Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de7613ca083a452b-9832873f-40ab4c1a-88c8b6ca-ca234b9cfdb409aa267a81fe"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May, 2006. 

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1cb60d9b784266b4-8dce3aa0-49a04126-89bbaf6b-2f7d691df752eead85307f37"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bfd58476b3a3d088-b7b933b0-49b041b1-ad2d869f-f2bcfdd453e8c9ea7fe9160e"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B.; Pawlowski, B.; & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt] (June 1995).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70af058ce348c7e8-07ed63cf-4b684880-ab4c8937-df9c0146a7dc61249762c796"><ac:parameter ac:name="">CERT 06<06a</ac:parameter></ac:structured-macro>
\[CERT 0606a\] CERT/CC. [Managed String Library|See [http://www.cert.org/secure-coding/managedstringstats/cert_stats.html] (2006)for current statistics.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c1b9c6c12173868-65f38e85-4516470f-9ced9de7-5cee5f53fb8a98e762763c27"><ac:parameter ac:name="">Dewhurst>CERT 02<06b</ac:parameter></ac:structured-macro>
\[DewhurstCERT 0206b\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="39a783909ee36b2d-9b7d6050-49d14736-b6c7a7aa-7dfbf8f7a90e9c9719067185"><ac:parameter ac:name="">Dowd>CERT 06<06c</ac:parameter></ac:structured-macro>
\[DowdCERT 0606c\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f9173b01afa54bf-7a0de46e-4cbe4cb2-8daa85d3-19636eb78ed8803806f6bace"><ac:parameter ac:name="">FSF>DHS 05<06</ac:parameter></ac:structured-macro>
\[FSFDHS 0506\] Free Software FoundationDHS. [GCCBuild onlineSecurity documentationIn|httphttps://gccbuildsecurityin.gnuus-cert.orggov/onlinedocs] (2005)web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="837b71c7a24a5c6e-514a2bc4-4f6f4751-9e4abdab-ddbe09294a7ea7b26161263d"><ac:parameter ac:name="">Graf>Dowd 03<06</ac:parameter></ac:structured-macro>
\[GraffDowd 0306\] GraffDowd, Mark G. M.; McDonald, J.; & Van WykSchuh, Kenneth RJ. _Secure CodingThe Art of Software Security Assessment: PrinciplesIdentifying and Preventing Software PracticesVulnerabilities_. CambridgeBoston, MA: O'ReillyAddison-Wesley, 20032006. (ISBN 0596002424).See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a530b37f75cf109d-21535aea-482a4a61-8f3dbef8-265c9987ac9c41645cba3104"><ac:parameter ac:name="">Griffiths>Drepper 06</ac:parameter></ac:structured-macro>
\[GriffithsDrepper 06\] GriffithsDrepper, AndrewUlrich. "[Clutching at straws: When you can shift the stack pointer[Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://felinemenacepeople.redhat.orgcom/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;drepper/defprogramming.pdf] May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e35ce99a02043fb5-2e0e582f-4f494019-9e319208-a80f959f45ad834860c6415d"><ac:parameter ac:name="">Haddad>FSF 05</ac:parameter></ac:structured-macro>
\[HaddadFSF 05\] Haddad, IbrahimFree Software Foundation. "Secure[GCC Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.online documentation|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0ea65e03033d5f7-fbc871b2-48f348aa-858ca1bb-b1836455ab1ecdac3966dbaa"><ac:parameter ac:name="">HP>Griffiths 03<06</ac:parameter></ac:structured-macro>
\[HPGriffiths 0306\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing AttacksGriffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea25eccb8e76d9c2-bdf61a58-4f764d94-aea69e6e-d12b491c1f20d14fc2690b4d"><ac:parameter ac:name="">ilja>Haddad 06<05</ac:parameter></ac:structured-macro>
\[iljaHaddad 0605\] iljaHaddad, Ibrahim. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa8846b00e6b4f73-4a64bb6a-4db24d70-bbe3b0a8-64332d6cb795ee5715c5a42f"><ac:parameter ac:name="">ISO/IEC 9899-1999<>Hatton 95</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999Hatton 95\] ISO/IEC 9899-1999Hatton, Les. _Programming Languages --- C, Second Edition_. Geneva, Switzerland: International Organization for Standardization, 1999.Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f8d50f9b92e0d66-97ad016f-4b9d4e1f-835a87a2-cd152a3923e57d2a0e348857"><ac:parameter ac:name="">ISO/IEC TR 24731-2006<>ilja 06</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-2006ilja 06\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c4dd255394a70d1-7734b6c5-46114c83-988da475-cd2a1b662e5d82455db39c88"><ac:parameter ac:name="">Kennaway 00<>ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[Kennaway 00ISO/IEC 9899-1999\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3] (December 2000)ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_. Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3bd586bd1c184576-3ab29063-4862486d-afdaa23a-158eab76c81221dfac323086"><ac:parameter ac:name="">Kerrighan>ISO/IEC 88<03</ac:parameter></ac:structured-macro>
\[KerrighanISO/IEC 8803\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988[Rationale for International Standard --- Programming Languages --- C, Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5b365e64cc38959c-d9131985-43464317-870eaf4a-a8c72e0ebedceebd09320576"><ac:parameter ac:name="">Klein>Kennaway 02<00</ac:parameter></ac:structured-macro>
\[KleinKennaway 0200\] KleinKennaway, JackKris. [_Bullet Proof Integer Input Using strtol()_|httpRe: /tmp topic|http://homelwn.att.net/~jackklein2000/c1221/codea/strtolsec-tmp.htmlphp3] (2002December 2000).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffd9f35f062c6c7b-213dfdb8-48c04bb0-90d98958-4f54b8b7108b479ff9397867"><ac:parameter ac:name="">Lai>Kerrighan 06<88</ac:parameter></ac:structured-macro>
