Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6036bb46a4de1abe-5887477a-407948f2-b67eae91-d5f4bbaead39693dda130573"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f29aa1b615f15d5b-0199e7a7-43d04b5e-a0b586b8-507747171c08a00fe6cff687"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="39315b2be2d9e4ce-2847aeef-4aaf45ce-af5ab290-ac542b5ea03ba2f3ddc1ae17"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy; O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="713569668b29a0da-af979a1d-422142c3-834ab538-1a1cb4c9cc091cfe3613ed6e"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95b24c4e3b3e458a-080ee1f7-419a4fac-879cb1fd-2b1718d627813e410a32415b"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B.; Pawlowski, B.; & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4794ca48da68042a-3052dcf0-47a947f9-91e5b65f-67e526af110f1b09028acc84"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="121d5fdc656c0a72-990f0cbf-441040ce-a5b69717-1ada06c78900c2e61258bcd1"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3dbd6b3e8e3558b-ad8fe68f-4d8a43c3-bc9aa121-efdebd213595d9eb6d6347f4"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad5d74aa6940c9dd-42d38a58-4e8d428a-9ccda313-844c71d448423877bc0e74ee"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df743dce7765b576-0e25982f-47e44be2-8d71bef6-681f5be49f9bf603c6e06500"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c15c4819bde7c2b2-bd40a27a-438b4e48-9b5bb2e0-5c60e323b62bc36778209061"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52fb995ef8698dcb-c56ee558-4e7b434d-b1a69182-cc594b920ac10890ec25090f"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3cac2884cd08419d-7ba4004c-4d174e1a-8656a511-6994219609f8c403f15bf82d"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="299dde2d82861d50-383505ba-4cec4c16-95ffb7e2-d37cab1f784d9f97ed013974"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57687e9ba56ad4be-759fe584-4a0647aa-8d7c86c1-afabb9232947b29eb7e07e4f"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b72a330e3371e7c-caf8b9f7-45da4acb-a7b699f7-5c5baae53aa85fa1f6ed5733"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76fa7b4f11e76050-aa6bde3b-44af408b-b5b2bbaf-e343db7080fa410ea18f1d92"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Simson Garfinkel, Gene Spafford. Practical UNIX & Internet Security. ISBN 1-56592-148-8, 1004 pages.
Second Edition, April 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fcac076fbacfeec-422a2fec-49e44de6-8b87b1f2-86c573796edac2b80f0c3d69"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ed63ffb97610fbc-8bc9b29f-48794e62-a6c2becf-65db045707bcd25a1587df08"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="adeb613df0e20867-a25747bb-4d9b4c9b-b977b61b-b09b5aea7cb1ac429a1e8798"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81c2d9adf653068d-100dfdeb-47b14659-913b9768-2eb88e244c0a09490d0e4d31"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5a44c093434a7f1b-b9aca945-4db14382-a1ab9d31-09b1c1517119770b5d95f010"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a38efbe3bb39d882-c181e0a3-474a4b2d-812bba61-be83af3d033fdf808febf4cc"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4df0b92ea65e611-37dec5d8-4e4b473f-a434b089-dae95ae29766a29290120288"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Mark R. Horton. Portable C software. Prentice-Hall, Inc. Upper Saddle River, NJ, 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="358fe65e322c7e2c-72ebc5b6-43d04a83-a02991b2-f6b80222aca4509f75b8adbe"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Michael Howard, David C. LeBlanc. [Writing Secure Code, Second Edition|http://www.microsoft.com/mspress/books/5957.aspx] Microsoft Press; 2 Sub edition, December, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="921dc16abf5e8beb-87b846b3-41214f9d-aeb4984f-5ed1c821bedbfefdadd60d81"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="016c7a8008378ad3-1a4206a7-4c7e4885-a5a0beb4-c63244ea1927db024d2b4af2"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed4b6d3bd45eb73e-1ecd920c-44f747ba-a8d3bf51-80111ed3914d3141b950b7f5"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dee789b18b507f92-185ca74f-496945d7-b9fba74b-8bb117126d65ba388c09695f"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="171ee598fd9d9b28-5ed5c418-4e1041b3-bcd18bb4-d9b812832aed49cff1c66da5"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffdbcdb56e1f218e-0c799134-4ce84fb1-a175b97a-4a55cec8f7caf5ca1bbfcdd9"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology -- Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80b340a438e8f720-2fff171d-412742a1-8235ba76-04f7af9413edb60ca0ef380c"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c6f94745c15c750-58771eeb-4f6d4c1c-b9c4865f-3fa058021b15b6bf1f8848bc"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98f5b64b97a90e01-690dbc0e-4a7348d4-811f9988-c2d0ad18ebc27f251cba901f"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46990aae9afe8b1b-5c868136-454f4af2-bc00b24c-9930f5363771169315867dcb"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa016fe7bc9999f3-eb3a0e37-4cc14272-810e9b02-57d321dd2511233ab83f4677"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a714b6187f31b57-bf6bee87-44c7479d-94db970c-486e5fb97305b45ccaddd3ed"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

