[Abrahams 2010] Abrahams, David.
Boost Library Error and Exception Handling Guidelines, #7, 2001-2003. Boost Library. 2010.
[Banahan 2003] Banahan, Mike.
The C Book . 2003.
[Barney 2010] Barney, Blaise.
POSIX Threads Programming, . Lawrence Livermore National Security, LLC
, . 2010.
[Becker 2008] Becker, Pete.
Working Draft, Standard for Programming Language C++, . April 2008.
[Becker 2009] Becker, Pete
Working Draft, Standard for Programming Language C++, . September 2009.
[Black 2007]
Black, Paul E.
Black; Kass, Michael
Kass; & Koo, Michael
Koo.
Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL)
, Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf. May 2007. Anchor |
---|
Cline 09 | Cline 09 | [Cline 2009] Cline, Marshall.
C++ FAQ Lite - Frequently Lite—Frequently Asked Questions,. 1991-2009.
Anchor |
---|
| codesourcery 2016a |
---|
| codesourcery 2016a | Coverity 07 | Coverity 07 |
---|
|
[
Coverity 2007] Coverity Prevent User's Manual (3.3.0). 2007. Anchor |
CodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI. December 2016 [accessed]. Anchor |
---|
| codesourcery2016b |
---|
| codesourcery2016b |
---|
|
[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI (Revision: 1,86). December 2016 [accessed].[Coverity 2007] Coverity. Coverity Prevent User's Manual (3.3.0). 2007. [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.[Dewhurst 2002CWE | CWE | [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types. Anchor |
---|
Dewhurst 03 | Dewhurst 03 | [Dewhurst 2003] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002. Anchor |
---|
Dewhurst 05 | Dewhurst 05 | [Dewhurst 2005] Dewhurst, Stephen C.
C++ Gotchas: Avoiding Common Problems in Coding and Design. Addison-Wesley Professional. 2002.[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Common Knowledge: Essential Intermediate Programming.
Boston, MA: Addison-Wesley Professional
, . 2005.
[DISA 2015] DISA.
Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed
October 2016April 2015.
[DISA 2016] DISA.
Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed
October 2016January 2017.
[Dowd 2007] Dowd, McDonald & Schuh. [DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.[Dowd 2006] Dowd, Mark; McDonald, John; & Schuh, Justin. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.. In The Art of Software Security Assessment. Addison-Wesley Professional. 2006.[Fortify 2006] Fortify Software Inc.
Fortify Taxonomy: Software Security Errors, . 2006.
[FSF 2005] Free Software Foundation.
GCC online documentationOnline Documentation. ( 2005
).
[Gamma
19951994] Gamma,
Erich; Helm
, Richard; Johnson, Ralph,
& Vlissides,
and JohnsonJohn.
Design Patterns Elements of Reusable Object Oriented Software. Addison
-Wesley
, 1995Professional. 1994.
Anchor |
---|
| Goldberg 91gnu2016Goldberg 91 |
---|
| gnu2016 |
---|
|
[
GNU 2016] gnu.org. GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed].[Goldberg 1991] Goldberg, Goldberg 1991] Goldberg, David.
What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems
, . March 1991.
[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R.
Secure Coding: Principles and Practices.
Cambridge, MA: O O'Reilly
, . 2003
(. ISBN 0596002424
).
[Henricson 1997] Henricson, Mats & Nyquist, Erik.
Industrial Strength C++.
Upper Saddle River, NJ: Prentice Hall PTR
, . 1997
(. ISBN 0-13-120965-5
).
[Hinnant 2005] Hinnant, Howard.
RValue Reference Recommendations for Chapter 20.
N1856, N1856=05-0116. August 2005.
[Hinnant 2015] Hinnant, Howard. Reply to "
std::exception Why what() is returning a const char* and not a string?"
[public forum post]. ISO C++ Standard—Discussion, . June 28, 2015.
Anchor |
---|
| IEC 60812 2006 |
---|
| IEC 60812 2006 |
---|
|
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed.
( IEC 60812
). IEC
, . January 2006.
