Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7543dd7e33cf243-9cd1d1e3-4ab84f1e-92919f60-e99306cbcf60fa4c86f236ee"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46c7f75b821e8539-4e770cbe-418c474a-bf72b219-3cb47d9b5890f5965b21bd17"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a57328849d7a1670-45680efb-4965431a-b71587ff-f608eeeedfec23398a66e724"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba8e4e64ff88d555-2bd6652b-48204a28-bfb1be57-968e67bb17ce615361e32d87"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f32d67afc77ec0c5-1d75e5cc-41184abf-8c2d914a-ede662f16664db7dc2d30a7e"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="728082fc5455bed9-6548da88-40b04de8-92c6b649-2cfced6462e1afc7b8a2cfec"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="097cf15006a17934-a508461a-4280409d-a90dbcd3-8025a05fb9363a51fcbeccc1"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0ca11318c1fe97a-75feeb0e-410548af-bfab83ea-fc917f15c0a38782585b990d"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efea1aa1a949d179-627c859a-4d524476-94ea9423-50d92fe070507e717b8d45ed"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bfe67067e9bea78a-08642a39-40404513-b664a673-a0da891e720dad6489e98001"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a420b0d49593290-f6f97826-49ea4390-94fba05e-733d7f5d185ba0c2c43a2e8d"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8caea50c02e3fc95-23483c6b-4f2a4419-bb9e9e1b-db51bbcc8d7e2f76bc16f5f0"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff6d3973037b93a3-2909b970-441d41f8-80d39da8-23614c9e63ed31f1056c86b8"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9a49f9e200decd2-093f95a6-4b754e2d-b80fb259-3d54666ccc449d9e029e9f8b"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b11f325c7faf891a-3a872a01-45804f18-b187b677-2f34e312ab64d241cb2d405c"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbe0c8515c934f7e-518d098c-4d8a441b-a05592da-6ca8b8a1ea73faf9ea743b9b"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ddc65a6720e8ae58-d8aef8a2-408d4ac2-8807b47f-8566cb364f0500b03e264288"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c46a18997a7b2fd3-3a4b5abf-45d74c6e-88cda70f-6cd5dedb8604ba5b5cf520ae"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19d668ccf6ea6a1b-0972f609-42ec4fe9-9da98fd6-aa43aa2cf6a30209bc5b885d"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10e09badcd4c62c3-99194bc3-475947ea-b892991b-21aef76d6f87809e595ec750"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51abc3c4f47451a3-20591e5c-485f4b2a-9cdc9fc1-e4054aeb28be60b43b2e5e4e"><ac:parameter ac:name="">Fortify>Fisher 06<99</ac:parameter></ac:structured-macro>
\[FortifyFisher 0699\] FortifyDavid SoftwareFisher Inc.& [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.Howard Lipson, "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems," Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5-8, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df589184a4bceaf0-f1b56557-4fba40e0-8960b6c7-10bb0d17dd8567d1f93853bc"><ac:parameter ac:name="">Garfinkel>FSF 96<05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="86ab66fd12bbcefb-dedb8c97-4b614f70-8458970b-3be7b7b84e2f782316d71b1b"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="447aa27738efbd2e-d70eef7d-49e8482e-aa359462-c393beaa5e6cc5edac78f661"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d88bbc1e341a4de-018b38fa-425546fd-9d27a102-9dbc32986c7f5be51eba287d"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0aa741823a97cf7e-a016a912-4bcb48d5-8cb4a68e-048bda55a8ab16c6b356b5f6"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57e0c34578e328fa-ca4c9b54-4b5949ec-9182ae38-1ae40ea3d25f4f849814ba26"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd99f66feb9d6e0e-56aaf281-444d4f0d-91788367-3a08c076295b445075dd4be8"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31ce34b738af5b50-cf0f8c09-4f5e4da7-ba5ab633-bcc44007e3f401e9d91db909"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="91bee6c48bfc1796-31789518-48ff479f-accc8ec6-bba9a74a5e6e541e67082ca1"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f5e58d05f79e709-cb30f8e5-473448c8-8dfa813e-8039c43682050b44941e38dc"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael & LeBlanc, David C. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80ff07a74e369088-2f50e106-41f2491c-844d9251-8d6d145b933281e4787c053e"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df5497eda1472462-78dbad71-44bd4c39-b0509ffc-0fbdee0d050cfb1e05a4dbda"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="caec84f4583b12a5-d487ccd4-45864ac3-b971becc-d8e9a6ca6cc1b216e4baf535"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3ae72ff4f09a298-8b5cb926-46b94d83-a8f78897-2d2abf3e109312dabcaaff80"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65d6c4b2f69faff4-295544c8-4a2f45d0-b8be8d9c-f3bd684ea205e05af99fc123"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c15075f054564689-c9cc5182-41444785-ad16b8cf-0fcf10122c6dbb7b55d3a219"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="586670fb56dab79f-6e9411ff-498d4d89-80bfb25f-f845cc7c8ac89e82f73b4b8e"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9c72c9ca47f9909-83e4b967-48254b51-a31fbc69-a49a57863152a438e6d6827b"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f501da1097c2809-119b2fa8-4f504a30-a5d18a29-759c78791edbb7a6ce241a11"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="afc66d482ebdebca-b66972d7-4f554b93-8b289f13-9dcbf4e4bd877a3e8a077cd4"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5dd2f2766408c92c-faedb5aa-4f504471-8e2d8eb3-6ee4759ea59f3fd35f8dddc5"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43a8c45e77910171-02bf557d-469d462c-903e88b4-0dc15dd76b9f1112749b8f55"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6b8c80719f71d0f0-58ad1e57-4dc840f3-90518326-470c8a104221951ba483f802"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8d0780cca9ad278-6285ad9b-422d48ef-983cbf2d-0fc1b38f78442512403694a1"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4fe2b25a720293d7-b31635e5-42dc4453-8541bb5d-7bd274d0f5a0cd8e84071bfb"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb05e9f11c5ef950-07cba04c-42254398-9bfe8b08-914183d306ac01a4c52a882c"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f5ac20e7db2cbb27-5e25a811-403c46d6-bd7faa6a-0ab5aa57053a640256815879"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56eb1a8f9504f7fa-9e5d35a4-45c342a8-b142a286-b8f66e10a99a62a9418eb7d5"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c8c0d8d622bdc75-9698e967-45e2439b-a52187ea-e0dbfd8575110c1600a430ab"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Derek M. Jones. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software, Ltd, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="20b5ab6596a95005-3170cc5e-467741b3-acbb8913-585ad48b06989e3193a06584"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="568b8b34b79ef4e1-cd60f295-470e4301-b342869a-24001d677b1f72898e26e840"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2310a022236deeb7-f4ee348a-44814a5a-94cd9dd3-51201701df707db16fcf8015"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93a022bb0a8d04e3-02d85467-489240f1-97dca3de-ae95f1d4ed9e64b0b4544b94"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19a35027ea1e4d5a-8c71b7b1-4aa04a9b-af929ec0-dd1ff50b37cbc0f32c450ea7"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08bc50e288fd04fb-861ad806-4f6d409c-8826870e-16e41f54bbd19f7104ee7e84"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  O'Reilly, November 2002 (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="632fbcd8e79143b4-66dadaef-46b04e30-87eebc51-a4024302c410afbaf432723b"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fcd7dfef4f485d41-645d6a8e-44c249a9-8b348fd8-2b2aa9b8dc86453ff4cdaff5"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="894abec8baa0fa9a-f5b52bfa-4ede45fa-9b7fac4e-814b812cdda1c9d6e0f279f2"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="853fefc06b116ddf-a22f902c-4ed14db6-822890e1-c0c65539dda7ef780de0a04b"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b078f7293f2eebef-d2c31c1a-4ce64cf3-babfb6cd-c90dc6541d93c8d2cc3f3bdd"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84b52316dc7933e7-941a38cb-483943e3-97498811-47fdd101bcb9475e9e7dd134"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f61aded-5ab6-4f64-aa46-bafef6ba18e8a7de12f1-34a0-475e-8486-504c8d27f3a3"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8986843308064cb9-25af04c0-41274b5a-9794a53f-35edf54bd987b498b0c88157"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d9622471e95d728-910a6c4d-491f4961-85faaa70-3c221b8cc6948be843a5014f"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11.  