[Abrahams 2010] Abrahams, David.
Boost Library Error Handling Guidelines, #7, 2001-2003.
[Barney 2010] Barney, Blaise.
POSIX Threads Programming, Lawrence Livermore National Security, LLC, 2010.
[Becker 2008] Becker, Pete.
Working Draft, Standard for Programming Language C++, April 2008.
[Becker 2009] Becker, Pete
Working Draft, Standard for Programming Language C++, September 2009.
[Black 2007] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007.
http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf[Cline 2009] Cline, Marshall.
C++ FAQ Lite - Frequently Asked Questions 1991-2009
[CWE] MITRE.
Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.
[Dewhurst 2003] Dewhurst, Stephen C.
C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.
[Dewhurst 2005] Dewhurst, Stephen C.
C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.
[Dowd 2007] Dowd, McDonald & Schuh.
The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.
[Fortify 2006] Fortify Software Inc.
Fortify Taxonomy: Software Security Errors, 2006.
[FSF 2005] Free Software Foundation.
GCC online documentation. (2005).
[Gamma 1995] Gamma, Helm, Vlissides, and Johnson. Design Patterns Elements of Reusable Object Oriented Software. Addison Wesley, 1995.
[Goldberg 1991] Goldberg, David.
What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.
[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R.
Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
[Henricson 1997] Henricson, Mats & Nyquist, Erik.
Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5).
[Hinnant 2005] Hinnant, Howard.
RValue Reference Recommendations for Chapter 20. N1856, August 2005.
[Hinnant 2015] Hinnant, Howard. Reply to "
std::exception Why what() is returning a const char* and not a string?" [public forum post].
ISO C++ Standard—Discussion,
June 28, 2015.
Anchor |
---|
| IEC 60812 2006 |
---|
| IEC 60812 2006 |
---|
|
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.
[INCITS 2014] INCITS PL22.16 and ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88), Doc. N3967, 2014.
Anchor |
---|
| ISO/IEC 9899-1999 |
---|
| ISO/IEC 9899-1999 |
---|
|
[ISO/IEC 9899-1999] ISO/IEC 9899-1999.
Programming Languages — C, Second Edition, 1999.
Anchor |
---|
| ISO/IEC 9899-2011 |
---|
| ISO/IEC 9899-2011 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2011 |
---|
| ISO-IEC 9899-2011 |
---|
|
[ISO/IEC 9899:2011] ISO/IEC.
Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011.
Anchor |
---|
| ISO/IEC 14882-1998 |
---|
| ISO/IEC 14882-1998 |
---|
|
[ISO/IEC 14882-1998] ISO/IEC 14882-1998.
Programming Languages — C++, First Edition, 1998.
Anchor |
---|
| ISO/IEC 14882-2003 |
---|
| ISO/IEC 14882-2003 |
---|
|
[ISO/IEC 14882-2003] ISO/IEC 14882-2003.
Programming Languages — C++, Second Edition, 2003.
Anchor |
---|
| ISO/IEC 14882-2011 |
---|
| ISO/IEC 14882-2011 |
---|
|
[ISO/IEC 14882-2011] ISO/IEC 14882-2011.
Programming Languages — C++, Third Edition, 2011.
Anchor |
---|
| ISO/IEC 14882-2014 |
---|
| ISO/IEC 14882-2014 |
---|
|
[ISO/IEC 14882-2014] ISO/IEC 14882-2014.
Programming Languages — C++, Fourth Edition, 2014.
Anchor |
---|
| ISO/IEC DTR 24772 |
---|
| ISO/IEC DTR 24772 |
---|
|
[ISO/IEC DTR 24772] ISO/IEC DTR 24772.
Information Technology —
Programming Languages —
Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009.
Anchor |
---|
| ISO/IEC N3000 |
---|
| ISO/IEC N3000 |
---|
|
[ISO/IEC N3000] Working Draft, Standard for Programming Language C++, November 2009.
Anchor |
---|
| ISO/IEC TR 24772-2013 |
---|
| ISO/IEC TR 24772-2013 |
---|
|
[ISO/IEC TR 24772-2013] ISO/IEC TR 24772-2013.
Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013.
[Jack 2007] Jack, Barnaby.
Vector Rewrite Attack. May 2007.
[Kalev 2003] Kalev, Danny.
Static Assertions. January 2003.
[Lions 1996] Lions, J. L.
ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.