anchor:ISO/IEC DTR 24772-2007}
\[ISO/IEC DTR 24772-2007\] ISO/IEC TR 24731.  [Information Technology ? Programming Languages ? Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-n-0106/n0106.pdf]. November, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77c94f55f73d4c81-c0d2e288-463749bd-89d4ada7-c2ef2cd38baedab776b424dc"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec4e645d89d3a794-fb3969fc-400741f4-91069fd1-bae7ffa7a2f4bc89f84393ad"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6149b0868129257-fa89c85a-4f624daf-8f5f90c7-0c31e654860ac1dcbd1b1dbd"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9637ac459dc81431-a9a2b822-4f124804-b5818649-fcb5eb3b6f51ce2f9d2cb298"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="91aef78fc9b8497a-db0fce54-45934090-9d68bba1-d233fe6932338da8e0a4e386"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c057796fc5fa0ebd-33779a17-430b423a-ba06918c-04bac9478fb1dec2650d14ce"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Ulla Kirch-Prinz, Peter Prinz. _C Pocket Reference_.  O'Reilly, November 2002, (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9044432dba0ac5a9-befbdd0f-40f54cdb-93048bbf-c85bced66c8f895075e5583f"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e278a4f776f49e0a-b8d92dbe-40714a65-8c81906e-6073df0d2713f1a39d4a8214"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Andrew Koenig. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54f1590234037aa7-ccbb8d68-4e134a62-a5958f87-92d6475883d554095ef3529f"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="589816814cb330b6-4a23195e-43ca4c0a-9286ac4f-684df846b408abb6a85a92db"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="557f0eaa59f66a6f-aabe0151-4f944ba3-a952a2da-e8db8a602c118aa7661ebab2"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b6a0c2b8a8242c2-0bf9983e-4fba4f69-b95784d2-e5e87109e94df4deb81b2264"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. _Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program_. Document Number 2RDU00001, Rev C.  December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1546f6bbaec7584-f8a0255c-43424629-8238b049-bc4018180a7a26a776aa69c6"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5d506ebba285cc8-b35a3a11-46eb4228-90f898c0-a25223f4082b4f5d2745457f"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5db47c64784456f3-06a0d6eb-4bab4247-ab5ba1a7-ba5c2d2beb5fc8bd456ea8d2"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d38aa3789be4d86f-2780d4c5-4e574fd8-9d9db6c8-2b5a1c75869f47d9a9ca33f2"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="224b99421983890b-1fe20842-46ff4702-84cc930e-d5b4d31889cefe0bdc8dd25a"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c854ff56c2ef0dbb-561482c2-45bc4c9a-a6319318-a4fd360f67eb965757851643"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0988125a479af2b2-dcc69ee3-404a40db-8645b040-e74f1dd7061938eef404df23"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 7|http://cwe.mitre.org/],  October 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="030b638b7ee3ae6a-528574d6-43d343c5-a9288788-8110bcf13cd78210d1742f8e"><ac:parameter ac:name="">MSDN 07</ac:parameter></ac:structured-macro>
\[MSDN 07\] MSDN. [Inheritance (Windows)|http://msdn2.microsoft.com/en-us/library/ms683463.aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2c54f32f0dbe115-c7d0e468-45c0488a-8de7a1fe-5f8117be6b2dd0350f936406"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Constantine A. Murenin. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da62712145ff5763-a08babb9-494748c4-8b458577-15b8fa9b3849f0e6eecca811"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e13d381ba13183f-24029e86-4902477d-95359161-65afe6b05292ec2c057d6c99"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae120336213c802e-a5630081-4f2d4741-923d9f8f-094dd73ff1d173a131292bc0"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e5185e9607f23dc-879724e4-47924992-9053ad14-b8ae49380ebad191f0a5e853"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="461b90a57593b035-a1ea4cee-49034943-bd9d887f-4935f104a23de7e3cb2c9a3c"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2db7f72dde25330d-1e25b14f-44c348fb-a3f38554-76d5bd49062fdd07262d9e4a"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8bfb5c6c5ad6514-56090f95-43f54142-a85bbae1-55769