September 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c0cfa226e1a9a6a-7606b602-429448c7-bebea7ec-be8fc684161565325f973a5d"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f242241e1151bbfa-c13a06a2-44134d67-917bb594-5b7d4af337dc25376fca3f8f"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0de704fd313b1ad2-501cde63-4821463b-956ca160-15a7314cb41fc4df30e96525"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43268f90c91363c9-2ba1a3ea-45d44c39-a1a78d9f-c0cdb45599cede9ad662c6d9"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d537c6fcfcd7c6a-b9f3c319-480b450d-bd4bb22c-9024b41fbf68ed45f9416bd0"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 04\] Mark C. Miller, James F. Reus, Robb P. Matzke, Quincey A. Koziol, Albert P. Cheng. [Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]. Proceedings of the Nuclear Explosives Code Developer's Conference. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e342ebec3f3926f6-19675794-42594669-bf2cbb8f-fce5b7b016cf08638c49e918"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9222d7874c19f285-844d8786-4c0c435e-b29d9286-aceef4f74103aa6e4d298689"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb0fd24ee57590a4-62309d3b-4707439f-b0c981c6-6a8d7b148e3c86c5c98c6750"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cfa5223891c0f975-5fb0ea01-4b8e4fde-b344ac8f-5cbfb1359ab9ab3a228c4e22"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07000ed14c435f42-942264d9-436d4ac5-b1aeb431-cb8f81cc181a63f5712b940c"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="637a4dfcd79d8a23-7db5b747-497b44a3-92dd88ee-97c264029bed6ef1643601bd"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae93a574ff2356c1-abb91006-460b4705-9561b2cf-ca881eee74dd7c53c5e92799"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="124804e331302e67-3b0b67c8-43684254-8356811c-dacbe61b9f16386e72e9cccb"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52945718fe0cab88-b76c97e6-40e74efd-b3598ab0-ef9fb523186ec8a6058a9b02"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="411b991c94d9ee98-71ca66d0-4efd485f-a50c8d02-2fcc5647bb9fae0f064f7106"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc8c0e308cbe6011-ea3bf0bf-4bec4ddd-92f9a37c-9eeeb580e76ba08a37966566"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9e295e02ec9576d-b3a03843-44df49f9-9d3d9ae6-c5e2d067044276bbce4fe343"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76a8f37f469b06f0-73c8d26d-48734fbc-afbb9e89-5d653a685796d2d4b5c68694"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="825bea3cfc220611-5abc0b1f-459a4226-887d92a1-235a4fc8832f8b1eb1cc193d"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c0a8e579ca4f850-06cd6305-46ed481a-ae85bae0-5264d22675563ff7f251deb7"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33f5d2f525bd4ec0-5712a5a5-42394b6b-816eb66d-22ecf8d7ad05da096cff73ec"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Rob Pike, Ken Thompson. _Hello World_. USENIX Winter 1993 Technical Conference, San Diego, January 25-29, 1993, Proceedings, pp. 43-50.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74edf9ce7458fd1d-8e284f08-4b9e42ec-905dba91-06935f41f13bf60296a7a696"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="771d4156fab24dfa-05994c7e-4e86420a-9d80bf7e-b30d1bcbf57035452ef2f8f2"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f10a7667d9b5e75-b78f29b7-40ec4641-994a970e-81f5022b4dd976b4942177dd"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c901911f51bd18cf-9f8d649d-445a4f35-b44abce5-ec45d9bbf1dd8ec8ec9edf9b"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3492d51cbb434ca-2a832807-473e46e7-b2e9b3be-773d61ec937660cfda76c1d3"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8db2a65136f432f9-92b33f95-4ad74ea4-8a71ad5d-8112aad844e9f1379441d037"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b709497fd680716-48f467e3-4ad841aa-a99ea4aa-5c148cb3c3aad4577ca0b1b8"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49897bfceaaade2a-b5d9fdd3-4bce48cd-ade4adf0-d7ae82f7d085d063054670e4"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e28b6eebae97f308-b974c7fe-46c34d5d-bb23addb-4d1865f8b78a81b7b2b60548"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3bd3f19952cef31-c6c67020-42b54c6f-94de8944-352659c4e27ff4139440c775"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b46147d587c0dc0-c067fd14-42224958-98588740-220572e8290484f8a31857ed"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01fccd1ff10025d9-0faa794a-4c1049c2-98a78f2c-bf09b11ea3fc19cb87ebbcd7"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="741584e860450d97-92864ff0-47854457-99048917-bd6eba2fffacbabf04fa68f7"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 07\] Dan Saks. