Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6321d1b6fa07b83d-ee9a0528-42f747ea-ae778996-6acef6e5b191e8d136e0cf75"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb114dd17da9e24b-ab50cbe1-4f034cb0-979fad49-7d4d2e69559a585bf82e145e"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology \-\- Portable Operating System Interface (POSIX®) --Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc. New York, NY 10016-5997, USA.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0335addf16d1c225-afc62083-46f944dc-b72a8f5a-c1727c960325bc247dc76863"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9cc6ecac97cc2ec-cbf4f0cd-41a14797-94ae8dc6-9436f17e2c2fbad1e48e80ac"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38d3ce6b70341c7a-043f6682-406f490b-81edad0a-b6f84c75d5df00ddc79f93d8"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete Becker. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a245ee482e4deeb-c632a779-41ac4ead-905293c4-5e48284594e54526dd20f256"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58ca2af033eacc11-a6a1cbce-478b4ec3-a69081fe-4739d1aa7805100158b8db71"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25f7049aab07a70a-419b2031-43f8446f-808db48d-216177041536e86c415d0bc4"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca002423f0847966-374aa37c-4eaf4746-8e89977e-0fb6d19cd274daf661c45153"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1110a626b1fd5426-002a52da-435b460c-9ffc86c6-3e35c6e2cfe27e7500de1544"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8e193b2eca7825c-3fb1b9be-48fa4367-bd89b940-b5889de6c26a57004fa645aa"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4395e67647281eb-e1fe919d-4f764ce3-adcaa081-64b4018c7742314254a3c8ea"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," 24 November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e20c1509d16733d2-3c0d0aa8-471e461a-a607a83a-051b33e097d9cd1ce1248f11"><ac:parameter ac:name="">Dewhurst 03<02</ac:parameter></ac:structured-macro>
\[Dewhurst 0302\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff3c1445b3f1bddd-9f97721f-47664117-a92e988b-8828006d11fdfefbc909b1b0"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c98c44ddde88de80-a259a885-4ec94832-81a29673-b89353920458c67879d4043f"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="682c0865928574a6-184b5e82-4e224307-96e38992-ba8442871c76ebb375b7ff1c"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3245ed64f8d9757c-9938fa73-4b034aad-8d4a9b1f-e24bb028a4bf5139ce1d46de"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04cb9abed3a94b46-798d1537-48274214-ba05adbe-943582c15a635ddb549682df"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="056d5e6b7ef73c4a-6257d37e-42334acd-a431ad67-a18c2faccb6db5f050afff89"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f48c57232d8d45fb-ea644c23-464847b0-8c2ea868-2a0f98806ed0f966c85f34e2"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b925c53d7e0c9239-bc94adc1-42904e06-8dd8b9c3-bde836e79e959c68194cad65"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9dac36bc125f0f5f-08763dd0-4db244ef-b0b583a3-c43ca139bb86434765f3bd0b"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f636d55cc23f4d4-ce6bb90c-4d704520-ba7bbc6c-70216da640f65d948ad1f2f3"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="899e381e0eef60e7-0945d913-49504c72-b87d8812-7162c5f03084da8bdd218554"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32dbcf296d8e6a5c-3e199ae4-486f4213-8efc8af7-dadb1c881aff0528927e1a8c"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="633bdfe693351de5-a0482575-47844e26-8f329b21-928a6c45802ed5cb1370b206"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9c74b11cb9291ff-d369525e-49384365-98e9beee-cad83a21c830bca71f47a8f2"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9b0b0b4d7f45927-29ecfde2-45174f63-86fbb409-0074f93963f354ca84df5add"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ddd9a3b1ce7c698-23c22362-4d354ecd-9024a1dc-a93b48a8b5ba3c10937d2323"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed70a7a330f0d2a4-a7ef22fe-477149fd-ae75a448-e0612aebb56f84916dcd3a46"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="168c3bef17b491ea-f980fc1b-4dde4125-8f69a3f9-94b92f0e433cdeb62de53042"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael & HowardLeBlanc, David C. LeBlanc. