SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 228

changes.mady.by.user Chad Dougherty

Saved on

compared with

New Version 229

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1183628a8bb4b1d7-e625a3ee-431b4e79-99bc8ebf-8cb2c664135a3f588d964569"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="012f857d9fc4697e-579cded4-42ab4cad-9d54995b-eef8a3d15bb63917816ba8d5"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be297d8dcc1cd2a5-e8af01e0-4c5b41d4-8108b8ab-525eb257dc3f89704fb07284"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae3194309522e944-1efac727-4c9b4c2a-bf359fb5-37177507cbd9037d36d6a681"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="217c7453ebd3912e-3260cc18-491f4af5-84dab687-659c50e6394973c4202e00b5"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="349148915a8ad1bf-02b68f53-40e146a5-8e00bcbf-2750914443832a71fe057536"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b35b6a5fd9cd1df2-75d50333-48b148c0-8068a24a-d00f0f81d4bce2451f9c7740"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71f10309c99691cc-74550bcf-46b74fe5-85a78da9-9b724e3ae538212863c610c8"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7b8e5a2d03ba0b7-0fd0584c-49e54df0-a638bdbb-875aa9c90a13df4ec2b1efa8"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f8c1c6932a3de0b-d6c8da37-4d6b4578-a884b28b-8a7da50dca1db6e188e43f8e"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05f2cf7ed78e74fe-c71e3329-448b4263-bfb79f3d-a703403df25eee223d2f9fd7"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d6259190c968022-eadd18a3-4bc34d41-81059f6b-2cedff38b1c42d8cb75ab4e1"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c04f4bd6fdf1b63e-7b35e51a-4652413b-8c0e8ca3-f958a09c4bc141760f440c34"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 02\]&nbsp; Chen, H., Wagner, D., & Dean, D. "Setuid demystified." USENIX Security Symposium, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90da0f5654fcbabf-db3d6711-44194ae6-8a40bc3d-9c755b7826470ebffd2940b0"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5814eded9326e80-4b238082-41c7410a-aa659423-621c725016d38a464cabe5f7"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e7a03527593abf5e-26c91f4f-4bb943a0-8f9a8e61-8a98b642724a0a47116cddf0"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad00dc6f0e984df7-2ae75867-48c34387-98e88feb-ad2454f1b980c1467f7fe95b"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C+\+, C+\+   Standard Template Library|http://www.cppreference.com/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37cbbbac6aa6a1d7-f2b73eb8-457d49ec-ac52881f-92494b56d07b1092dfbab86d"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0fc83a81521d6627-8e5e9470-440940e4-b47cb289-93748b45eb3106396a3343e2"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8fd484d5c4810701-b72c4f9e-4214495e-bb13a674-f7a70a4ee662b731f7995d29"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7189f77ff7e1cb9b-d921f9a0-4dcd4955-8c5f8546-ad7a6175fb65a7c689407c47"><ac:parameter ac:name="">Dowd> DOD 06<5220</ac:parameter></ac:structured-macro>
\[DowdDOD 065220\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errataU.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef4c52df277fefd1-90949e7c-4bd14f63-852f84f3-fe357a2ac10447bb04bf165b"><ac:parameter ac:name="">Drepper>Dowd 06</ac:parameter></ac:structured-macro>
\[DrepperDowd 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006 Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0642f79ccf6d9dd8-fd71f85d-4ad04a3d-a6f6b23e-d7661ccd04a94cfecdcd0f18"><ac:parameter ac:name="">Eckel>Drepper 07<06</ac:parameter></ac:structured-macro>
\[EckelDrepper 0706\] EckelDrepper, BruceUlrich. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7cea4647a21cdccd-f3861ce0-41f34726-b995b8a7-ebd6ce06b8022b4a8667b6d1"><ac:parameter ac:name="">ECTC>Eckel 98<07</ac:parameter></ac:structured-macro>
