SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 238

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: C17 ref as well as C24 ref

Anchor
Apple Acton 06Apple 06
Wiki Markup\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May
Acton 06

[Acton 2006] Acton, Mike. "Understanding Strict Aliasing." CellPerformance, June 1, 2006.

Anchor
Austin Group 08Austin Group 08

Wiki Markup
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

...

Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

Anchor
Apiki 2006
Apiki 2006

[Apiki 2006] Apiki, Steve. "Lock-Free Programming on AMD Multi-Core System." AMD Developer Central, 2006.

Anchor
Apple 06
Apple 06

[Apple 2006] Apple, Inc. Secure Coding Guide . May 2006.

Anchor
Asgher 2000
Asgher 2000

[Asgher 2000] Asgher, Sarmad. "Practical Lock-Free Buffers." Dr. Dobbs Go-Parallel, August 26, 2000.

Anchor
Bailey 14
Bailey 14

[Bailey 2014] Bailey, Don A. Raising Lazarus—The 20 Year Old Bug that Went to Mars . 2014.

Anchor
Banahan 03
Banahan 03

[Banahan 2003] Banahan, Mike. The C Book . 2003.

Anchor
Barney 10
Barney 10

[Barney 2010] Barney, Blaise. "Mutex Variables." POSIX Threads Programming, 2010.

Anchor
Becker 08
Becker 08

[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++. April 2008.

Anchor
Beebe 05
Beebe 05

[Beebe 2005] Beebe, Nelson H. F. Re: Remainder (%) Operator and GCC. 2005.

Anchor
Black 07
Black 07

[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007

...

Wiki Markup
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

...

Wiki Markup
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

AnchorBecker 08Becker 08 Wiki Markup\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Anchor
Brainbell.com
Brainbell.com
Wiki Markup\[Brainbell.com\]
[Brainbell.com] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Anchor
Bryant 03
Bryant 03
Wiki Markup
\[Bryant 03\2003] Bryant, Randal E. , & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice . Upper Saddle River, NJ: Prentice Hall, 2003 (ISBN 0-13-034074-X).

Anchor
Burch 06
Burch 06
unmigrated-wiki-markup
\
[Burch 06\2006] Burch, Hal, ; Long, Fred, ; & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Anchor
Callaghan 95Callaghan 95

Wiki Markup
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Butenhof 97
Butenhof 97

[Butenhof 1997] Butenhof, David R. Programming with POSIX® Threads . Boston: Addison-Wesley Professional, 1997 (ISBN 0-201-63392-2).

Anchor
C99 2003
C99 2003

[C99 Rationale 2003] Rationale for International Standard—Programming Languages—C, Revision 5.10 (C99 Rationale), April 2003.

Anchor
Callaghan 95
Callaghan 95

[Callaghan 1995] Callaghan, B; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.

Anchor
Cassidy 2014
Cassidy 2014

[Cassidy 2014] Cassidy, Sean. existential type crisis : Diagnosis of the Heartbleed Bug [blog post]. April 2014.

Anchor
CERT 06a
CERT 06a

[CERT 2006a] CERT/CC. CERT/CC Statistics 1988–2006. AnchorCERT 06aCERT 06a Wiki Markup\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Anchor
CERT 06b
CERT 06b
unmigrated-wiki-markup
\
[CERT 06b\2006b] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Anchor
CERT 06c
CERT 06c
Wiki Markup\
[CERT 06c\2006c] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web siteCoding website.

Anchor
Chen 02
Chen 02
Wiki Markup\
[Chen 02\]  2002]  Chen, H., ; Wagner, D., ; & Dean, D. ["Setuid demystified."|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, Demystified. USENIX Security Symposium, 2002.

Anchor
Corfield 93Corfield 93
Chess 07
Chess 07

[Chess 2007] Chess, Brian, & West, Jacob. Secure Programming with Static Analysis. Boston: Addison-Wesley 2007.