Anchor |
---|
| IEEE Std 610.12 1990 |
---|
| IEEE Std 610.12 1990 |
---|
|
[IEEE Std 610.12 1990] IEEE.
IEEE Standard Glossary of Software Engineering Terminology.
(1990) 1990.
Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
[IEEE Std 1003.1:2013] IEEE & The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX). Base Specifications. Issue 7. 2013.[INCITS 2012] INCITS Document number N3396= 12-0096. Dynamic memory allocation for over-aligned data. 2012. [INCITS 2014] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N3967. 2014.
[INCITS 2020] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N4860. 2020.
Anchor |
---|
| Internet Society 00 |
---|
| Internet Society 00 |
---|
|
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.
Anchor |
---|
| ISO/IEC 9899-1999 |
---|
| ISO/IEC 9899-1999 |
---|
|
INCITS 2014 | INCITS 2014 | [INCITS 2014] INCITS PL22.16 and ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88), Doc. N3967, 2014. Anchor |
---|
Internet Society 00 | Internet Society 00 | [Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000. Anchor |
---|
ISO/IEC 9899-1999 | ISO/IEC 9899-1999 | Anchor |
---|
ISO-IEC 9899-1999 | | ISO-IEC 9899-1999 |
---|
|
[ISO/IEC 9899-1999] ISO/IEC 9899-1999.
Programming Languages — C, Second Edition, . 1999.
Anchor |
---|
| ISO/IEC 9899-2011 |
---|
| ISO/IEC 9899-2011 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2011 |
---|
| ISO-IEC 9899-2011 |
---|
|
[ISO/IEC 9899:2011] ISO/IEC.
Programming Languages—C, 3rd ed (. ISO/IEC 9899:2011
). Geneva, Switzerland: ISO, 2011. 2011.
Anchor |
---|
| ISO/IEC14882-1998 |
---|
| ISO/IEC14882-1998 |
---|
|
[ISO/IEC 14882-1998] ISO/IEC 14882-1998.
Programming Languages — C++, First Edition, . 1998.
Anchor |
---|
| ISO/IEC14882-2003 |
---|
| ISO/IEC14882-2003 |
---|
|
[ISO/IEC 14882-2003] ISO/IEC 14882-2003.
Programming Languages — C++, Second Edition, . 2003.
Anchor |
---|
| ISO/IEC14882-2011 |
---|
| ISO/IEC14882-2011 |
---|
|
[ISO/IEC 14882-2011] ISO/IEC 14882-2011.
Programming Languages — C++, Third Edition, . 2011.
Anchor |
---|
| ISO/IEC14882-2014 |
---|
| ISO/IEC14882-2014 |
---|
|
[ISO/IEC 14882-2014] ISO/IEC 14882-2014.
Programming Languages — C++, Fourth Edition, . 2014.
Anchor |
---|
| ISO/IEC N3000 |
---|
| ISO/IEC N3000 |
---|
|
[ISO/IEC N3000
2009] Working Draft, Standard for Programming Language C++
, . November 2009.
Anchor |
---|
| ISO/IEC TR 24772-2013 |
---|
| ISO/IEC TR 24772-2013 |
---|
|
[ISO/IEC TR 24772
-:2013] ISO/IEC
TR 24772-2013.
Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use.
Geneva, Switzerland: ISO, TR 24772-2013. ISO. March 2013.
Anchor |
---|
| ISO/IEC TS 17961 |
---|
| ISO/IEC TS 17961 |
---|
|
Anchor |
---|
| ISO-IEC TS 17961 |
---|
| ISO-IEC TS 17961 |
---|
|
Anchor |
---|
| ISO/IEC TS 17961-2013 |
---|
| ISO/IEC TS 17961-2013 |
---|
|
[ISO/IEC TS 17961:2012] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, ISO. 2012.
[Jack 2007] Jack, Barnaby.
Vector Rewrite Attack. May 2007.. Juniper Networks. May 2007. Anchor |
---|
| Kalev 99kalev1999Kalev 99 |
---|
| kalev1999 |
---|
|
[Kalev
991999] Kalev, Danny.