\[ECTCEckel 9807\] Embedded C+\+ Technical CommitteeEckel, Bruce. [_TheThinking Embeddedin C+\+ ProgrammingVolume Guide Lines2_|http://wwwbruce-eckel.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d16082c6f6ebba09-517db478-4c8c42c9-96e6898f-3b0a643ae8025409092a5947"><ac:parameter ac:name="">Finlay>ECTC 03<98</ac:parameter></ac:structured-macro>
\[FinlayECTC 0398\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="840e2905-f2af-487a-9529-f18a8d4b671a"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbc627040d63ebd0-32f8226c-472d4c15-b60c9cbe-d833b86a4c67d255da1149bb"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 99\] Fisher, David  & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2ab3120392427f7-bbc6e56c-44404697-8daabab0-da19d2265a66dc728c048f0f"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40a691084d3374be-aaab3770-474f4e29-9378842c-ea17b75aebfa24e3d43bcf43"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36a99cbf0b430086-85901d70-40174c3a-99cd9e19-87d83397b0f4e6362fa866ff"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e414adc32c58167-f652744f-428a4ea4-b98486ca-fb6a5daf37cfc073bdcb80dd"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7acdeefc352ae87-d3c41d01-488f4247-9d578c10-fcf9cbe827d0a1f84ee917d9"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6cde3c102210da7-0cce4b96-47694d36-a9a7992c-8ce5075713775525816e649d"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65e1fae38b7183d0-b611eb8b-403140c8-96a39cde-c3228f990ba1f0b64a6d9ee1"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="392ccf2be72507dc-05b055c2-4cb74ec5-a0f4ba72-47afc2261ecc62e0d3c9ea39"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3ce1dd97efe9cee-ae2f3566-4d574b77-b2318939-f121b8c69dc9102b683d7fbd"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 97\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997. Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0cdbbe8a-9a04-4dce-834f-814a607b1183"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="545ba248d5ae4285-5fa1f7ef-4f104b42-b3f5bae5-86379e950067cdda94291c84"><ac:parameter ac:name="">Griffiths>Gutmann 06<96</ac:parameter></ac:structured-macro>
\[GriffithsGutmann 0696\] GriffithsGutmann, AndrewPeter. "[ClutchingSecure atDeletion straws:of WhenData youfrom canMagnetic shiftand the stack pointerSolid-State Memory|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0622120a7f09e5fb-667d4ea5-4bab4d23-a27e89c8-fd0b862465cf2614da719d5a"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="62ddfc9782096ac4-5edc075c-4633499c-b24ba80d-1898411fdd845706faeaf2bb"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4a66fd0d737fcd4-5c5b5f92-40834666-9290b519-5792b32f0b2481cf85608fe3"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="889113103bfc97e4-42d44ff1-43cd4d6e-aa32ac99-e505142db99b3bd2cbd02ce5"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9faf750c51c10df6-01eb193a-41414f94-9679bacc-62d30293744709dcbece2f06"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08d9a34889875be5-1a763e68-42944f34-b00f928b-668e57fb90b3bdb99ec7bf3a"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21a38cbcba4ce111-3b64c5c6-475b4426-8665aff6-b025b378e03efd3364f33792"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c17717311ce84849-da36a1af-444c4499-a9d89530-45ce1260f031ffba991e8e1c"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d05977100b7f0ce8-f239ebbf-43a44abe-a16fa169-326f319e0132160d98a5c8ed"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a6880d94d7961fd-89c32a38-4cb9470a-8c3e8af2-7905f77c295ed7757c5f55c1"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8af5450495f26978-3803386e-40a54c05-86afa115-57551d8588ea6aa6d3ed64fe"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca89d05e5e1c4c0b-8a2cf30a-495946c8-a6ed81ff-8ee2a8f4ab59978f8a65b0a3"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd72f2489e9ef360-6ef9b94f-42254a80-8ee6a99d-722c1665f1706f1fccdf57e1"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3f50ee933f5fc6b-fdaa0def-4f9a4b93-8ada9181-537d7561ad732f85b59b5afe"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a454053f88c7f22c-32f9f4c5-4d4f42e0-af1b82ac-af33052