Anchor
Corfield 93
Corfield 93

[Corfield 1993] Corfield, Sean A. "Making String Literals 'const'." November Wiki Markup\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Anchor
Coverity 07
Coverity 07
Wiki Markup
\[Coverity 07\2007] Coverity Prevent User's Manual (3.3.0), . 2007.

Anchor
CVE
CVE
Wiki Markup\
[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/]..

Anchor
CPPReference
CPPReference
Wiki Markup\
[C+\+ Reference\] [Standard C Library, General C\++, C+ + Standard Template Library|http://www.cppreference.com/]

Anchor
Dewhurst 02
Dewhurst 02
Wiki Markup
\[Dewhurst 02\2002] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Anchor
Dewhurst 05
Dewhurst 05
Wiki Markup
\[Dewhurst 05\2005] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Anchor
DHS 06
DHS 06
Wiki Markup\[DHS 06\]
[DHS 2006] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].. 2006.

Anchor
DISA 2008
DISA 2008
Anchor
DISA 2015
DISA 2015

[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed April 2015.

Anchor
DISA 2016
DISA 2016

[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.

Anchor
DISA 2018
DISA 2018

[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.

Anchor
DOD 5220
DOD 5220

[DOD 5220] U.S. Department of Defense. DoD Standard 5220.22-M (Word Anchor DOD 5220 DOD 5220 Wiki Markup\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

Anchor
Dowd 06
Dowd 06
Wiki Markup\
[Dowd 06\2006] Dowd, M., ; McDonald, J., ; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Anchor
Drepper 06
Drepper 06
Wiki Markup\
[Drepper 06\2006] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming. pdf], May 3, 2006.

Anchor
Eckel 07Eckel 07
Duff 88
Duff 88

[Duff 1988] Duff, Tom. Tom Duff on Duff's Device. August 29, 1988.

Anchor
Dutta 03
Dutta 03

[Dutta 2003] Dutta, Shiv. Best Practices for Programming in C. June 26, 2003.

Anchor
Eckel 07
Eckel 07

[Eckel 2007] Eckel, Bruce. Thinking in C++, Vol. 2 . January 25, Wiki Markup\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

Anchor
ECTC 98
ECTC 98
Wiki Markup\
[ECTC 98\1998] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

Anchor
Eide and Regehr
Eide and Regehr
Wiki Markup\
[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J. 2008] Eide, E., & Regehr, J. Volatiles Are Miscompiled, and What to Do about It. 2008.

Anchor
Feather 97
Feather 97

[Feather 1997] Feather, Clive, D. W. Solving the struct Hack Problem. JTC1/SC22/WG14 N791. (1997).

Anchor
Finlay 03
Finlay 03
Wiki Markup\
[Finlay 03\2003] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Anchor
Fisher 99
Fisher 99
unmigrated-wiki-markup
\
[Fisher 99\1999] Fisher, David David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Algorithms—A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-85–8, 1999.

Anchor
Flake 06
Flake 06
Wiki Markup\
[Flake 06\2006] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal on Uninitialized Local Variables." Black Hat Federal, 2006.

Anchor
Fortify 06
Fortify 06
Wiki Markup\
[Fortify 06\2006] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006. 2006.

Anchor
Fomichev 16
Fomichev 16

[Fomichev 2016] Fomichev, Roman. "Safe Clearing of Private Data". PVS-Studio Team, 2016.

Anchor
FSF 05
FSF 05
Wiki Markup\
[FSF 05\2005] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], GCC Online Documentation. 2005.

Anchor
Garfinkel 96
Garfinkel 96
unmigrated-wiki-markup
\
[Garfinkel 96\1996] Garfinkel, Simson Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Editioned. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Anchor
GCC Bugs
GCC Bugs

[GCC Bugs] GCC Team. GCC Bugs. Free Software Foundation, Inc.

Anchor
GNU 10
GNU 10

[GNU 2010] GNU. Coding Standards. GNU, 2010.