ANSI/ISO C++ Professional Programmer's Handbook. Indianapolis, Ind: Que, 1999. Anchor |
---|
Kalev 03 | Kalev 03 | [Kalev 2003] Kalev, Danny. Static Assertions. January 2003.. Corporation. 1999[Lea 2000] Lea, Doug.
Concurrent Programming in Java, 2nd ed2nd Edition., Addison-Wesley Professional
, Boston, 2000. Anchor |
---|
Lions 96 | Lions 96. 2000.[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996.
[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996. Anchor |
---|
| Lockheed Martin 05 |
---|
| Lockheed Martin 05 |
---|
|
[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005.[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Anchor |
---|
Lockheed Martin 05 | Lockheed Martin 05 | [Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005. Anchor |
---|
Meyers 95 | Meyers 95 | [Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995. Anchor |
---|
Meyers 96 | Meyers 96 | [Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996. Anchor |
---|
Meyers 97 | Meyers 97 | [Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed.
Boston, MA: Addison-Wesley
Professional, 1997. 1996.
[Meyers 2001] Meyers, Scott.
Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library.
Boston, MA: Addison-Wesley Professional
, . 2001.
[Meyers 2005] Meyers, Scott.
Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition).
Boston, MA: Addison-Wesley Professional
, . 2005.
[Meyers 2014] Meyers, Scott. Reply to
" The Drawbacks of Implementing Move Assignment in Terms of Swap
" [blog post].
The View from Aristeia: Scott Meyers' Professional Activities and Interests, . 2014.
[Microsoft 2010]
STL std::string class causes crashes and memory corruption on multi-processor machines. 2010.[MISRA 2004] MIRA Limited.
" MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems.
" Warwickshire, UK: MIRA Limited
, . ISBN 095241564X. October 2004
(ISBN 095241564X).
[MISRA 2008]
MIRA MISRA Limited.
"MISRA C++: 2008 Guidelines for the Use of the C++ Language in Critical Systems", . ISBN 978-906400-03-3 (paperback)
, ISBN ; ISBN 978-906400-04-0 (PDF)
, . June 2008.
[MITRE 2007] MITRE.
Common Weakness Enumeration, Draft 9, . April 2008.
[MITRE 2008a] MITRE.
CWE ID 327, ". Use of a Broken or Risky Cryptographic Algorithm," . 2008.
[MITRE 2008b] MITRE.
CWE ID 330, ". Use of Insufficiently Random Values," . 2008.
[MITRE] MITRE.
Common Weakness Enumeration, Version 1.8. February 2010.
[MSDN 2010] MSDN. "CryptGenRandom Function."[MSDN 2010] Microsoft Developer Network. CryptGenRandom Function. December 2016 [accessed].[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed].[NIST 2006] NIST.
SAMATE Reference Dataset, . 2006.
Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2013 |
---|
| ISO/IEC 9945:2013 |
---|
|
Anchor |
---|
| Open Group 13 |
---|
| Open Group 13 |
---|
|
[Open Group 2013] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition, . 2013.
Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2008 |
---|
| ISO/IEC 9945:2008 |
---|
|
Anchor |
---|
| Open Group 08 |
---|
| Open Group 08 |
---|
|
[Open Group 2008] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, . 2008.
Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2003 |
---|
| ISO/IEC 9945:2003 |
---|
|
Anchor |
---|
| Open Group 04 |
---|
| Open Group 04 |
---|
|
[Open Group 2004] The Open Group.
The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, . 2004.
[Plum 1991] Plum, Thomas.
C++ Programming.
Kamuela, HI: Plum Hall, Inc.
, November 1991
(. ISBN 0911537104
).
[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas.
" Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++
," . 27-35.
NIST Special Publication Page 500-262, Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006. In Proceedings of the Static Analysis Summit. July 2006.[Rohlf 2009] Rohlf, Chris. Fun with erase (). 2009.
[Saks 1999]
Saks, Dan
Saks.
const T vs.T const.
Embedded Systems Programming.
Pg February 1999.
Pages 13-16.