bb0651f9fb2c8a283"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6062add0b482acb0-c8b09ef3-481845aa-ac90b546-2d7a31b7d22782220f1b8e97"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63419f8f04448671-e138e5be-415d4bae-888eadd3-7d615e45b935d89e2e4b985d"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69793f84af40e6bd-581fd82a-4e6e4078-a357b2b9-4d10af364af680d636ca79ad"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0ef2998f72da429-1a00b5e4-44c14eb4-a3649930-359ae5d826a6b05b67b1ea7e"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d112874d3d07aa76-495f3790-4d984d79-972ab114-5549d8985594ea471849b61b"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f24bcb8299e4f9f7-49287163-42354b7d-af1e8393-011272291a28322b049fe9ad"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ec7d3bae7f7cf55-080ddaf3-47a547b9-9cb9b9f4-51f2673a2f0e54596aab3be4"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="100e9c2c360f4aa5-c04c7a92-42f24bea-86468097-19a6e1e92d5fab6f7c066725"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efac7190188f2b2e-4b3d9e34-40744ef8-a5ac8b71-c8e4cc5690c79b8ad7e05f5b"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0134/n0134.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="117462a37664a393-55aa080e-49f1413a-9256a825-3f2397bd707df865f441b047"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2470c94664b951ff-5b8ac2c2-4ebb423b-8201be8e-207cf1ef5c49e87ec5a900d2"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99d14b5442b40a29-2c9c0c3d-4b524cf2-b83d843c-418682387587cb1daec1fc15"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23672806e5a1a14e-e0195116-49fb46a7-9773acf6-7ea0ab5d5f309ab0abd4223e"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd43540e606c95b3-fc1ab969-411d4f58-9ccc9257-b118c8b0e94d77361074b802"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1d5e337e9ffabcb-7d10d55c-4ae24d75-822499b5-0a0ff30dfa3ff945a7e0639c"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07223da343009552-6fed00e1-40b44b6e-890a9415-eaa506aff46c5c59110a27d5"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8a01b6f1c8d04123-eda72646-49fb4c6e-a858ba6f-c0d2ce06e1cff755721b87ea"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="826db01b4303e08b-1ea38a8b-4ddc4514-9e34a47b-71a6117a7c09f77f3ab252e5"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb8695ce818f8fef-171f74e9-4c564855-8803a682-d22cbf2c88d2a0c6b35a1d7c"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06dcc732a159bfb5-5a8be581-47ad4ddf-bd738d34-9d27805d9d8671ef0b03d4ae"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8766cefcee4c51c-044d84b5-480742db-a3219bae-84afb0324402bbea28c0db86"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da9075108858f182-be567d3d-4d0f4c18-bc0bae7e-4fb602ac1564caf5c6327c04"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\] Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ee24f09775369f6-421d9744-44c646f3-bc7bbcf0-666f5f27af8026fb0503be6d"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a63e1dba-f531-4d7d-9943-5391504109cd"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://www.cl.cam.ac.uk/~mgk25/unicode.html],undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f45365cac19bb7c-05a8f9d0-440e421f-871cbeff-60e4389f4c86ed82f22638e0"><ac:parameter ac:name="">Lai>Lewis 06</ac:parameter></ac:structured-macro>
\[LaiLewis 06\] LaiLewis, RayRichard. "[Reading Between the Lines|Security Considerations When Handling Sensitive Data| http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_,secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e19fec9ab632cc28-52cdf676-434a4523-b6d099a3-27e75491e091aecbb8ecf9cf"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], July 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed0f7893ac3ab215-50b1d5e1-436e4169-8a2da471-cff343d726adc45834d8f4a8"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0eb1f89a0f779f6-79575c23-4d084759-bed18008-a2e6cd9da503ede596a131c3"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 00\] Lipson, Howard  & Fisher, David. "Survivability-\--A New Technical and Business Perspective on Security," 33-\--39.