SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 179

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 180

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e286122790609f40-f92e9623-447a46cf-8d81bf3c-69ae4ab733d5885edd1c28d1"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f882d2a4aa4bae94-7067940a-483f4d7b-9b78b8af-ff36e35bbf86e1270b1fe0d4"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology -- Portable Operating System Interface (POSIX®) -- Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f52d4c2e7318db81-ea86b74c-48bf4376-bf0d82e6-f8e28bb5dd99a73d28239549"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="897d332fcfba09a0-d74399f5-4e124aec-a23f8b6b-47bc2f10ae2960a8e833df4f"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7b4e4305652ba84-c1d58109-444e4c63-aaa385a5-b5db6cdca9951c22b442eb38"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ef6e5f46dcb7cf3-5f5db309-4b5646a8-b5deadfc-1a190258ea29c71d52bc99db"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8c94e4e7710eee1-01f9ac72-4be54246-adfa88ad-b433698951e8a5256b800150"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01020bbd503731b4-b370d3f4-41c94532-bfaf8d16-3b4674392d854d370fe2fb6b"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c297ff66bbf3ec7-955dcde6-4b964b17-be049fce-f20e1b09a3901b3c1cd10f87"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bee7e1e4ea04f460-17dcc621-444349ce-ba3a9546-f6d0c99c034ce9943bac5b73"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6905c758d7dcca9a-67e7c811-40c748dd-8ad985db-9d7bb7a52112a4228eeee9b2"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05ad2cfa3fbf2749-26a81fe0-49e14d68-8ec2bb72-90bf5df117df4bc7013ba2f3"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3e49c064f77391e-81183997-4aa34fcd-a1229f3d-8e26d45a8e38591f1394d5ef"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41ae186bdd812aa0-07ed9e49-48c544cc-b17bbae4-5a5f32bc8df81646a4424d1e"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1aef2c23f375161-4b3cc741-42674608-b32585bf-3681ce81d1251fafa1abf0ea"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd9009606c3943f2-de2d507f-481e4e1c-a005b7b4-2427c084259b1004b3f2cab4"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9c18d6b93ee6c9f-85b95eb8-4da341f2-8df9baf2-13ecf751217fe2e2b847e5c6"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f9e56e6678524d4-0d903485-41344042-9dc19a3e-52f7a1dbcfe3e3381e5ee5e2"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c02cbedd24b87e6d-8b274c7c-4be74847-9a478567-af302ac21355c235893f06c5"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9318daa69135c545-0688f070-455b4704-a3ea8874-3a9621074d8afd6d0d85fce7"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b376d64a77603fb5-8ca8cb00-4b7d4d4d-b45f8b49-aad0817641b3b2f5188540ca"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0af637789a18123-ae21b77b-4e6c4969-81a6ba64-2e9fd8938ced4fff85177dbc"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0eaf50e672c9a0b-e3c1acff-465247fb-839890c2-f00a8939cf150854a8d29523"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37ff2b94e26dcec2-cc90f5ae-41004300-9357b821-f6b59dbd2b67a6c85d39839d"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05689439bc5a896f-e3d26633-45df4b60-a1a38818-33ec7c86b0f3f1d93b293111"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3611db81a391d47-3e70ada9-45434ff6-993a86eb-8171fc33af5ca2ff63d60707"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9557e303aaa980a-a28e6c78-48c04e02-899bb921-56d1e23954cf078d7add9e35"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92941bf5358eb81e-9b94fe09-43cf441e-bb7da76f-45eb5b1a11fcd5d00687c853"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef766db965839312-a4aa3e43-465e492a-a22e83ef-869bd718671d46bec4121b22"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="068a5bcc3cd26053-2a3f3dec-48da44be-99ca9b06-04a725975ad3315e92f06370"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a044ecf15f043340-15e8118f-4634451d-86f3a3db-12c48e689f083bc922ddf9aa"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b42cb045d9eea864-c953b09d-41c745c7-8f8e9a78-6c497ab1bb577548f28915e4"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael & LeBlanc, David C. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea20b1e0221a3e81-4db75d28-4a7640ec-b786a5b3-0bb6850204cbb58e2fcc4f3b"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="155f7fafda31f773-00146eb6-4a904acf-9fcbaac6-4075865f315f0f5e3d4f1b73"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="345072eeb7817c47-b0208b1c-486e4e60-b4f8a431-5839388a1fb716c4d2412feb"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2123251ca5a78870-0c039108-4a1545d2-ae0f8ee8-1d49351b245f33769209c9ce"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec7b3fddbe7c9332-015e6aa4-4a144126-a9c7b5da-6fa786cd113a2195e6f078dc"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66cbbc53c400875d-35011c36-411d4a63-910288dd-9f8f8e74a08754ffc2bab6ba"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99e6ebd47a9569ad-29029ddb-4b1e4f49-ace69ea3-a5967c6abcff042fd9223c7a"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8be259c4a338f359-1cf00342-47e745c7-aefbac0c-ea2a0b28ae6b07f76dcff626"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f78465f6283a795e-9c9b7264-467e4b25-9faebc6f-416271318ec028a94d6bb5fa"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36b58bbecd9f2242-7a0e000e-4aad454b-8f949acd-1447004e79083143da2675ec"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e486953bafb6b595-f8deafdd-4d0346f4-b4a2a600-6a3e806b68e7805f01e98539"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f32fd16094fefd9-d75dfed6-4b9345cf-9474bed3-8c2f447d2e6a555291a9e5fb"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb98f1aaaf46689d-fd0be1c5-47494067-bdfa83d1-e238fb1ee0abce470672471d"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27156a5bb94c933d-3295a4f3-4d5b424b-b15db5de-4418a20b492b6b077341d822"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a753ef7faeac83a5-d6332df9-4b2e4543-bc458c73-21a4c0405ddc79d86be02cb2"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41194ef60e422acb-0d8986c7-4be144b0-96bc9df8-69d6a08c7281033a81bc2c9f"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="948d7318c2b13eb0-6e18fe79-4e1041f9-9db8bce1-8f90c4dcc86181b722883915"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6c2d93b2e34970b-a741a169-49554908-b4ca8d23-e8996d6cda3998f1fe20cb9a"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25da55f633384f98-d4f6491e-455b4a84-ad7192cc-79dcc5a9a6c334c6bca31494"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d0ffe5b82e0aabd6-ebc0875e-48844374-97ab8fa5-376f2d1f0c3f438dc9b11550"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e57c0e527f20cd0-de138788-474446f5-87d6a63c-2d0847df384ccfd104a6bf47"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67a7fa8833aa818f-96084bad-4b494012-a8898852-084f1bb105d68e934ab0ed6e"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46fc85fdbcadc275-93f1fc68-44a74516-9463a89f-fdc39be9879b43d98b4371b4"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66e16ed8c2516fdc-238ac098-419d4dc5-9a819358-1c61f02c020f2ef39188d7af"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e27d97517bd6364-a9c2cd53-459e4e08-a4f6ade7-a3a31ad7317a377a8401b9c8"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ba0fd52da9e68e3-dd2c7923-49514e82-b2b48dfd-6c29e2bd936a1a1b050650f2"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d11d5190619cc1e-83ff8b66-4010438a-8e17ac2c-489d84aa6058e37c2128498e"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb61e3e58e23f688-68dec392-4f614d15-bea982c5-e2e9c66dd92a17bdc9968062"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c931ff0633cf582f-e98b9e1b-470340e6-82f88b46-9825c8a2f0ca2c4ec1660a97"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c04ea85642b99a1-2a3fb247-4e0d4404-a0dd9282-ed3fc783afca63c41be83119"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a56ed244614275e8-c03710a8-418741d6-be199d70-d11729bbd38d0a8f2da9dfe5"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c9c01cf2e030bf9-84a65c4c-4b78464e-b6c897b3-64e9b9db777c8ae51146a606"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5c4826db881e9fb-9ffe34a3-432e4f5d-95de89db-ca2f87eb6a73f86cd8931d26"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11.  