[Abrahams 2010] Abrahams, David. Error and Exception Handling, #7. Boost Library. 2010. [Banahan 2003] Banahan, Mike. The C Book . 2003.[Barney 2010] Barney, Blaise. POSIX Threads Programming. Lawrence Livermore National Security, LLC. 2010.[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++. April 2008.[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++. September 2009.[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL). May 2007.[Cline 2009] Cline, Marshall. C++ FAQ Lite—Frequently Asked Questions. 1991-2009. Anchor |
---|
| codesourcery 2016a |
---|
| codesourcery 2016a |
---|
|
[CodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI. December 2016 [accessed]. Anchor |
---|
| codesourcery2016b |
---|
| codesourcery2016b |
---|
|
[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI (Revision: 1,86). December 2016 [accessed].[Coverity 2007] Coverity. Coverity Prevent User's Manual (3.3.0). 2007. [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.[Dewhurst 2002] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Addison-Wesley Professional. 2002.[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Addison-Wesley Professional. 2005.[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed April 2015.[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.[Dowd 2006] Dowd, Mark; McDonald, John; & Schuh, Justin. Attacking delete and delete[] in C++. In The Art of Software Security Assessment. Addison-Wesley Professional. 2006.[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors. 2006.[FSF 2005] Free Software Foundation. GCC Online Documentation. 2005.[Gamma 1994] Gamma, Erich; Helm, Richard; Johnson, Ralph, & Vlissides, John. Design Patterns Elements of Reusable Object Oriented Software. Addison-Wesley Professional. 1994.[GNU 2016] gnu.org. GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed].[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems. March 1991.[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. O'Reilly. 2003. ISBN 0596002424.[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Prentice Hall PTR. 1997. ISBN 0-13-120965-5.[Hinnant 2005] Hinnant, Howard. RValue Reference Recommendations for Chapter 20. N1856=05-0116. August 2005.[Hinnant 2015] Hinnant, Howard. Reply to "std::exception Why what() is returning a const char* and not a string?" ISO C++ Standard—Discussion. June 2015. Anchor |
---|
| IEC 60812 2006 |
---|
| IEC 60812 2006 |
---|
|
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. IEC 60812. IEC. January 2006. Anchor |
---|
| IEEE Std 610.12 1990 |
---|
| IEEE Std 610.12 1990 |
---|
|
[IEEE Std 610.12 1990] IEEE. IEEE Standard Glossary of Software Engineering Terminology. 1990. Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
[IEEE Std 1003.1:2013] IEEE & The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX). Base Specifications. Issue 7. 2013.[INCITS 2012] INCITS Document number N3396= 12-0096. Dynamic memory allocation for over-aligned data. 2012. [INCITS 2014] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N3967. 2014.
[INCITS 2020] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N4860. 2020.
Anchor |
---|
| Internet Society 00 |
---|
| Internet Society 00 |
---|
|
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.
Anchor |
---|
| ISO/IEC 9899-1999 |
---|
| ISO/IEC 9899-1999 |
---|
|
Anchor |
---|
| ISO-IEC 9899-1999 |
---|
| ISO-IEC 9899-1999 |
---|
|
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition. 1999. Anchor |
---|
| ISO/IEC 9899-2011 |
---|
| ISO/IEC 9899-2011 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2011 |
---|
| ISO-IEC 9899-2011 |
---|
|
[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed. ISO/IEC 9899:2011. 2011. Anchor |
---|
| ISO/IEC14882-1998 |
---|
| ISO/IEC14882-1998 |
---|
|
[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition. 1998. Anchor |
---|
| ISO/IEC14882-2003 |
---|
| ISO/IEC14882-2003 |
---|
|
[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition. 2003. Anchor |
---|
| ISO/IEC14882-2011 |
---|
| ISO/IEC14882-2011 |
---|
|
[ISO/IEC 14882-2011] ISO/IEC 14882-2011. Programming Languages — C++, Third Edition. 2011. Anchor |
---|
| ISO/IEC14882-2014 |
---|
| ISO/IEC14882-2014 |
---|
|
[ISO/IEC 14882-2014] ISO/IEC 14882-2014. Programming Languages — C++, Fourth Edition. 2014. Anchor |
---|
| ISO/IEC N3000 |
---|
| ISO/IEC N3000 |
---|
|
[ISO/IEC N3000 2009] Working Draft, Standard for Programming Language C++. November 2009. Anchor |
---|
| ISO/IEC TR 24772-2013 |
---|
| ISO/IEC TR 24772-2013 |
---|
|
[ISO/IEC TR 24772:2013] ISO/IEC. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. TR 24772-2013. ISO. March 2013. Anchor |
---|
| ISO/IEC TS 17961 |
---|
| ISO/IEC TS 17961 |
---|
|
Anchor |
---|
| ISO-IEC TS 17961 |
---|
| ISO-IEC TS 17961 |
---|
|
Anchor |
---|
| ISO/IEC TS 17961-2013 |
---|
| ISO/IEC TS 17961-2013 |
---|
|
[ISO/IEC TS 17961:2012] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. ISO. 2012.