- _{-}Proceedings of the 1999 New Security Paradigms Workshop{-}{_}-. Caledon Hills, Ontario, Canada, Sept. 22-\--24, 1999. New York: Association for Computing Machinery, 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1458c447302351e2-64a0ca25-428c407e-b454bb12-af10b1e125e1f95adbedfbf4"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).&nbsp; Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1192ec23a5b60c26-33a2d176-46014ae8-920ea2ca-1785667c8d3da0c13c2894e8"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e7a6bc01052c65b3-22faa6e1-475247e9-8d9781e5-9d8937709cb95c5bd2d15cb9"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11,  September 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98404d20349ba102-13423b1a-4afe4c58-a4d8aab7-2975c34a9d21f40b68198048"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79f84679e9b33ed7-2ebfe78a-4ef64614-8e1cbc17-e929e600a805b2c2e67847da"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e14487661e9776c2-754e1f47-4e4b42bd-be7192c0-b5c6e111fbf33aab84a1b5ac"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db0d25f571095e25-ad51a27f-4e9e4b77-a67797ee-c7244694501b991597431f27"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a2baccfb36ac1e59-c30972f5-43b14cde-bbba8573-5871bc7001b992242ce5ac04"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93221e0a9b2122fc-7d35bd04-40874f9e-8b8eb01a-2b9ca7dedced07061a2afc56"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f7a2f4dea9b28c9-7344280f-44184a9a-ab1ca4ef-8a5db75ecb21f9ae20472e05"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b98f4c6715e8250-c2e2dfe9-43204405-b2b8bd23-d9c5a1a8ecf4da00e1962add"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f402ae1cbee5afef-cae67354-422b441e-a979a97a-1b90a534ef2168943e95fbb7"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd6f323d8aa3e27a-200f3723-4d574a39-9914bfc4-cd52ef66c54692629164aa79"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9ad5c5798d92e36-2726cd4a-4ccd42eb-9ff8932a-1ff3406d4dc6f88fe6b0e14b"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3993982cac50102c-8914cfda-4be1413b-9a6eb8b7-7b7cd6384721f07de89c8af3"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7600a68130cadf6d-bb760bd0-4da64aaf-93368d25-3a14bf948d072065e72ae556"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c15fb7cc0c971b60-fe931052-4b0845e0-933fa911-20ed87fccab3de26b928ba39"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cff9d5466d5a789d-0faa8eac-41f0492b-b609a4df-1696fdfa6dbb78543b5fad24"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7078fbd96f8c0098-6eb166ca-47cf482e-a04194cc-527c9b44c58be7318f5eb914"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c1940553cc0089dc-aafd897e-45be4a49-aed3af08-01a77bbe9f6e86e3f99fc1ca"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b03c319973b0a6d-69057d4b-4dc74aa7-9f80be62-9b12ea1f6aa521326f702316"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73b7dfc2b03a83e3-ffbef36d-4a5a4d4b-a08493f7-bd64a9860a1b515548a2348a"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78e15e5eff8de928-6b14bfe6-42de479d-bd739dd6-b86d105ba3d9425272722c5c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9175971d0dd87bf-5ffd0e5c-4db54a0c-834fa3e6-56e3432594ce237758e8083c"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa83001da84c80ab-9fc3f674-49094dff-b288a80a-6fd1afa86e9f76e2e05ff7dc"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="735b1075012454d1-2b4f2141-41ea4d11-bb96abcc-5933bdff44881f6be5d6280b"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="422d6c5f09a1f6cb-28a40df8-415740cd-adc1bdaa-dd9936c0c8f576a33e642db4"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 