Anchor |
---|
| Lockheed Martin 05 |
---|
| Lockheed Martin 05 |
---|
|
[Lockheed Martin 2005] Lockheed Martin. "
Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.
[Meyers 1995] Meyers, Scott.
More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995.
[Meyers 1996] Meyers, Scott.
More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996.
[Meyers 1997] Meyers, Scott.
Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997.
[Meyers 2001] Meyers, Scott.
Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, 2001.
[Meyers 2005] Meyers, Scott.
Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, 2005.
[Meyers 2014] Meyers, Scott. Reply to "The Drawbacks of Implementing Move Assignment in Terms of Swap" [blog post].
The View from Aristeia: Scott Meyers' Professional Activities and Interests, 2014.
[Microsoft 2010]
STL std::string class causes crashes and memory corruption on multi-processor machines[MISRA 2004] MIRA Limited. "
MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).
[MISRA 2008] MIRA Limited. "
MISRA C++: 2008 Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.
[MITRE 2007] MITRE.
Common Weakness Enumeration, Draft 9, April 2008.
[MITRE 2008a] MITRE.
CWE ID 327, "Use of a Broken or Risky Cryptographic Algorithm," 2008.
[MITRE 2008b] MITRE.
CWE ID 330, "Use of Insufficiently Random Values," 2008.
[MSDN 2010] MSDN. "
CryptGenRandom Function."
[NIST 2006] NIST.
SAMATE Reference Dataset, 2006.
Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2013 |
---|
| ISO/IEC 9945:2013 |
---|
|
Anchor |
---|
| Open Group 13 |
---|
| Open Group 13 |
---|
|
[Open Group 2013] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition, 2013.
Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2008 |
---|
| ISO/IEC 9945:2008 |
---|
|
Anchor |
---|
| Open Group 08 |
---|
| Open Group 08 |
---|
|
[Open Group 2008] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, 2008.
Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2003 |
---|
| ISO/IEC 9945:2003 |
---|
|
Anchor |
---|
| Open Group 04 |
---|
| Open Group 04 |
---|
|
[Open Group 2004] The Open Group.
The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, 2004.
[Plum 1991] Plum, Thomas.
C++ Programming. Kamuela, HI: Plum Hall, Inc., November 1991 (ISBN 0911537104).
[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," 27-35.
NIST Special Publication 500-262,
Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.
[Saks 1999] Dan Saks.
const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999.
http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf[Saks 2007] Saks, Dan. "
Sequence Points" Embedded Systems Design, 07/01/02.
[Seacord 2005] Seacord, R.
Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, 2005 (ISBN 0321335724).
[Sebor 2004] Sebor, Martin.
C++ Standard Core Language Active Issues, Revision 68, Issue 475, 2010.
[SGI 2006] Silicon Graphics, Inc. "
basic_string<charT, traits, Alloc>."
Standard Template Library Programmer's Guide, 2006.
[Steele 1977] Steele, G. L. 1977.
Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.
Anchor |
---|
| Stroustrup 97 |
---|
| Stroustrup 97 |
---|
|
[Stroustrup 1997] Stroustrup, Bjarne.
The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0201889544).
Anchor |
---|
| Stroustrup 06 |
---|
| Stroustrup 06 |
---|
|
[Stroustrup 2006] Stroustrup, Bjarne.
C++ Style and Technique FAQ (2006).
Anchor |
---|
| Stroustrup 01 |
---|
| Stroustrup 01 |
---|
|
[Stroustrup 2001] Stroustrup, Bjarne.
Exception Safety: Concepts and Techniques (2001).
[Sun 1993]
Sun Security Bulletin #00122, 1993.
[Sutter 2000] Sutter, Herb.
Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2000 (ISBN 0201615622).
[Sutter 2001] Sutter, Herb.
More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2001 (ISBN 020170434).
[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei.
C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).
Anchor |
---|
| van Sprundel06 |
---|
| van Sprundel06 |
---|
|
[van Sprundel 2006] van Sprundel, Ilja.
Unusualbugs. 2006.
[Viega 2003] Viega, John & Messier, Matt.
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).
[Warren 2002] Warren, Henry S.
Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).
[Williams 2010] Williams, Anthony.
Boost Library Thread, 2007-2008.
[Williams 2010] Williams, Anthony.
Simpler Multithreading in C++0x, Internet.com, 2010.
[xorl 2009] xorl.
xorl %eax, %eax.