SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
Abrahams 10
Abrahams 10
[Abrahams 2010] Abrahams, David. Boost Library Error and Exception Handling Guidelines, #7, 2001-2003. Boost Library. 2010.

Anchor
Banahan 03
Banahan 03
[Banahan 2003] Banahan, Mike. The C Book . 2003.

Anchor
Barney 10
Barney 10
[Barney 2010] Barney, Blaise. POSIX Threads Programming, . Lawrence Livermore National Security, LLC, . 2010.

Anchor
Becker 08
Becker 08
[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++, . April 2008.

Anchor
Becker 09
Becker 09
[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++, . September 2009.

Anchor
Black 07
Black 07
[Black 2007] Black, Paul E. Black; Kass, Michael Kass; & Koo, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf. May 2007.

Anchor
Cline 09
Cline 09
AnchorCline 09Cline 09[Cline 2009] Cline, Marshall. C++ FAQ Lite - Frequently Lite—Frequently Asked Questions 1991. 1991-2009.

Anchor
codesourcery 2016a
codesourcery 2016aCoverity 07Coverity 07
[Coverity 2007] Coverity Prevent User's Manual (3.3.0). 2007. AnchorCodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI. December 2016 [accessed].

Anchor
codesourcery2016b
codesourcery2016b
[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI (Revision: 1,86). December 2016 [accessed].

Anchor
Coverity 07
Coverity 07
[Coverity 2007] Coverity. Coverity Prevent User's Manual (3.3.0). 2007.

Anchor
CWE
CWE
[CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.

Anchor
Dewhurst 02
Dewhurst 02
[Dewhurst 2002CWECWE [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types. AnchorDewhurst 03Dewhurst 03[Dewhurst 2003] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002. AnchorDewhurst 05Dewhurst 05[Dewhurst 2005] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Addison-Wesley Professional. 2002.

Anchor
Dewhurst 05
Dewhurst 05
[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, . 2005.

Anchor
DISA 2015
DISA 2015
[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed October 2016April 2015.

Anchor
DISA 2016
DISA 2016
[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed October 2016January 2017.

Anchor
Dowd 07Dowd 07
[Dowd 2007] Dowd, McDonald & Schuh.
DISA 2018
DISA 2018
[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.

Anchor
Dowd 06
Dowd 06
[Dowd 2006] Dowd, Mark; McDonald, John; & Schuh, Justin. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.. In The Art of Software Security Assessment. Addison-Wesley Professional. 2006.

Anchor
Fortify
Anchor
Fortify 06
Fortify 06
[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, . 2006.

Anchor
FSF 05
FSF 05
[FSF 2005] Free Software Foundation. GCC online documentationOnline Documentation. ( 2005).

Anchor
Gamma 9594
Gamma 9594
[Gamma 19951994] Gamma, Erich; Helm, Richard; Johnson, Ralph, & Vlissides, and JohnsonJohn. Design Patterns Elements of Reusable Object Oriented Software. Addison-Wesley , 1995Professional. 1994.

Anchor
Goldberg 91gnu2016Goldberg 91
gnu2016
[GNU 2016] gnu.org. GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed].

Anchor
Goldberg 91
Goldberg 91
[Goldberg 1991] Goldberg, Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, . March 1991.

Anchor
Graff 03
Graff 03
[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). Anchor O'Reilly. 2003. ISBN 0596002424.

Anchor
Henricson 97
Henricson 97
[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Prentice Hall PTR. 1997. ISBN 0-13-120965-5.

Anchor
Hinnant 05
Hinnant 05
[Hinnant 2005] Hinnant, Howard. RValue Reference Recommendations for Chapter 20. N1856=05-0116. August 2005.

Anchor
Hinnant 15
Hinnant 15
[Hinnant 2015] Hinnant, Howard. Reply to "std::exception Why what() is returning a const char* and not a string?" ISO C++ Standard—Discussion. June 2015.