04\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58c78770c2880333-8a294317-4efa4f26-8148927f-9dad705bc313f2c54c4c4b6d"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab8be5ca9763b437-f827a649-40284269-aaa4b5c5-3424d022b8695768535e6ffb"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00124fbfc6f57d58-1530e267-467e423f-8635b0b4-774a90e68267d4788c2bf141"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e536bb47e2e8c58-1ff5267e-472a484b-b044b16a-b10798550873cf9d4f4dbd56"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="868e3d2411b63f59-f6c0dc5c-46344fde-bfd79215-1b6844939dd0402d086b0f34"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5edbaba3dca0dd5b-a275b8cc-4435406c-a595bbba-2449aaddf945af72416e105f"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 08\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5d5da9811f1c1c6e-d3d4c6bc-41534ca7-b7408e4d-b265a4fec71d218c31b2baff"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ccdc51b7c8817e2c-41c8f8aa-41f04336-825189ea-dafa843e91b66b02d8ee15d3"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0be33e1f219ee8db-26bb35a9-403a4c31-b3dca3ef-adc5423cef2742083dd48e5f"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7df9699ffe5daa22-0fc61bba-4a134d1c-86e9af2c-e2fda38fc8980ed1a206e838"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee00e1c0a8ecf946-0c74ab30-463240aa-839a9217-84746d3f46ae61680bb8a27b"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6511760cf09342e-86142759-457d4744-b2d0aeac-5e7aeaa5a7a3873ba541fdde"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="caa349bafe90b15b-5b28a863-4bf149e1-8caca5de-2089695cbcd310ff8a910f41"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e333d8410303fc7-a2eeddf7-4b4c4578-9f8398c5-39be0f722c7eda8df2199b31"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5991f986b62973f6-f89a8c30-46db4d63-9eb3b5dc-f05061d002165fd636272788"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da6ef541cb4ea395-46dfa1e4-4ad44a84-ae259e36-cda89a954454399a719f8f1a"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa36ad2f55adab6f-2bda8480-4a9c4742-9ab5af96-0abf87cce1b701ccda6fcb61"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90ad98a633829240-069ab951-459c455d-ba8a820c-d66e116416bc10f9693e45af"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f37ac1934b369d9b-71537732-4fd24448-9263bf40-a97e31012e05e38403e899f8"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e83447d50888df7-76a19151-4fd64063-b9e699b6-5333c1d04223ab7b54438a3b"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f4427ffcb8731a0-32b19d67-44714c5b-909893e2-248c5120d589af4144668883"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4dd00211359f7823-99805337-4f7a4b65-9b9f946a-2f5835cfd4604a8e62521a68"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b0a581de4c881bf-603c9ce2-4d224a68-ba2e9f10-f3cf4976af109035ecd7b285"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95864b346dabcab3-9e3d4cc6-492b42a4-9135b728-ea0282f43f324fd43bf33cdb"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d397011e8e3c140-2ded2da6-43fc40fd-96b7b454-6f8fc850ab24a6ecff7d326b"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_,  November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9f6450b9b96836a-15eb68ae-47ca4f8b-aab78860-18ab09f45d958e2badc646a5"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2cd49d421deeb99-3b73dbe4-48f44dc3-8e37a683-f66614f1ccd42deebc3ec189"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1559a7c9e96e08bd-ac430b8c-4a764ad9-92efa202-818e887e08cf25232fbcdca1"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 07\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5b4e3b2fe5f30d10-3ac52923-44484b8e-b7ca8cca-3c7e14bee76f1b03aa35daa6"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c37396b72d41f709-e6facdf7-469a4448-bd06b88a-83950abd9ba489e15caa1407"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="314b081c56e49e95-fa1d2b1a-4eac43d0-b53fb3f2-ee040e99bfa408731b9aafb8"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff93428dceaa9c82-a19e69d4-4c634e10-99d7978a-152d835f9a211bf7379162a5"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7605c90ad10be0b-6efb578e-41724a8d-bfae80b9-3271f3d3d3ce211d3615c7af"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="347c78a674aafc78-9dd5a4cf-4ece47a0-81e589e9-5b2d0ddadfc79fc533a0c6de"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60576771eb539063-d52e828d-4ecf4a06-9d63aaf3-28724a959379875fe8b8cc0f"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="925b8a482857c5cf-c8975bca-4f8b4496-aab38814-7571c8accc70657c8ea5068d"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 