February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf[Saks 2007] Saks, Dan.
"Sequence Points" . Embedded Systems Design, 07/01/02. 2007.
[Seacord 2005] Seacord,
RRobert C.
Secure Coding in C and C++.
Upper Saddle River, NJ: Addison-Wesley
, . 2005
(. ISBN 0321335724
).
[Seacord 2013] Seacord, Robert C.
Secure Coding in C and C++, Second Edition.
Boston: Addison-Wesley
, . 2013.
See http://www.cert.org/books/secure-coding for news and errata.[Sebor 2004] Sebor, Martin.
C++ Standard Core Language Active Issues, Revision 68, Issue 475, . 2010.
[SGI 2006] Silicon Graphics, Inc.
" basic_string<charT, traits, Alloc>.
" Standard Template Library Programmer's Guide, . 2006.
[Steele 1977] Steele, G. L.
1977. Arithmetic shifting considered harmful. SIGPLAN NotNotices. Volume 12
, . Issue 11
(Nov.
November 1977
), . Pages 61-69.
Anchor |
---|
| Stroustrup 97 |
---|
| Stroustrup 97 |
---|
|
[Stroustrup 1997] Stroustrup, Bjarne.
The C++ Programming Language, Third Edition.
Reading, MA: Addison-Wesley
, . 1997
(ISBN 0201889544). ISBN 978-0201700732.
Anchor |
---|
| Stroustrup 06 |
---|
| Stroustrup 06 |
---|
|
[Stroustrup 2006] Stroustrup, Bjarne.
C++ Style and Technique FAQ (.2006
).
Accessed November December 2016
[accessed].
Anchor |
---|
| Stroustrup 01 |
---|
| Stroustrup 01 |
---|
|
[Stroustrup 2001] Stroustrup, Bjarne.
Exception Safety: Concepts and Techniques (2001). AT&T Labs. 2001.
[Sun 1993]
Sun Security Bulletin #00122, . 1993.
[Sutter 2000] Sutter, Herb.
Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2000
(. ISBN 0201615622
).
[Sutter 2001] Sutter, Herb.
More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2001
(. ISBN 020170434
).
[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei.
C++ Coding Standards: 101 Rules, Guidelines, and Best Practices.
Boston, MA: Addison Addison-Wesley Professional
, . 2004
(. ISBN 0321113586
).
Anchor |
---|
| van Sprundel06 |
---|
| van Sprundel06 |
---|
|
[van Sprundel 2006] van Sprundel, Ilja.
Unusual bugs, 2006. 2006.[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. O'Reilly. 2003. ISBN 0-596-00394-3.
[Viega
20032005] Viega, John
& Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). Anchor |
---|
Viega 05 | Viega 05 | [Viega 2005] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.. CLASP Reference Guide, Volume 1.1. Secure Software. 2005.[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523. Adobe Flash Player integer overflow vulnerability. April 2008. [VU#162289] Dougherty, Chad. Vulnerability Note VU#162289. GCC Silently Discards Some Wraparound Checks. April 2008.[VU#623332] Mead, Robert. Vulnerability Note VU#623332. MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function. July 2005. [VU#925211] Weimer, Florian. Vulnerability Note VU#925211. Debian and Ubuntu OpenSSL packages contain a predictable random number generator. May Anchor |
---|
VU#159523 | VU#159523 | [VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523, Adobe Flash Player integer overflow vulnerability. April 2008. Anchor |
---|
VU#162289 | VU#162289 | [VU#162289] Dougherty, Chad. Vulnerability Note VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.
[Warren 2002] Warren, Henry S.
Hacker's Delight.
Boston, MA: Addison Wesley Professional. 2002
(. ISBN 0201914654
).
[Williams
20102010a] Williams, Anthony
. Thread.
Boost Library Thread, 2007-2008. 2010.
[Williams
20102010b] Williams, Anthony.
Simpler Multithreading in C++0x, . Internet.com
, . 2010.
[xorl 2009] xorl.
xorl %eax, %eax.
Image Removed Image Removed Image Removed. December 2016 [accessed].