September 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5277e2bb131f34f7-5b47c75b-47ce48ef-816ab8a0-fa46de69b4b2b49585a8e330"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a5eee1f758ec19cd-fb5dc88f-4bcb45c2-b09abd12-4380e491b2b61ab7631be7f4"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="18d0eec7b1235a43-9a423bcb-4ec04b52-899db247-6bf7459128861b7267297b67"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14bb53261fc2525a-c3ff91e5-4d0449d1-9c12be52-33407dc981590ee21b8c5eb0"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04745cd9874036f3-96ae9394-4e3b4c07-a632a2ca-d452f3efcac43e121655d6fa"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="037f81b10694fc1b-a2b2092c-4da94e57-8935b5b1-aa773ccaab8a6eadee02000b"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa2b78a89584afae-69943c9b-4e0c4733-9efcaa51-91038b49679a7e658acfd835"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9686f94973518da0-f687cbd2-46ab44b9-951eb604-892c455de8fc3670f22e1c24"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c158784cf9fc7da-2ef05584-4af94338-9c5ab161-cab5fe4a56ffbdfc1fab5b64"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84467eea521e3947-c2a0cc90-4ea54457-85a6aacf-f4c52ea0673970d527d4ad28"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8029cf7ca50db340-ab4e9c5c-46f9484f-a6f6b413-07da0e4ad32fc2e18a4f6e1b"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f32287dfc17865bc-e04d269a-41ad491c-b59b9573-7dd3e9b3ee0914a0a2951578"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="107e8b3f1a75fa0f-a29770f8-4f344c75-adc8b704-f5dc6f571498d3594acf608c"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c3525eab7c17922-57a699bd-427e4ff3-90cdba6e-d57849695ffa9c5e587184fd"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="433e71911bc65dfa-5b6e51f5-4a3f4384-9fd9a040-886cf3bf31b0c733037f5395"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9dd476180faa0b4-3c3397dd-433c4a93-9058b613-07b3188e24cd4cc3e9fbc56c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b564fbe2d8caa8fe-c593b060-4fc24cf7-8fd69d72-5b340c5b80f4a8b7d2c820c7"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06cc9602763efe70-7c42faf8-4fe049cb-9f898ac9-a47c7b85a2392ee7f5265bcf"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c41d20493142df40-b7d40de7-4e9f470e-8320b4c0-cd3ec65fc7289cf89a160b0b"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24615e23e618d3a1-fc20ec97-4324487a-b259834d-02a3d25553c7107d033c3db5"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="528ef2287176557b-6a27a645-4a404eb4-ba978b1a-63b87a4f04ce108dc2908696"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53ccef0b10b8b783-2595afd4-471a46d2-812795b0-c23f64abaf91bf0278e87c3d"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efa0f8e3f7d2ae57-253f9ac0-46f74611-84a19a3f-f8a402790557e621014aa53f"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eaa475ba6dd209b1-618b7dd1-41704481-93f88165-d6f6388e50706e05af38022e"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64fffd432857e275-844f4868-49ae44fd-b43ab735-30fc61c60ec046c424881a5a"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="133d74702ee86e9d-8964a3f4-40934e8a-b92181c4-1cf2d4b94bd659dab83aa1de"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="796478d29a958b7e-eaf2239f-45df42e8-9b64a7dd-364d75c500b00bc2f720943f"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching errors early with compile-time assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4838b92cd7ea09d8-f007a749-4ea84c51-9d00b278-dfea64ce265bab252afa1afd"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf0b377f64dd79e6-3c1646af-45d74602-88d7a463-8e377e7d389ab4de6a6023e2"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26fbd5d0ce729886-8b9ee7aa-40e14e25-b8029b38-bfaad9e56b7cd4a957799ce9"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dc23641220df7ea4-0faef9cf-45cb467f-94318536-55dc0c008ba6c8394646ab84"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f29a51cfc8836d80-94e77c64-427e48d9-8b44a8d8-6972ea69507a28654a83eceb"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ba04a41fd96f059-f4874fa6-4cd34283-8b7d8b7a-1ae2dc6c56a9f7059c4c44cf"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa1311fc1d0cf406-a2aaac86-4eac4265-a1329b60-1ba21bd3fd2655aa8ff0a188"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="130f4d412f1842c6-b83abf9f-4a1d4689-a8ea8824-1ee8d31239729367c73ecf53"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e122c76bf153f7d-8e88731f-4b4d4961-914e8397-1e52401061240d56d161ce28"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4111a161bc226448-d1c45bed-41384d09-ae64be8f-fdca0bcd99b0f189602c8955"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0760e49a12fd35a1-475d72f3-474c4f16-8c799d1e-9cfbfbd2a6d44dbb871856b4"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="692ff1987bb3ec1b-fd107d87-467d4549-8a58b4ab-76688cc0849f25cc4ef4356b"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="86db04ff6e490b44-498b673e-4d1e42b4-a4e6899a-49ec9306438ab0228f4e4eff"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d504f05d777aa08e-3485f9e7-40354372-b4398262-d33b843075f9ec967fc0dafc"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78427d0db61ca5f1-e223fa59-418543e1-bddfb745-d96f42e50d7690f1a0cff991"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="785c5060e7bb60d6-13537f08-406e41a9-961193cd-efd239c58dfab57e8eddb5eb"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9866adb49e47e9a9-f21f8620-44ad48ff-a491b056-5d7b7eb91964ae21fe88b0ce"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e47b4e1cc31dec6-978e3471-469f4be3-b3e38a43-c0efcc566254a92dd13f760b"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

...

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d087d2b7900193de-710cec9c-497146cb-8a1f9716-7f7b6d1e9fc9a8f15b6f8df5"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e36e7915aad8d59e-4e3a8d08-42fb4b98-991a86a3-e7124626de23439370a83b5e"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ded8956f29982795-6df37e64-42964106-acb3add3-55d18f471d28090a39031cd6"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19c6fd6655b8ae52-6b8d104f-48c54627-ac94951e-d7bdecdd3a3e41e58d6d8a14"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0cf7ad84c654020-67695daf-487d40e1-bce3af79-1fbb491d02b44b332aacb12b"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f037e3ee48889bc2-511820e4-473d48f0-80c2ab1c-859080451f378ccf8e1e7893"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b215b25040068007-26a864df-4a6143a6-98089938-c0ec4c26c337c37cdff8ca23"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34ee95be805c72b7-f09a6609-49324ce7-be24b529-df3ed57a30a82b5109d9cb31"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c252ea1ff23a4ec0-e0bff3fb-422f438e-b1e08ea8-0777f5b4fe9b026450e982b3"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="97bfe83b92283884-774cd542-4e234df6-aa9697f3-fede5f5352a347dbd7448567"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="981c72dd73a68f81-2fe6635b-42744371-b09782e6-30a5e1dec3a8452b4b6e8345"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b471dba0728f1b4c-1e6bbbf6-44324631-bf0db52b-fc8363e0464c236bc88d5601"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb1b8577ede9555d-aa98d439-42c6495c-a0a9b8bf-a604caaaa7a258209fee4601"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a597bfe43db7b1e4-c3b9fa1b-4e3b4393-8b1cb856-ae890ce234ceca70550a236c"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3cb9751aa5218ce-0699f0e8-40b34d2a-a4c682bf-86618544b9e57406c6b866b0"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9e33b1f6d04baea2-c857303c-4b064543-a8a29184-49d5f00c558ed08049310556"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="031edf931544b135-c960e0ac-47a24e45-a7188b2a-da030ce2280ee783f7bc0c90"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c53abce2f57efc1-46a49b24-49b84a72-89b0ad97-6faea3441364c7583db31bdd"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.