04\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b072ba10189c803-a95cc61f-4c0a490b-ba2a86e9-ffcbfe91b4b6d39aa5067485"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ) FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c36a2076-5b52-48d9-8bef-235a589f14a7"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 06\] van Sprundel, Ilja. [Unusualbugs|http://wwwilja.stacknetric.nlorg/~marcovfiles/buildfaqUnusual%20bugs.pdf], January 29, 2007.2006.&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24f3b7dea0d7634a-b0d44401-4b2f4df3-8fc9973a-c8667b13c6b5f1f2e92ec155"><ac:parameter ac:name="">van>Viega Sprundel06<01</ac:parameter></ac:structured-macro>
\[vanViega Sprundel 0601\] van SprundelViega, IljaJohn. [UnusualbugsProtecting Sensitive Data in Memory|http://iljawww.netriccgisecurity.orgcom/files/Unusual%20bugs.pdflib/protecting-sensitive-data.html], 2006.&nbsp;February 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbf8c2e93dcc0c84-f36a2967-49e74a9d-bc1081bc-2b5e4fd77621c82d5565974f"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5a9e30b786e63cf-bc8f9f75-4a624cbc-844c8972-1f57501b581c2e1a2da9e0cb"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff86fea1170d7522-ea4620bb-41084b86-ac4585ff-1dbb206f5e06fcb47e97a9d1"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="435939636b2309c6-0fb03554-47dd4d70-8b24b133-f05e79c578914b3ea6584b34"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82bed0cc3d46c68b-bc67171a-435e4b60-b9b684b2-48f7870f19ebf4339e120508"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28913eb0cf9ac37f-0ac812ce-464449c5-be17852e-58b4ce28423afc6852c60e0a"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="437799e76112078a-d3c15779-44f444ca-89778794-65bb054a2bb610a6c216f16a"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43ea4422ed5f52ad-57f8e47a-4baa49f8-8cb4891d-bfa32b9a6d4d68ae08fad3fd"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c199d062c249706-80c13108-45094122-af599d30-7b885e0d53e4f3f227b2e3d2"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f55dd4e6d1726bba-4207454d-4c4340e3-b32d923a-2021f4dd70f18fc4e6ca9dd3"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8976ef6c80fa2fde-26eb3465-445848e8-b10a97e2-453d01a5d8ddb3e8e0f03604"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb102fdb67f53dfa-8c2ad0c1-4272492b-a6208428-7c61dba0ddf9cf894ce08cdf"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74df807d8d8f00b0-b1977a92-4dfa4280-a6ae8df4-94baaa3a3ad964f6ee2b90bb"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e308b124c05ea1e3-7b850c05-433f49fc-b37ab036-00f3bb7260975bb6e088c10f"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02de6d789e630800-9f1dacd4-4ec846da-b189bc7b-c1ff08fe99391573d0806934"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5cc242e7e1cd4b1b-003b39d3-47cc41de-b712a7a5-e4d6709eca52189c50444adf"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4fc97e4425b6f0d-5a2f30a5-4ee14e79-b719b95e-7239e5b10acd620579a05869"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e6075763bb36b67-c0767507-4704419e-8721a0f6-4f692929f7ea8a13e3af70e5"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5d683d833d52172-4cf94bf9-40304e52-a3938095-af1caed5ed03a7cbe91c9946"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="513c4e332a17a937-91abb6cf-48f54619-914692e7-1e1bb354e72eab169ef1df17"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b17b8d11218e164-ef800f69-4601475a-9860aaa7-d38a93ac0710cfe68a8622a0"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce10c7b182036105-c2168e1c-4597430b-a3bbb15e-9ef869cb190925b2fc5e54c1"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.