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press; 2 Sub edition, December, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9d00d6ac8b92f87-08b8c879-4afc4c35-bdff9c8d-70e59026b5db0fde9512489b"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67eb04a9932c8b04-bee56220-43884f2e-bd2fbca3-d16250917612d611988dd6df"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45e7d1d5c12c7df1-b90f8759-4d1c4945-8a3ba4ef-ff0ada5715347f74a2bf5ef5"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4106a51aacc1baa0-139c88cb-459f465b-bb829ab6-14284a34befa4851739a126e"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology._, September, 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32dd652560835e73-f5b927e2-4aed4fc6-a5339dda-fd0f174cef0890c74a19b207"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff7a259a23235394-56a1ebc1-454b42a4-8d4f82a3-b5952f49e723d424e9dd2898"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbe30375ff5daca4-a256f8df-495d4831-8abca70a-03a7e45a7e4a5cde00ae7108"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="798752cd509201ef-d502bf02-4de64698-a74db54a-9115d1057cd59b1a24c5fc15"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society (2000). [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9338508cecdececa-b9327956-460f4aa0-8b3aabd1-5018e402f4ff76bde842d67d"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3065bb5aedbb1063-e6628217-40f840f4-b848a27f-6fc8179c5991299a828cd596"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffa71fd800f21f58-1c9f0392-4f9c4f27-a3d7a17a-0d1c9902c7b30b949e0988dd"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6b6adfc7298a3a53-be27d84c-4faa4e02-93b6b04c-708c3a98f430206916d0d4e4"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9809b55c5fb88965-833ba0bc-48b243ae-ad00bc7c-7b67ceeec584962fae3a5856"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d41c8f59dd359fe1-644191fd-40df4b06-bf09a9ff-c938c49c5f4e84f06807818b"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4feafc2838a46a1-4e95c2c9-4e1740e1-bce7966a-d5b3e463043856b1053c50b9"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd58a06df42807c1-da9ba717-47c54dca-a42e9117-1342d39fd2b1bc8bbf6535b5"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27cabcd3a81a25c8-3097aeb5-420a4cd8-b91a871c-95b6720f60fe90a0dd266e0c"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8824bfab8fa2bbe7-0a44142f-446b49ff-966ea4dc-8816e5ac91afc80806963043"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a051f639b1af30a-cda981ce-4b684899-8dc28fad-fbc409bd18300ef5f5421751"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ccf0b8aabf694ad1-63353b0d-46e941a3-9c88a725-0d8673bacea1838cd3c732ee"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc8c7f03991ea164-c0a58e54-4b8f4768-92308deb-1f164abd67aa5fafe7ea5290"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be1ded068242f541-622edb7c-4f58485a-9c0fb6ff-93b614da0ae48c0b4d74ee79"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14d20cc6c52ca0f6-ebf28f7a-41b04eb9-a72cb2d1-d8983d977d9bd065c25b9108"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d62e79b08a3d7c5-92b2c9eb-49754227-a55497c7-16003ade5e132e77f1376f36"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Ulla Kirch-Prinz, Ulla Peter& Prinz, Peter. _C Pocket Reference_.  O'Reilly, November 2002, (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2195f6d8b7d87ff1-07416e3e-44bf411b-a8e4a8fd-e51ea641cf1af21fae5289a5"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., KlarerMaddock, J., MaddockDawes, B. & DawesHinnant, and H. Hinnant. "Proposal to Add Static Assertions to the Core Language (Revision 3)." (ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004). This document is available online Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b3ce85b7e2a5587-b50294fb-4d924f34-8524ae83-65b5624dbeb8a67dbe7fc2cd"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b77c0efb0fda8ede-ffec68ff-4224493a-b7b899c8-5df3783cc34f80c6a37b1e82"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Koenig,  Andrew Koenig. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="273c3b3bf335b190-f474574f-4f4148c0-9fa98fc7-743154a96e92a964b885481e"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd624b85bfbb99f5-5068ea57-40cc4f6e-ac82bca8-e7061db5411018017f69a993"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7acc6c4509a46818-6ad6176f-4da94bc1-a3389722-4e22dec835010fdb376a014c"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0d3459cd6698657-8294d312-4d674bcc-ba65a0f3-f2e726a8e040d59f5e95d639"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1830de272c766f37-83bcd7fb-493d4c9f-96cb9fc6-07c8ddce53cbad2b8082607a"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d57aef7f599e4a2-236620d4-43724d5f-b92ea02a-9d431632228ab0c2548edec1"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, LoosemoreStallman, Richard M., StallmanMcGrath, Roland, McGrathOram, Andrew, Oram& Drepper, and Ulrich Drepper. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/]., Edition 0.11.  September, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="022ac7073a987b51-cd341dfa-477e41f6-a7ecb34e-bb0de1dbdc86d5e8048db018"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc5a7e6c560881ec-d38ae8a8-420f4a33-98f2b8ce-d71f9962893a65f27e149684"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d78526889842524-94e70b32-4eda4db6-89bc8679-6f81609426276c5fe3824de0"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1779de65557dd09-da9a5951-47454efd-8ab3b582-b12624224d8ffb3afe2795d8"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="363931d4679d649a-4892d6f3-4cca4aaa-b0b88444-e90a82f037c51edb32937190"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc8ab03534720579-a0e1b3c0-4c974901-bc288522-5b3be51693a51bfd421b8c34"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02e20dfe665c9ee0-5a683c29-43504fbe-89219161-6b31be1af7b50922a0e534d3"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb2bc7ebae2db663-83a1bf0c-420c433c-9edd8ef2-67c4a9432f2381acc134baea"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5be16fb586449362-067660c6-4fa549a2-b977b934-97c92750fd0d139d8ed572c0"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. Murenin. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60604675ceca700e-1dddf880-467b4763-b0cdb88a-c9ac7f88f82577145bd566ca"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3294707171030320-2513d76e-404c4a05-b5b8862f-66cf0cc4383d8b538cd8480f"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="150f3132b0aff119-0808e772-43d54218-b104a4d3-81feb56fce9e23f22a13f711"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93ae8f424522d8c1-9e6fff06-4860485b-b08790f4-4386bf491f070988b6438de3"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60837bd62200cf59-7588fa1f-41de4a99-99ab8eaa-a9d20dd61332c8191ddca634"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5129d3a1f05ade49-ec304436-433348fd-aebbbf5f-ca2a2e9f8682086bb1ae099c"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3718a5113873a2c-378fbc03-468242dd-83c6b473-14f2d57bd3d580f2fa2db4c9"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87349ba0c77a2770-ecbdfcc8-4d0e46b3-b69daf08-cc3051423b304b6086491a53"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="331fc7d87c2c113d-38b66570-4a744655-a6d38674-89cd6befb3008aba21aaa7e2"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f280d33054b570b6-16fe3c51-413b4980-9b9dbcb4-0bbbcd51fce13f6245a0eab2"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b86b58502ec0e856-8e0aa344-4a8f452f-ab28afe8-4ba4d2015cc24a02a24c43fe"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ec9d8b37dd7fc75-99c0588b-4ee5434c-bd11b61d-a1db2192a25d3c611e48a62b"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="250f5f4db36f7b73-9693c063-4fe44262-b0688010-546b7e8bb04d7f04d4ff0e75"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5916d72124f0cc1b-8ec74be1-4a304b81-9dab8dcf-051e4563752f63358a83ab36"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74a484df094d0d68-be7090ad-46354685-9481ae79-e4acec19c0428b2621c14a95"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a5df1828e89dbcd-136d3a7a-440f46ec-b900a2e2-80dca5c6eb2499725bc0bc33"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7094393389653ec0-ae3cc830-400941ab-8773a059-e1f9cba0f79fb0e589916e90"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="75cdcc6f829f9989-3ac83b73-46dd4ad6-bee0b9b7-f1077b0a45c2b8a02d14cbc1"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan Saks. "[Catching errors early with compile-time assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc1c71cfadc1e4c5-a740d231-426a47f8-8c07b917-4b21915a95cc57529c712f96"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77b6c7480b74cc34-b5f02afa-40b043ea-8a05a11a-90660ce135ce9226a32bb797"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan & andDewhurst, Stephen C. Dewhurst. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f5d97946954804b-e630616e-4ed74678-974db282-8d4276e4adf77edffadb8d1b"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, WagnerMorrison, D., MorrisonWest, G., WestLin, J., & LinTu, J. Wei Tu. _"Model checking an entire Linux distribution for security violations_." Published in proceedings _Proceedings of the 21st Annual Computer Security Applications Conference_,  December 2005 (ISSN: 1063-9527; ISBN: 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12ef50a74e1cdced-d855d31b-4aec4cc4-9a0faeb0-98d2f14ad65996ba8de030d4"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., SeacordPlakosh, Daniel, & PlakoshLewis, Grace A. Lewis. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aae50340e8441dc2-8bb9ce2d-4c87489a-8f13b653-4cf280d689a31381a11f81bc"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1788f6c3e6ec2f32-dbe330b8-45d64f2a-af21ba11-cc5273e269bbeda707eb88ed"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert RC. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abf8528bb9b08f4c-bc8caf46-4fa047e7-9c70b535-36d015b8a09e449260ab3a94"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, RRobert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81b28f574ac70b74-9c2e44cb-461b40f9-a2c98745-1cb1017494c178e09d14fe89"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. Seacord. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b22f14d5557b2810-1cffb6b8-47c2455b-927b8dd1-883c893d02d240460e35484a"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8cbd532863dbcb7-dacfd4f2-49e24042-9c58b85d-f0036f2937748bb3d9d9f302"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfc2ce4a48703aab-d17db8ee-4d9d4fbb-906dab75-5acdad3229ba4073723eb1e7"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, SlossSymes, Dominic, & SymesWright, Chris Wright. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745.; ISBN-13: 978-1558608740. (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27e6c81e0f758613-521f1e56-45994492-89bb93dc-b418a8c70e348f63f9636801"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63cf8353ad74d852-8e9c730b-4a4542ca-89a7890c-bffa75c52e179d6813c86d23"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. 1977. "[Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (Nov.November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="227c22c15bdea641-65ef3100-4d3740dc-b70abb97-9889129ee8a02bb55ec792da"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="097f069120ed557d-967cf20d-4cde4715-a38c98da-ea8393bfd5f6af242f9d87ca"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba6db2e416faf922-a173b8ef-4162411c-a9449b11-048c71e98e4363b37b55d635"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53205bebf735aaf9-6c35edb1-42ce4466-83e4bef7-b88ca65090f4b3290be0c535"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="759769a0eeedbff2-4afa5394-4f2f4ae1-88128c2b-cff74ea6bfb1c4631454e07f"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfe312662de62264-a14c486f-48394866-ab7ab528-68108d5f4e2f6acd46d4e17a"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73a33b2bd28e7988-b095e99b-489b48d4-aa8bacd4-2eb28352cc14df3002b0f69a"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3eca7af070c8c94f-1eb4ad5a-4dd3420d-8e4eaa0e-0f4ee1ab788439d0c8407683"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d31e88692e0e8773-52d824ff-4c1041d9-8c94981a-3cd5d1ecf6274fa79a8cee30"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dad135f2c1178047-8948406b-478c48e3-96b69b27-b965956f6b482c04827bed20"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0138e92e4c5ce6be-f58d9b4b-4ff84362-941a926f-dfc5efff134fca2bde883e1d"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff38538318971f28-2326c9c5-40b742d8-8dee9b25-88ed81c57708f655ebc2e94d"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efd48f65c26b68f3-505c841d-4267442c-9ec0a8e9-1c4f0082eb8fdfa219e8b4f1"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="855323c3fcd44205-15148417-46ee44d0-9b508ffd-079c64f81d68eac8573f211c"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="001b9f7a7f44e431-998e50cb-47e74eb6-a545aaaf-e61abd33ce091884fa3ae9a7"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6143636d0ed6754-5585725a-449941a1-a641a5e9-4ea5ce6613eb5b9bea433e66"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Rafail;Havrilla, Jeffrey S. Havrilla.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a742a6ec92db662-8cffd476-4b9f4c60-b980a560-0a8d9a61499f901e6b0fd941"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c1aebf436584bec-41b3af6e-4ba34168-9015990c-bdc8f4f7e1f9680f198b6eb6"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="003d6d23160aab01-8d380fbe-45ad43db-9a2aac6e-2005106368f176058f8a8c83"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7b8c8b702d1ed8d-054718c7-41e0414c-af20ab1b-2b36356aed7f9c54778d487c"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c122e46f745c0a5-ef2c1415-41654f05-8c6bafa4-5c5233e3f5654ff6a980b7c7"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d0149373972f369-79d1aa7b-453b404d-b82d9ced-4b49674dbf2e503f4b86c0a4"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="925eb293c3e372b0-e0e19793-459b468b-8041a3e6-f697d7bb67a937de54ea3f9c"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal Zalewski. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May, 2001.