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. Embedded Systems Design. March, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4ced0c311b9dda0-296745f5-4c2a4f7c-affdbf80-b705012903d5087837bb427c"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d17baf9e08db1439-5c96b55d-42134772-a4748019-640cea1f6469aab5316a2f5b"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06cebbf4b2681309-eb4db426-49a1481f-a304a790-f9105ff0e4e9873bcf456a73"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2906565627762302-55435af4-4f0442d8-b5698442-61cbcd8ac3fc32f7e4395b11"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8e65c47c5f05b99-b86c0fcc-40364fc3-afa8a40d-3d5cdd04fd2794e2327804d1"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7c3dea41524ef7d-5133ec40-4cf4445a-93839b51-f92b3d03ef309be9f7ee9377"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ee4ee702719f6f4-b9fd31e0-46a5496d-952f9d3b-ce709e4be9a28afecf9c3923"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7cb871a836598768-55e75c9a-44c14742-8e968622-4e3216e06af5f2a353ceab9f"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72ec9d28f1db721d-842e3336-47da46e9-9b1b848a-32604549de84778f7f4b9344"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9435162ffcb2b8a-384fc88e-4033422f-8b6e91a8-4fbd9ed0c0d073f827582f04"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efee6d0ad0982135-d3bce5d9-44604c49-83d9910f-99435968fc12602783e7ca40"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8f8384654a5c849-9e15e717-48574683-9191b56c-39151a467a32c98da0f52cd6"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5eaf5d64084598d8-30a94144-4ba84e4f-a4ebb26c-3d9ee18140af67ef646971f4"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6f9d03f28bde399-6a99eccb-44234cfe-822e83c5-2fd3f9ac445b651122d81709"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93c91da33607d5e6-3a7e1797-4e144c51-a8619a55-a74426288240ac2018c435a0"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b2bf7d2e53d4172-e0af6806-40f5488c-86198a34-931053ccd181baa720b52567"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6fc7d2ef0d93bea-e618bfcb-449d479a-b82787ff-2eb0cd846af51aa4c37dc8c8"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3146f5450ea8f0a-6a45f3fa-45134083-a6f3a96a-402b52b7ca592c23a019f0e1"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69c6ee4cb171bfd6-dd5acb9f-4758484a-90668056-1aed29082f13f02b12210a2c"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67e367f087d5bf90-1133cc46-4f8f446a-924b989a-0d06cfc26725f105d81e8ed7"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8c3679f0eedcd37-5ce8805b-4bb24fe0-bbd6b4cf-3e3beda91d488700f7c64260"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3dc6393c84f63c81-0d1ff69d-42794bb4-8570882d-c8bc77eaf2701bf726d8325d"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="386ced2a6e4aeacd-4a430eb6-4d49416c-89d98277-ca700db1eaf3be3d1424b1de"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c52ded9c11e58925-d546de0a-4ef64b82-95a99ce9-312eb24436c250896ada787e"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32860abc9acc535a-137e3ed8-41fd442a-ae49b892-5801cd179dcbc8dd2a87cead"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c45dd8963661888-64419889-4b1545da-a9509ac7-519e8325b6005f538c8e4c9f"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9342f5d380b77b9e-5c968e15-463b4eec-bf4891f1-cb75ff0f6c9b860798fe7ae8"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfe38a558dad791b-c57673f8-4d0142b3-bced96d9-2980ca647c85ab59ddb3c54a"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa0a74c8e8940cc3-11e3072a-4aa14ca6-81c286e5-cdb321a7db96dcc60c48913f"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b29bdc3697b36d95-63429e36-47b04b69-979f9f78-cb290aa8ee530ccc97c69e4e"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49791241374ff4f6-b9424ee7-43cb4eb6-b2eb852c-84f878f88736482a466bc44a"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be597fd1d021dd11-ca4fad0e-41fe4832-acf4ba8b-637b60f306fbbccb8f4c0be0"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6742bf914cf5acf4-290cc641-420b4759-8e809082-eab79dfdf4e238926558fe72"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b417efb88147aa0-44e088a2-45034f1b-87a58a02-00d07b581a83da219db83c13"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e0f2e91c02f5d58-f07f5be8-47c64e1a-adb6a6fe-57110587df4819770793f6ad"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.