[Jack 2007] Jack, Barnaby. Vector Rewrite Attack. Juniper Networks. May 2007.[Kalev 1999] Kalev, Danny. ANSI/ISO C++ Professional Programmer's Handbook. Que. Corporation. 1999[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd Edition. Addison-Wesley Professional. 2000.[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996.
[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996. Anchor |
---|
| Lockheed Martin 05 |
---|
| Lockheed Martin 05 |
---|
|
[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005.[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Addison-Wesley. 1996.[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Addison-Wesley Professional. 2001.[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Addison-Wesley Professional. 2005.[Meyers 2014] Meyers, Scott. Reply to The Drawbacks of Implementing Move Assignment in Terms of Swap [blog post]. The View from Aristeia: Scott Meyers' Professional Activities and Interests. 2014.[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines. 2010.[MISRA 2004] MIRA Limited. MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. MIRA Limited. ISBN 095241564X. October 2004.[MISRA 2008] MISRA Limited. MISRA C++ 2008 Guidelines for the Use of the C++ Language in Critical Systems. ISBN 978-906400-03-3 (paperback); ISBN 978-906400-04-0 (PDF). June 2008.[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9. April 2008.[MITRE 2008a] MITRE. CWE ID 327. Use of a Broken or Risky Cryptographic Algorithm. 2008.[MITRE 2008b] MITRE. CWE ID 330. Use of Insufficiently Random Values. 2008.[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.[MSDN 2010] Microsoft Developer Network. CryptGenRandom Function. December 2016 [accessed].[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed].[NIST 2006] NIST. SAMATE Reference Dataset. 2006. Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2013 |
---|
| ISO/IEC 9945:2013 |
---|
|
Anchor |
---|
| Open Group 13 |
---|
| Open Group 13 |
---|
|
[Open Group 2013] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition. 2013. Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2008 |
---|
| ISO/IEC 9945:2008 |
---|
|
Anchor |
---|
| Open Group 08 |
---|
| Open Group 08 |
---|
|
[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition. 2008. Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2003 |
---|
| ISO/IEC 9945:2003 |
---|
|
Anchor |
---|
| Open Group 04 |
---|
| Open Group 04 |
---|
|
[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition. 2004.[Plum 1991] Plum, Thomas. C++ Programming. Plum Hall, Inc. November 1991. ISBN 0911537104.[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++. 27-35. Page 500-262. In Proceedings of the Static Analysis Summit. July 2006.[Rohlf 2009] Rohlf, Chris. Fun with erase (). 2009.[Saks 1999] Saks, Dan. const T vs.T const. Embedded Systems Programming. February 1999. Pages 13-16.[Saks 2007] Saks, Dan. Sequence Points. Embedded Systems Design. 2007.[Seacord 2005] Seacord, Robert C. Secure Coding in C and C++. Addison-Wesley. 2005. ISBN 0321335724.[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, Second Edition. Addison-Wesley. 2013.[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68. 2010.[SGI 2006] Silicon Graphics, Inc. basic_string<charT, traits, Alloc>. Standard Template Library Programmer's Guide. 2006.[Steele 1977] Steele, G. L. Arithmetic shifting considered harmful. SIGPLAN Notices. Volume 12. Issue 11. November 1977. Pages 61-69. Anchor |
---|
| Stroustrup 97 |
---|
| Stroustrup 97 |
---|
|
[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Addison-Wesley. 1997. ISBN 978-0201700732. Anchor |
---|
| Stroustrup 06 |
---|
| Stroustrup 06 |
---|
|
[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ. 2006. December 2016 [accessed]. Anchor |
---|
| Stroustrup 01 |
---|
| Stroustrup 01 |
---|
|
[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques. AT&T Labs. 2001.[Sun 1993] Sun Security Bulletin #00122. 1993.[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional. 2000. ISBN 0201615622.[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional. 2001. ISBN 020170434.[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Addison-Wesley Professional. 2004. ISBN 0321113586. Anchor |
