Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb7ff231032e784b-91b0f590-4c2e48be-865b88e8-3df7fd47ba0cea4493003a23"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c33ca3f8daf46773-e4c4b40c-442a4afb-bc96aac7-4829b44e65c82664c0e60c2f"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="762c3b84a8666934-2a88f9b8-40a649e4-accb80c0-fb60eb1d00dccdedec8802cb"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
\[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0341b854b3cf208a-53be057c-43d946ac-964c85cb-85a8ce5ddb6527ab6dd49694"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be6ed212e83f0ed4-235247a5-479440c4-a6428538-7db5bfdef55cd576b63f957c"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ed223b9f9c84266-df740e87-4ca14992-85bea0a8-1077ff26a1eaab61ac732d67"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="61f650269b6d75a2-f4812acc-48a84a44-93e1a2ef-c0bf5a8f198029da1aba076e"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c4bfd0577cc7f26-390c9719-43f54c3c-89e18e19-7f63322a27d1a8a9a21d32de"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27a70f63eb139afd-da7a9be5-449e4692-99a190c1-1b4dbabae0cfec460cb2d751"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ece53f7e64eaa6b-7009fed6-43084e99-83b2b1c1-3bcec628bc671ca8281b4152"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="474ca29aa0087789-c6bd46a8-4c824e08-bf738e93-a5fe64e17044b469548417bd"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7912d6df79269d75-8b5e7f10-48eb4482-95429e9f-f164bee866ba27ac50433d19"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14af8730392bc2a3-c72db3da-4e3846de-b6a1be32-dd88d973589a58d89b2bfa81"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07b94155d4c06fc8-a00be9c7-4adf4426-bc329271-d71234ef32726ac2b6d1573f"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15727b5a96fd42dc-bedea658-4e234839-94628765-a7641902c68a094c825f4ddb"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d99c76680ede0de8-92559d9a-46d242b7-9969b069-d62b453b868d72c171014376"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d60d5ea04bd78e40-bfed0d6a-4a2e4bb2-b6e2933e-6263c67c926edb1250ec23c9"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="010f2acb75c25731-6affd6c7-4cfc4f8a-857585ab-f9546e9061a5dafd0b94cc98"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73d5f45f316b8ea3-ccbc697f-4f2044c8-87b3b81c-5c9254313993f90ee0969b64"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4ac7b9987f74f8e-0e507536-487343e6-99418c9d-29009aa317de1991b7cf37b7"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dea61080e6ed7cb8-dcd0ca92-46ef43ca-80c5a759-eb52c3d229d3d5d3405cefd8"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ab5fc73860aafb3-c129693b-47fe4cce-ae99adfb-351af7166ad6615717ef5801"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83bb5220cdecad2e-157468c1-4f534c5f-a34ab595-7ec9344a1c43328aa4c2a3dc"><ac:parameter ac:name="">mercy<>Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J.L., ARIANE 5 Flight 501 Failure Report by the Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1442292c189977aa-6248dcdd-4e45464d-b890a26d-5744e894744dac32eb3b5787"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15797592aacd8384-143925cd-4648493f-bb91b314-4d99e9ab78e222d7e5e26150"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f8ca00b71b314a5-8091e27f-4a254783-bf829ba8-0faa316b03af84ef287c019c"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7d22f251ab08705-e448dc02-4ae74eeb-a022a3b1-91df50a2f1b839340ca23a3f"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="104b14cf73105fb3-563309a5-4bff4af0-8da093cf-9e3da0bd420bb0eff1f111b6"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="643c5c9bb1cf499b-ff896f86-47254877-8351b6ba-99e3a14f6d573642b26473ee"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html]. ISBN 0-13-575689-8. May 1997. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59cb8ab81083c3e4-6f1e0b9f-449f49ee-8361b016-df8c51f4fcd782b7eb514d35"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0a0089220adb6fe-5f052ffd-484b486a-97248996-c43472dd6b889c555ffd8b44"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c99f7713fc721eb-9fd79f44-47934ff5-8b89aed3-21246797f6f914f40df06d58"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6ac263f1360de92-a8671245-4d4f41cb-a1d98182-7acd459147ac2abbb2844134"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="897dd21ab6517414-68fe5fdc-4e264707-bed591d4-1c0b9d1ad560904d82b6b4d7"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3886bd8ae5892880-850d1421-40104186-b6a98fd9-e883950b8cc03b9c3e029077"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b67f6f9fa407ceb4-5242ac63-423f407a-9c22a875-317863b397a23c9e07347755"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84f69f17e2606a15-151acd3e-45da4113-a94b847c-8b5a98fba70719fa4dc5da73"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4d30369609dbf80-fb863663-479c4458-b2f484c9-4be83b5fbfcfb9dc9f0d100d"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb06d0789c218d48-abed5240-4a0d45f7-8dc18759-c671aeb22ae31fdd2e502bb2"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] Marco van de Voort. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf]. January 29, 2007. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ddc009e73c3ba8cd-a1bba489-4a484856-8ed39a3b-dca7c0148e4ff0e13de9e8de"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47e96ab532d713e3-0f26cd44-4e6e45a8-85f3acb2-2640e168940c020346d128d0"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d2678b6144dc7b6-ec9a0fc3-43a9423a-8f3d852e-f202105642da78cc856e01b3"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d76b5f7505e95408-448457a6-49be4809-874d877c-953e00befbe40826b2df8989"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="673137340eef1ab3-e24f6ca2-481f436d-822dbe5c-aba0e687e3224447d90497c3"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a81cdb9a0259e3ad-59b3802c-493d4693-a88d967f-67db9f870fb16a7dda54267c"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69813a4e9afa6f9a-ac21e503-4b18419d-a8a48ce9-69ae12abf535f15624021911"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13a4ad48e6012670-ce313e6b-4a5344c8-b888bd47-04677bc018abeb946ea6785e"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.