2b-3ce54a39-44cf48ba-9c799e65-cbfd900b7cfbf58269ee573c"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c18eaec6f2f5112-b670cc40-43634ce4-be0183b5-0849d1dbf8a1c1018f154b2b"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d79d69f2b6ffab9c-ca0d8ee0-45fd4960-8a6db7de-7ad61043899b49c4eb1a67e5"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb936d945e97ba21-5c6fb82f-45914d5f-805fbab3-08512916ce945eca346bd0f6"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a1b2a4baebfa3ed-3af76e81-48d744e0-89e191da-810bdfea79080ab32250db33"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ee664e544cf2360-d2f1ad14-45cd4b99-a32a8446-2f6f31884ddd4d74c4f2b281"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b09f522b935c4c15-5385b4ff-4bb84c7a-b592a625-49481d4fb044f1aaeb6b4175"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b3267dbdb608300-3fe5f72f-42884c90-b6ca9f24-54babdd1cac4b2a069ceec40"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc871c9c36fb5797-f3d418cf-4b3749b6-a3b986ba-1e99fa76a455082d686b181a"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="708df3e4598a2196-b277ac00-4c60420b-9906940d-aab85520b651c767ff9607b5"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99ba7414eaded463-07aa2c42-4f7d4d88-a5b286ef-87116098192827a55ce10af2"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa73113b56dfc775-88566c8b-48734ac4-bd70a9bc-025d6339e9a02ed3b5fecc19"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f8e68330e1e304f-5c58c2f6-4f774db7-a86ba28f-b113614673d4d6ab9ab397b0"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="509ddd4539c134e4-7d0a4bbe-43da461e-bf8ca24e-8e3a39100f60047668fa73cc"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c144113db1aefe9-3b4f95d6-46064bfd-a10da4d2-6a0dd61b26bb412a7793d799"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6ee7f132ad5a720-55c987a2-47424727-8ae0ad4b-a78995c48a74b5feebcb2231"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65697753e72f3973-1ea20940-40634b24-8079ba3c-ef1e32ec6f6c0629d8fc061b"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4b37abea48d1681-a5e49ebb-4f714523-8a0e9081-331263b1bdc69423757e5918"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="983075092b5dc1cd-53b9cf9a-4d4a407b-a8e2b360-efd1c6c3fdcf85d49e82eff5"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c688750ed95bcbbb-cd4ba2b7-44d0432b-836aac58-244877c0f69563e62a387339"><ac:parameter ac:name="">Open Group 04<97b</ac:parameter></ac:structured-macro>
\[Open Group 0497b\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition[_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.opengroupunix.org/onlinepubswhitepapers/009695399/toc64bit.htmhtml]." (2004). ISBN 0-13-575689-8. May 1997. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9e33953105c428e-68771709-4db643db-a8ec8286-1dcd741308bdc1941d80d45b"><ac:parameter ac:name="">Plum>Open Group 89<04</ac:parameter></ac:structured-macro>
\[PlumOpen Group 8904\] Plum,The Thomas, and Saks, DanOpen Group. "[_CThe Open ProgrammingGroup Guidelines,Base 2ndSpecifications ed_.Issue Kamuela6, HI:IEEE PlumStd Hall, Inc., 1989 (ISBN 09115370741003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70d6a1b02de6a08c-602cb2dd-419547a8-aa7cb8ee-fc997699249b0be6ba07aee3"><ac:parameter ac:name="">Plum 91<89</ac:parameter></ac:structured-macro>
\[Plum 9189\] Plum, Thomas, and Saks, Dan. _C+\+ Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 19911989 (ISBN 09115371040911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="610978322ee54d9c-d66a8b8b-426843e7-a20b9113-100297a49b89f45ebc995148"><ac:parameter ac:name="">Saks>Plum 99<91</ac:parameter></ac:structured-macro>
\[SaksPlum 9991\] DanPlum, SaksThomas. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8be63932c4d39c8-e82fe241-411d45d6-86d8a3e9-975e646cc78f5941a95d39a4"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro>>Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="795189419af2d2f3-5e96366b-4f224e7b-8d2fa60f-3741e55d0d719c4b7695f512"><ac:parameter ac:name="">Seacord>Summit 05b<95</ac:parameter></ac:structured-macro>
\[SeacordSummit 05b95\] SeacordSummit, RSteve. "Managed_C StringProgramming LibraryFAQs: forFrequently C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="285e3f8ec52d976f-df6afc19-4eb54a55-b51281a7-b29c4b5bc8e19996044d7275"><ac:parameter ac:name="">Summit 95<05</ac:parameter></ac:structured-macro>
\[Summit 9505\] Summit, Steve. [_C Programming FAQs: comp.lang.c Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f581054e8fad9f68-7f7b36d9-417841db-80879a01-d04aab2e858bee7f1244b014"><ac:parameter ac:name="">Summit 05<>van de Voort 07</ac:parameter></ac:structured-macro>
\[Summit 05van de Voort 07\] Summit, SteveMarco van de Voort. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf]. January 29, 2007. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28cd689f80cee745-30f22cbe-48f0424a-849eb8f5-d8c51fd1d1179e73d6ac1cb9"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6387992d875a654f-16ae3f9a-4c434610-af6da2b0-1af80efd53d9ffb19a0eeb62"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c371698aff4ba291-853b9175-4a334e8a-a0c6864e-4d08ad5a87903132f73bffe9"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="529333695afcc34f-32f6b071-4c19430e-9880b3c0-2a4a91c3ce182f3371afdc2a"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2824871524abfda2-49566e23-4f7c41f6-accf8872-304cf31de82c739a2807225c"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32633009c0d1a859-5c984a7d-4dc84ae1-8428afac-730b46b9c02a3b76171ffbd6"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d63214ff50c2f438-ccc9a79a-421e4223-9ad4a169-47966b3a3f3953778890c640"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.