Anchor
IEC 60812 2006
IEC 60812 2006
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. IEC 60812. IEC. January 2006.

Anchor
IEEE Std 610.12 1990
IEEE Std 610.12 1990
[IEEE Std 610.12 1990] IEEE.  IEEE Standard Glossary of Software Engineering Terminology. 1990.

Anchor
IEEE Std 1003.1-2013
IEEE Std 1003.1-2013

[IEEE Std 1003.1:2013] IEEE & The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX). Base Specifications. Issue 7. 2013.

Anchor
incits 2012
incits 2012
[INCITS 2012] INCITS Document number N3396= 12-0096. Dynamic memory allocation for over-aligned data. 2012. 

Anchor
INCITS 2014
INCITS 2014
[INCITS 2014] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N3967. 2014.

Anchor
INCITS 2020
INCITS 2020
[INCITS 2020] INCITS PL22.16 & Henricson 97Henricson 97[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5). AnchorHinnant 05Hinnant 05[Hinnant 2005] Hinnant, Howard. RValue Reference Recommendations for Chapter 20. N1856, August 2005. AnchorHinnant 15Hinnant 15[Hinnant 2015] Hinnant, Howard. Reply to "std::exception Why what() is returning a const char* and not a string?" [public forum post]. ISO C++ Standard—Discussion, June 28, 2015. AnchorIEC 60812 2006IEC 60812 2006[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006. AnchorINCITS 2014INCITS 2014[INCITS 2014] INCITS PL22.16 and ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88), Doc. N3967, 2014. N4860. 2020.

Anchor
Internet Society 00
Internet Society 00
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.

Anchor
ISO/IEC 9899-1999
ISO/IEC 9899-1999
Anchor
ISO-IEC 9899-1999
ISO-IEC 9899-1999
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, . 1999.

Anchor
ISO/IEC 9899-2011
ISO/IEC 9899-2011
Anchor
ISO-IEC 9899-2011
ISO-IEC 9899-2011
[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed (. ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011. 2011.

Anchor
ISO/IEC14882-1998
ISO/IEC14882-1998
[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition, . 1998.

Anchor
ISO/IEC14882-2003
ISO/IEC14882-2003
[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition, . 2003.

Anchor
ISO/IEC14882-2011
ISO/IEC14882-2011
[ISO/IEC 14882-2011] ISO/IEC 14882-2011. Programming Languages — C++, Third Edition, . 2011.

ISO/IEC14882-2014
Anchor
ISO/IEC14882-2014
[ISO/IEC 14882-2014] ISO/IEC 14882-2014. Programming Languages — C++, Fourth Edition, 2014.
-2014
ISO/IEC14882-2014
Anchor
ISO/IEC DTR 24772ISO/IEC DTR 24772
[ISO/IEC DTR 2477214882-2014] ISO/IEC DTR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 200914882-2014. Programming Languages — C++, Fourth Edition. 2014.

Anchor
ISO/IEC N3000
ISO/IEC N3000
[ISO/IEC N3000 2009] Working Draft, Standard for Programming Language C++, . November 2009.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013
[ISO/IEC TR 24772-:2013] ISO/IEC TR 24772-2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, . TR 24772-2013. ISO. March 2013.

Anchor
ISO/IEC TS 17961
ISO/IEC TS 17961
Anchor
ISO-IEC TS 17961
ISO-IEC TS 17961
Anchor
ISO/IEC TS 17961-2013
ISO/IEC TS 17961-2013

[ISO/IEC TS 17961:2012] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO,  ISO. 2012.

Anchor
Jack 07
Jack 07
[Jack 2007] Jack, Barnaby. Vector Rewrite Attack. Juniper Networks. May 2007.

