SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 302

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 303

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
Black 07
Black 07

[Black 2007] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf.

Anchor
Brainbell.com
Brainbell.com

[Brainbell.com] Brainbell.com. Advice and Warnings for C Tutorials.

Anchor
Bryant 03
Bryant 03

[Bryant 2003] Bryant, Randal E., & O'Halloran, David. Computer Systems: A Programmer's Perspective. Upper Saddle River, NJ: Prentice Hall, 2003 (ISBN 0-13-034074-X).

...

Anchor
Butenhof 97
Butenhof 97

[Butenhof 1997] Butenhof, David R. Programming with POSIX® Threads . Boston: Addison-Wesley Professional, 1997 . (ISBN 0-201-63392-2).

Anchor
Callaghan 95
Callaghan 95

[Callaghan 1995] Callaghan, B., Pawlowski, B., & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.

Anchor
CERT 06a
CERT 06a

[CERT 2006a] CERT/CC. CERT/CC Statistics 1988---20061988–2006.

Anchor
CERT 06b
CERT 06b

[CERT 2006b] CERT/CC. US-CERT's Technical Cyber Security Alerts.

...

Anchor
Dewhurst 05
Dewhurst 05

[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

...

Anchor
DISA 2008
DISA 2008

[DISA 2008] DISA. Application Security and Development Security Technical Implementation Guide, Version 2, Release 1. , July , 2008.

Anchor
DOD 5220
DOD 5220

[DOD 5220] U.S. Department of Defense. DoD Standard 5220.22-M (Word document).

...

Anchor
Eide and Regehr
Eide and Regehr

[Eide and Regehr] "Eide, E., & Regehr, J. Volatiles are miscompiled, and what to do about it" Eide E., Regehr J. 2008.

Anchor
Finlay 03
Finlay 03

[Finlay 2003] Finlay, Ian A. CERT Advisory CA-2003-16, Buffer Overflow in Microsoft RPC. CERT/CC, July 2003.

Anchor
Fisher 99
Fisher 99

[Fisher 1999] Fisher, David& Lipson, Howard. "Emergent Algorithms - A Algorithms—A New Method for Enhancing Survivability in Unbounded Systems." Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5-85–8, 1999.

Anchor
Flake 06
Flake 06

[Flake 2006] Flake, Halvar. "Attacks on uninitialized local variables." Black Hat Federal, 2006.

Anchor
Fortify 06
Fortify 06

[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

...

Anchor
Garfinkel 96
Garfinkel 96

[Garfinkel 1996] Garfinkel, Simson& Spafford, Gene. Practical UNIX & Internet Security, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

...

Anchor
Graf 03
Graf 03

[Graff 2003] Graff, Mark G., & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

...

Anchor
Hatton 95
Hatton 95

[Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

...

Anchor
Horton 90
Horton 90

[Horton 1990] Horton, Mark R. Portable C Software. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Anchor
Howard 02
Howard 02

[Howard 2002] Howard, Michael, & LeBlanc, David C. Writing Secure Code, 2nd ed. Redmond Redmond, WA: . Microsoft Press, December 2002.

...

Anchor
IEC 61508 4
IEC 61508 4

[IEC 61508-4]  Functional safety of electrical/electronic/programmable electronic safety-related systems - Part systems—Part 4: Definitions and abbreviations, 1998.

...

Anchor
ISO/IEC 9945-2008
ISO/IEC 9945-2008

[ISO/IEC 9945:2008] ISO/IEC 9945:2008 Information technology — Programming technology—Programming languages, their environments and system software interfaces — Portable interfaces—Portable Operating System Interface (POSIX ®).

Anchor
ISO/IEC 9945-2003
ISO/IEC 9945-2003

[ISO/IEC 9945:2003] ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology — Programming technology—Programming languages, their environments and system software interfaces — Portable interfaces—Portable Operating System Interface (POSIX®).

Anchor
ISO/IEC 9899-1999
ISO/IEC 9899-1999

[ISO/IEC 9899:1999] ISO/IEC. Programming Languages---CLanguages—C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Anchor
ISO/IEC 9899-2011
ISO/IEC 9899-2011

[ISO/IEC 9899:2011] ISO/IEC. Programming Languages---CLanguages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: International Organization for Standardization, 2011.