\[LaiKerrighan 0688\] LaiKerrighan, RayB. W. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006& Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6ccc70f24e27ac4-c9eb7ef8-420241c8-b1e0b989-a7590fc16147a7f564f7527e"><ac:parameter ac:name="">Lions>Kettle 96<02</ac:parameter></ac:structured-macro>
\[LionsKettlewell 9602\] LionsKettlewell, J. LRichard. [ARIANE_C 5 Flight 501 Failure ReportLanguage Gotchas_|http://enwww.wikisourcegreenend.org.uk/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff80dcb48958ec61-c4654807-4b0f4344-81b5a4c1-c62ee484d671d7338e29cd5f"><ac:parameter ac:name="">mercy<>Kettle 03</ac:parameter></ac:structured-macro>
\[mercyKettlewell 03\] Kettlewell, mercyRichard. [_ExploitingInline UninitializedFunctions DataIn C_|http://www.felinemenacegreenend.org/papers/UBehavior.zip.uk/rjk/2003/03/inline.html] (JanuaryMarch 20062003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77813286c2b2befe-b39d1c81-41414390-b845b358-c31976cd4df2912b7538348e"><ac:parameter ac:name="">MISRA>Klein 04<02</ac:parameter></ac:structured-macro>
\[MISRAKlein 0402\] MIRAKlein, LimitedJack. "[MISRA C[_Bullet Proof Integer Input Using strtol()_|http://wwwhome.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b3914983a8b494b-eaa3f1f7-419f4754-a6238e3d-2c6f05fb896ae9288edb6c40"><ac:parameter ac:name="">NASA-GB-1740.13<>Lai 06</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13Lai 06\] NASALai, Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_Ray. "[Reading Between the Lines|http://pbmaundeadly.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be3076a1f8d70531-b2887557-472e47ac-91ada296-484c10c5da296182856e3540"><ac:parameter ac:name="">Open Group 97<>mercy</ac:parameter></ac:structured-macro>
\[Open Group 97mercy\] The Open Groupmercy. [_TheExploiting Single UNIX® Specification, Version 2Uninitialized Data_|http://www.opengroupfelinemenace.org/onlinepubspapers/7990989775/tocUBehavior.htmzip] (1997January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aed1e43a537cde3e-0c7c2147-44c54cb0-a899b741-059e2c99755591ae4b03340f"><ac:parameter ac:name="">Open>MISRA Group 97b<04</ac:parameter></ac:structured-macro>
\[OpenMISRA Group 97b04\] TheMIRA Open GroupLimited. "[_Go Solo 2 - The Authorized Guide to Version 2 MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the SingleC UNIX Specification_|http://www.unix.org/whitepapers/64bit.html] (May 1997).Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93e8602e255d7503-a55c714e-4f78470f-8d068efa-7d19e92edf2ec49db20b0e7f"><ac:parameter ac:name="">Open Group 04<>NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEENASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_TheNASA OpenSoftware Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|Safety Guidebook_|http://wwwpbma.opengroup.org/onlinepubs/009695399/toc.htm] (2004nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1c89f2ab939a1bc-9c8c36ba-45a543ee-98f99200-532be2d6af9396c0a874b10d"><ac:parameter ac:name="">Plum>NIST 89<06</ac:parameter></ac:structured-macro>
\[PlumNIST 8906\] Plum, Thomas, & Saks, DanNIST. [_CSAMATE Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c0ed5f3b58c74d5-60d1baa9-49fb472d-8e17b625-435c800ad3e30bb9bad043f8"><ac:parameter ac:name="">Plum>NIST 91<06b</ac:parameter></ac:structured-macro>
\[PlumNIST 9106b\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104)NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a812b57f5605f91-ee7f9c24-440f44b4-93449dbc-b3f912c17aebe8fbb3377d6e"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1799d462f51c4cea-581ebe59-477443e0-aa9a93d7-119c0ae3da590e933bc125f6"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="450f340be3225c56-5ef99804-45854015-828ea9e2-590954798df142e906ed94d0"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4099dbd7656bd341-8dd74701-44684e96-ae0082e2-d20974487a3320eba0f9c7a9"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bad99e5478686da3-82d5a550-455b489d-91ee8375-8ff0e2f43ec9c1dbe4d298d9"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42dbe0e26a3348e2-6d7764f9-4e154e50-90af95c2-8554da33e7359cc4ca0de190"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9805a9698045bc97-efab53c9-491247fa-86dda3d3-76b8a705004446a8f0541142"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf] (January 29, 2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7bc7afb00ca69a8f-b7d947e3-41a14ffb-99e5933f-8d56c18a02b91e2444a3f3e2"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb0581ce3810e079-280b4a33-441b4e5a-a6ebbbff-dc8e88e733420dd75b13251c"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2993086aec90dbe1-65c67ad3-45e84243-8346b7e3-66a76b3d974a290516f3a20e"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9182dfd3505ab7b2-662f4672-421f4360-bf7da697-510538e42d5c56f2f014d9f4"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce2e7b4f4254a784-d8ca2780-465745ed-8427aa1a-74b6366548adb0a12e82f12b"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e057db1c7ef0804-76921226-4e8045d9-83bd8fc7-a535e22dad6158b102d3724b"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9d436f796074c8d-9d388513-4a4a419e-bd1b98ac-a46a016a2cc6f10115094b3f"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a22203bf094a38ec-84052b36-428d497b-94d48c5d-484f1cdd4893d5dbab36ff28"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010 |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/] (March 2003).