Anchor
kalev99
kalev99
Anchor
kalev1999
kalev1999Kalev 99Kalev 99
[Kalev 991999] Kalev, Danny.  ANSI/ISO C++ Professional Programmer's HandbookIndianapolis, Ind: Que, 1999. AnchorKalev 03Kalev 03[Kalev 2003] Kalev, Danny. Static Assertions. January 2003.Programmer's Handbook. Que. Corporation. 1999

Anchor
Lea 2000
Lea 2000
[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd ed2nd Edition., Addison-Wesley Professional, Boston, 2000. 2000.

[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996.

Anchor
Lions 96
Lions 96
[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, . July 1996.

Anchor
Lockheed Martin 05
Lockheed Martin 05
[Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005. AnchorMeyers 95Meyers 95[Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995, Rev C. December 2005.

Anchor
Meyers 96
Meyers 96
[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996. AnchorMeyers 97Meyers 97[Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997. 1996.

Anchor
Meyers 01
Meyers 01
[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, . 2001.

Anchor
Meyers 05
Meyers 05
[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, . 2005.

Anchor
Meyers 14
Meyers 14
[Meyers 2014] Meyers, Scott. Reply to " The Drawbacks of Implementing Move Assignment in Terms of Swap " [blog post]. The View from Aristeia: Scott Meyers' Professional Activities and Interests, . 2014.

Anchor
Microsoft 10
Microsoft 10
[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines. 2010.

Anchor
MISRA 04
MISRA 04
[MISRA 2004] MIRA Limited. " MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. " Warwickshire, UK: MIRA Limited, . ISBN 095241564X. October 2004 (ISBN 095241564X).

Anchor
MISRA 08
MISRA 08
[MISRA 2008] MIRA MISRA Limited. "MISRA C++: 2008 Guidelines for the Use of the C++ Language in Critical Systems", . ISBN 978-906400-03-3 (paperback), ISBN ;  ISBN 978-906400-04-0 (PDF), . June 2008.

Anchor
MITRE 07
MITRE 07
[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9, . April 2008.

Anchor
MITRE 08a
MITRE 08a
[MITRE 2008a] MITRE. CWE ID 327, ". Use of a Broken or Risky Cryptographic Algorithm," . 2008.

Anchor
MITRE 08b
MITRE 08b
[MITRE 2008b] MITRE. CWE ID 330, ". Use of Insufficiently Random Values," . 2008.

Anchor
MITRE
MITRE
[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.

Anchor
MSDN 10
MSDN 10
[MSDN 2010] MSDNMicrosoft Developer Network. "CryptGenRandom Function.". December 2016 [accessed].

Anchor
msdn2016
msdn2016
[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed].

Anchor
NIST 06
NIST 06
[NIST 2006] NIST. SAMATE Reference Dataset, . 2006.

Anchor
POSIX.1-2013
POSIX.1-2013
Anchor
IEEE Std 1003.1-2013
IEEE Std 1003.1-2013
Anchor
ISO/IEC 9945:2013
ISO/IEC 9945:2013
Anchor
Open Group 13
Open Group 13
[Open Group 2013] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition, . 2013.

Anchor
POSIX.1-2008
POSIX.1-2008
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008
Anchor
ISO/IEC 9945:2008
ISO/IEC 9945:2008
Anchor
Open Group 08
Open Group 08
[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, . 2008.

Anchor
POSIX.1-2004
POSIX.1-2004
Anchor
IEEE Std 1003.1-2004
IEEE Std 1003.1-2004
Anchor
ISO/IEC 9945:2003
ISO/IEC 9945:2003
Anchor
Open Group 04
Open Group 04
[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, . 2004.

Anchor
Plum 91
Plum 91
[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc. , November 1991 (. ISBN 0911537104).

Anchor
Quinlan 06
Quinlan 06
[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. " Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," . 27-35. NIST Special Publication Page 500-262, . In Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.

Anchor
rohlf 2009
rohlf 2009
[Rohlf 2009] Rohlf, Chris. Fun with erase (). 2009.

Anchor
Saks 99
Saks 99
[Saks 1999] Saks, Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdfProgramming. February 1999. Pages 13-16.