Anchor
ISO/IEC 10646-2003
ISO/IEC 10646-2003

[ISO/IEC 10646:2003] Information technology - Universal technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Anchor
ISO/IEC 14882-2003
ISO/IEC 14882-2003

[ISO/IEC 14882:2003] ISO/IEC. Programming Languages — CLanguages—C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Anchor
ISO/IEC 23360-1-2006
ISO/IEC 23360-1-2006

[ISO/IEC 23360-1:2006] Linux Standard Base (LSB) core specification 3.1—Part 1 - Part 1: Generic specification

Anchor
ISO/IEC 03
ISO/IEC 03

[ISO/IEC 2003] ISO/IEC. Rationale for International Standard — Programming Languages — CStandard—Programming Languages—C, Revision 5.10. Geneva, Switzerland: International Organization for Standardization, April 2003.

...

Anchor
ISO/IEC PDTR 24731-2-2007
ISO/IEC PDTR 24731-2-2007

[ISO/IEC PDTR 24731-2] Extensions to the C Library, — Part Library—Part II: Dynamic Allocation Functions, August 2007.

...

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyTechnology—Programming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October, 2010.

Anchor
ISO/IEC TR 24731-1-2007
ISO/IEC TR 24731-1-2007

[ISO/IEC TR 24731-1:2007] ISO/IEC TR 24731. Extensions to the C Library, — Part Library—Part I: Bounds-checking interfaces. Geneva, Switzerland: International Organization for Standardization, April 2006.

Anchor
ISO/IEC TR 24731-2-2010
ISO/IEC TR 24731-2-2010

[ISO/IEC TR 24731-2:2010] ISO/IEC TR 24731. Extensions to the C Library, — Part Library—Part II: Dynamic Allocation Functions. Geneva, Switzerland: International Organization for Standardization, April 2010.

...

[ISO/IEC WG14 N1173] Rationale for TR 24731 Extensions to the C Library Part Library—Part I: Bounds-checking interfaces. http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1173.pdf.

...

Anchor
Kernighan 88
Kernighan 88

[Kernighan 1988] Kernighan , Brian W., & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

...

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] flexible array members and designators in C9X ;login:, July 2001, Volume 26, Number 4, p. 29---3229–32.

Anchor
Mell 07
Mell 07

[Mell 2007] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

...

Anchor
Pike 93
Pike 93

[Pike 1993] Pike, Rob & Thompson, Ken. "Hello World." Proceedings of the USENIX Winter 1993 Technical Conference, San Diego, CA, January 25--2925–29, 1993, pp. 43--50.pp3 43–50.

Anchor
Plakosh 05
Plakosh 05

[Plakosh 2005] Plakosh, Dan. Consistent Memory Management Conventions, 2005.

...

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388---402388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278-13081278–1308.

Anchor
Saks 99
Saks 99

[Saks 1999] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13-1613–16.

Anchor
Saks 00
Saks 00

[Saks 2000] Saks, Dan. "Numeric Literals." Embedded Systems Programming, September 2000.

...

Anchor
Seacord 05b
Seacord 05b

[Seacord 2005b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30---3430–34.

Anchor
Seacord 05c
Seacord 05c

[Seacord 2005c] Seacord, Robert C. Variadic Functions: How they contribute to security vulnerabilities and how to fix them. Linux World Magazine, November 2005.

...

Anchor
Spinellis 06
Spinellis 06

[Spinellis 2006] Spinellis, Diomidis. Code Quality: The Open Source Perspective. Boston: Addison-Wesley, 2006.

Anchor
StackOvflw 09
StackOvflw 09

[StackOvflw 2009] "Should I return TRUE / FALSE values from a C function?" StackOverflow.com User Questions. March 15, 2010.

...

Anchor
Stevens 05
Stevens 05

[Stevens 2005] Stevens, W. Richard. Advanced Programming in the UNIX Environment. Boston, MA: Addison-Wesley, 1995 (ISBN 032152594-9).

Anchor
Summit 95
Summit 95

[Summit 1995] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

...

Anchor
Sun 05
Sun 05

[Sun 2005] C User's Guide. 819-3688-10. Sun Microsystems, Inc., 2005.

Anchor
Sutter 04
Sutter 04

[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

...

Anchor
Unicode 06
Unicode 06

[Unicode 2006] The Unicode Consortium. The Unicode Standard, Version 5.0, 5th ed. Boston: Addison-Wesley Professional ; 5th edition (November 3, 2006) ISBN: 0321480910).

Anchor
van de Voort 07
van de Voort 07

[van de Voort 2007] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ), January 29, 2007.

...