---|
| van Sprundel06 |
---|
| van Sprundel06 |
---|
|
[van Sprundel 2006] van Sprundel, Ilja. Unusual bugs. 2006.[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. O'Reilly. 2003. ISBN 0-596-00394-3. [Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software. 2005.[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523. Adobe Flash Player integer overflow vulnerability. April 2008. [VU#162289] Dougherty, Chad. Vulnerability Note VU#162289. GCC Silently Discards Some Wraparound Checks. April 2008.[VU#623332] Mead, Robert. Vulnerability Note VU#623332. MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function. July 2005. [VU#925211] Weimer, Florian. Vulnerability Note VU#925211. Debian and Ubuntu OpenSSL packages contain a predictable random number generator. May 2008.[Warren 2002] Warren, Henry S. Hacker's Delight. Addison Wesley Professional. 2002. ISBN 0201914654.[Williams 2010a] Williams, Anthony. Thread. Boost Library. 2010.[Williams 2010b] Williams, Anthony. Simpler Multithreading in C++0x. Internet.com. 2010.[xorl 2009] xorl. xorl %eax, %eax. December 2016 [accessed] Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd2ba444-35c4-49fb-bda0-9a98cd0748d3"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. Programming Languages --- C, Second Edition, 1999. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40e9de89-10e7-4126-9c85-66561bf84abf"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC 14882-2003. Programming Languages --- C++, Second Edition, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b3412ca-e44e-4b4c-a14d-556f8bdf3b26"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001 Rev C. December 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="012d3b47-cd75-498b-b966-0108eaed49ee"><ac:parameter ac:name="">Meyers 97</ac:parameter></ac:structured-macro>
\[Meyers 97\] Meyers, Scott. Effective C+\+ : 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Addison-Wesley Professional. (September 2, 1997) |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b101414-0a58-48c0-b7f0-8d42168da661"><ac:parameter ac:name="">Meyers 01</ac:parameter></ac:structured-macro>
\[Meyers 01\] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Addison-Wesley Professional. (June 6, 2001) |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="387f3179-8c21-48ab-a134-9fb584c8622f"><ac:parameter ac:name="">Meyers 06</ac:parameter></ac:structured-macro>
\[Meyers 06\] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Addison-Wesley, 1996. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74daec8e-f3e5-402b-97be-9f1ec90dc66c"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA C: 2004 Guidelines for the use of the C language in critical systems. MIRA Limited. Warwickshire,UK. October 2004. ISBN 0 9524156 4 |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e8ec217-ac50-4453-b10d-1cefcb469760"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. SAMATE Reference Dataset (SRD).See [http://samate.nist.gov/SRD/srdFiles/] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d53ac4be-0581-4dbb-a36f-ede0af2f4037"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. C+\+ Programming. Plum Hall (November 1991) ISBN: 0911537104. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60bcceca-e1e2-4546-a302-322a812b03c5"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro>
\[Seacord 05\] Seacord, R. Secure Coding in C and C++. Addison-Wesley. Upper Saddle River, NJ : September 2006. ISBN: 0321335724. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0ab24f8-90bf-4314-bfcb-c4397a37bd81"><ac:parameter ac:name="">Stroustrup 06</ac:parameter></ac:structured-macro>
\[Stroustrup 06\] Bjarne Stroustrup. C+\+ Style and Technique FAQ March 2006. [http://public.research.att.com/~bs/bs_faq2.html] |
Wiki Markup |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d310823-9c23-46b8-9df6-dfe1b5ce2cac"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 04\] Sutter, Herb. Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Addison-Wesley Professional (October 25, 2004). ISBN: 0321113586.