Anchor
Saks 07
Saks 07
[Saks 2007] Saks, Dan. "Sequence Points" . Embedded Systems Design, 07/01/02. 2007.

Anchor
Seacord 05
Seacord 05
[Seacord 2005] Seacord, RRobert C. Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, . 2005 (. ISBN 0321335724).

Anchor
Seacord 2013
Seacord 2013
Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. See http://www.cert.org/books/secure-coding for news and errata, Second Edition. Addison-Wesley. 2013.

Anchor
Sebor 04
Sebor 04
[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68, Issue 475, . 2010.

Anchor
SGI 06
SGI 06
[SGI 2006] Silicon Graphics, Inc. " basic_string<charT, traits, Alloc>. " Standard Template Library Programmer's Guide, . 2006.

Anchor
Steele 77
Steele 77
[Steele 1977] Steele, G. L. 1977.  Arithmetic shifting considered harmful. SIGPLAN NotNotices. Volume 12, . Issue 11 (Nov. November 1977), . Pages 61-69.

Anchor
Stroustrup 97
Stroustrup 97
[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, . 1997 (ISBN 0201889544). ISBN 978-0201700732.

Anchor
Stroustrup 06
Stroustrup 06
[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ (2006).2006. December 2016 [accessed].

Anchor
Stroustrup 01
Stroustrup 01
[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques (2001). AT&T Labs. 2001.

Anchor
Sun 93
Sun 93
[Sun 1993] Sun Security Bulletin #00122, . 1993.

Anchor
Sutter 00
Sutter 00
[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, . 2000 (. ISBN 0201615622).

Anchor
Sutter 01
Sutter 01
[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, . 2001 (. ISBN 020170434).

Anchor
Sutter 04
Sutter 04
[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison Addison-Wesley Professional, . 2004 (ISBN 0321113586). ISBN 0321113586.

Anchor
van Sprundel06
van Sprundel06
[van Sprundel 2006] van Sprundel, Ilja. Unusual bugs. 2006.

Anchor
van Sprundel06van Sprundel06
[van Sprundel 2006] van Sprundel, Ilja. Unusualbugs. 2006
Viega 03
Viega 03
[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. O'Reilly. 2003. ISBN 0-596-00394-3.

Anchor
Viega 0305
Viega 0305
[Viega 20032005] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). AnchorViega 05Viega 05 [Viega 2005] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.. CLASP Reference Guide, Volume 1.1. Secure Software. 2005.

Anchor
VU#159523
VU#159523
[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523. Adobe Flash Player integer overflow vulnerability. April 2008.

Anchor
VU#162289
VU#162289
[VU#162289] Dougherty, Chad. Vulnerability Note VU#162289. GCC Silently Discards Some Wraparound Checks. April 2008.

Anchor
VU623332
VU623332
[VU#623332] Mead, Robert. Vulnerability Note VU#623332. MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function. July 2005.

Anchor
VU925211
VU925211
[VU#925211] Weimer, Florian. Vulnerability Note VU#925211. Debian and Ubuntu OpenSSL packages contain a predictable random number generator. May AnchorVU#159523VU#159523[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523Adobe Flash Player integer overflow vulnerability. April 2008. AnchorVU#162289VU#162289 [VU#162289] Dougherty, Chad. Vulnerability Note VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.

Anchor
Warren 02
Warren 02
[Warren 2002] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (. ISBN 0201914654).

Anchor
Williams 10
Williams 10
[Williams 20102010a] Williams, Anthony. Thread. Boost Library Thread, 2007-2008. 2010.

Anchor
Williams 10
Williams 10
[Williams 20102010b] Williams, Anthony. Simpler Multithreading in C++0x, . Internet.com, . 2010.

Anchor
xorl 2009
xorl 2009
[xorl 2009] xorl. xorl %eax, %eax.

 

Image Removed Image Removed Image Removed. December 2016 [accessed].