...
- ISO/IEC 9899:2011 ISO/IEC. Programming Languages—C, 3rd ed. [ISO/IEC 9899:2011]
- ISO/IEC 9899:2011/Cor.1:2012, Technical Corrigendum 1
- ISO/IEC 9899:1999 Programming Languages—C, 2nd ed. [ISO/IEC 9899:1999]
- ISO/IEC 9899:1999/Cor.1:2001, Technical Corrigendum 1
- ISO/IEC 9899:1999/Cor.2:2004, Technical Corrigendum 2
- ISO/IEC 9899:1999/Cor.3:2007, Technical Corrigendum 3
- ISO/IEC TR 24731-1 Extensions to the C Library, Part I: Bounds-Checking Interfaces [ISO/IEC TR 24731-1-2007]
- ISO/IEC PDTR TR 24731-2 . Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC PDTR TR 24731-2:2010]
Most of the material included in this standard can also be applied to earlier versions of the C programming language.
...
The C Standard documents existing practice where possible. That is, most features must be tested in an implementation before being included in the standard. The CERT C Secure Coding Standard has a different purpose. When existing practice serves this purpose, that is fine, but the goal is to create a new set of best practices, and that includes introducing some concepts that are not yet widely known. To put it a different way, the CERT C Secure Coding Standard attempts to drive change rather than just document it.
For example, Extensions to the C Library, Part I (TR 24731-1) is gaining support but at present is implemented by only a few vendors. It introduces functions , such as memcpy_s(), which serve the purpose of security by adding the destination buffer size to the API. A forward-looking document could not reasonably ignore these functions simply because they are not yet widely implemented.
...