d2be60f3a46904b9fcc"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5d7f2236dd0b28ca-e3d94714-4a894877-8c14ba2c-81f15b8fb3c75a20aa00a57a"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. _[_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html]_, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c53ba28bdb1ef1cc-8086bbf8-462b45b0-950498e7-f47b54d7e5699265b06e8e72"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bd8b16bd0b217038-f227e469-43904412-9336a11d-3f7888669b5e538349eb7a47"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54cffb81ed9cb32b-fed48194-4cce4fd0-9dee8672-b68791ed2397e78865827945"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9429a460ff935904-981163f3-4911462a-956ab1eb-01b360f9189c2a6131a3faeb"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c252c26c6fa8f366-bf63874d-47a64354-b22e97e6-7cef15d110b7ca95826e1348"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5a0501a2ebf861e8-e35ab5c2-4a674d27-bcee912e-73247d95c9b6a030bb954704"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="218687a19af2f023-3928f627-4bcf48a0-8f07a85e-a79881354dcc97320ba12cd5"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B. Hao Chen Wagner, D. Morrison, G. West, J. Lin, J. Wei Tu. _Model checking an entire Linux distribution for security violations_. Published in proceedings of the 21st Annual Computer Security Applications Conference,  December 2005 (ISSN: 1063-9527; ISBN: 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36df5849e3eed773-f4f2f1bf-47eb4246-a5769d8d-7d0223fb583bc100b770c38f"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="702fa6d2dbf9e2b4-ad94f462-452b46fe-aecd83ce-3c97a6f122a49eab37650e2d"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a77663e97397aa38-09f0165b-4d304f65-8f538962-8e070bd7fcbadecf6c6710aa"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1637b44f6dea3742-59970fae-4c7541ac-92b5a7a5-97ebfd80f8692ddbc9e15a58"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Robert C. Seacord. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab24be2cbca23b8c-3039f447-494a4f2f-99d78429-eba60f70eda8cfcb490888a7"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a5429ce42604877-751a2a22-45424010-92c682cc-c834b9971b35de60493e653c"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. 1977. [Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647] _SIGPLAN Not._ 12, 11 (Nov. 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ac065ef45deee27-d39cdd7f-418b4826-b31da3ce-17aed6b278f6796492011cf0"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa7407c21ea88a00-27906cdd-4f0647f9-971294e7-94cd7646ba31551854138373"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7f27ba209b738e6-b443e807-422c49d0-858a9122-d8c5c3ea8e5534fa5994ae1c"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5554cf1b1ee453c4-e5b97eca-43d94ede-910a9161-f3714738c6125cc46ce3de89"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c09c34897a1441f-2e648fc0-45ad49b2-9dad8606-659420612df7b01fa3b61ed3"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26d51ab7ecda847c-7782426d-43624c99-aa7286fa-865fa0add16738ce62ebbc9d"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9736fcb1c9f45845-88fd121d-4a5b43ad-bed3b960-d76ee898289acf31b68ca4f9"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58b511df29161926-75e204f2-42fa453c-bc3db283-cf4667b5cd0f755c63a287f2"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3fd926f27bb48dff-ae44c7cb-4d934cfd-b9afa3c1-9219528f0f786405a55c94ce"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="553f87de46a98292-a0b25631-4db544a4-a7d5a558-ebe2854fd5df59288960bc50"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3fb47762c03eb3c2-c8be4a04-42334518-976484c9-3a65507a4c83e4bed578888c"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5bc3be7a0da1fa86-e4b35fbc-410a41d1-9d1a9b6f-bdd53396cd2cc7710bc6aa6a"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="625a2eca9289566d-ec65d95d-47e44f3d-81b3a080-bb63728991d3b158a18fa9b2"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Jason A. Rafail; Jeffrey S. Havrilla.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b506d24f8045a64-97430aca-49ef438e-899d8ca4-b8f5e7506812c42853f2bf26"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="045ae542272cd8ca-ec59cf75-41b7405f-8ef69c4f-eef366fdecdaef229f36ddf3"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0feacdfca5e5f678-738e1a66-4d614f9e-83b79ef5-cb044e6d07ea86f951ef1e16"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72550241a576f45f-4adcc9d9-4150437b-bb789f85-911ee9241b69128b3cf9cabf"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2b26874ab108872-58e1c8a4-42bd4437-a4c4b8b5-bda770110ef687c5d77bfe69"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Michal Zalewski. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May, 2001.