Anchor
GNU Pth
GNU Pth
Wiki Markup\
[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Anchor
Goldberg 91
Goldberg 91
Wiki Markup\
[Goldberg 91\1991] Goldberg, David. [What What Every Computer Scientist Should Know About about Floating-Point Arithmetic|http://docs.sun. com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Anchor
Goodin 2009
Goodin 2009

[Goodin 2009] Goodin, Dan. Clever Attack Exploits Fully-Patched Linux Kernel. The Register, July 2009.

Anchor
Gough 2005
Gough 2005
Wiki Markup\
[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN . Network Theory Ltd., Revised August 2005 (ISBN 0-9541617-9-3).

Anchor
Graf 03
Graf 03
Wiki Markup
\[Graff 03\2003] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Anchor
Greenman 97
Greenman 97
unmigrated-wiki-markup
\
[Greenman 97\1997] Greenman, David. [_serious security bug in Serious Security Bug in wu-ftpd v2.4_|http://seclists. org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Anchor
Griffiths 06
Griffiths 06
unmigrated-wiki-markup
\
[Griffiths 06\2006] Griffiths, Andrew. "[Clutching at strawsStraws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."When You Can Shift the Stack Pointer. 2006.

Anchor
Gutmann 96
Gutmann 96
Wiki Markup\
[Gutmann 96\1996] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.. July 1996.

Anchor
Haddad 05
Haddad 05

[Haddad 2005] Haddad, Ibrahim. "Secure Coding in C and C++: An Interview with Robert Seacord, Senior Vulnerability Analyst at CERT." Linux World Magazine, November AnchorHaddad 05Haddad 05 Wiki Markup\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Anchor
Hatton 95
Hatton 95
Wiki Markup
\[Hatton 95\1995] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Anchor
Henricson 92Henricson 92
Hatton 03
Hatton 03

[Hatton 2003] Hatton, Les. EC-: A Measurement-Based Safer Subset of ISO C Suitable for Embedded System Development. November 5, 2003.

Anchor
Henricson 92
Henricson 92

[Henricson 1992] Henricson, Mats & Nyquist, Erik. Programming in C++, Rules and Recommendations. Ellemtel Telecommunication Systems Laboratories, Wiki Markup\[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Anchor
Horton 90
Horton 90
Wiki Markup
\[Horton 90\1990] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Anchor
Howard 02
Howard 02
unmigrated-wiki-markup
\
[Howard 02\2002] Howard, Michael , & LeBlanc, David C. _[_Writing Secure Code , 2nd ed. Redmond Redmond, WA: _|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Anchor
HP 03
HP 03
Wiki Markup\
[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003] Hewlett-Packard Company. Tru64 UNIX: Protecting Your System against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.

Anchor
IEC 60812 2006
IEC 60812 2006
unmigrated-wiki-markup
\
[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January ] IEC (International Electrotechnical Commission). Analysis Techniques for System Reliability—Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed. (IEC 60812). Geneva, Switzerland: IEC, 2006.

Anchor
IEC 61508 4
IEC 61508 4
Wiki Markup\
[IEC 61508-4\]  _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, ] IEC. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems—Part 4: Definitions and Abbreviations. Geneva, Switzerland: IEC, 1998.

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE (Institute of Electrical and Electronics Engineers). Standard for Binary Floating-Point Arithmetic (IEEE 754-1985). New York: IEEE, 2006.

Anchor
IEEE Std 610.12 1990
IEEE Std 610.12 1990
unmigrated-wiki-markup
\
[IEEE Std 610.12 1990\] _IEEE. IEEE Standard Glossary of Software Engineering Terminology_, September 1990Terminology. (1990).

Anchor
IEEE 754 2006IEEE 754 2006

Wiki Markup
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

...

Wiki Markup
\[IEEE 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition

...

Wiki Markup
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

...

Wiki Markup
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

...

Std 1003.1-2004
IEEE Std 1003.1-2004

[IEEE Std 1003.1:2004] IEEE and The Open Group. The Open Group Base Specifications Issue 6 (IEEE Std 1003.1), 2004 Edition. (See also ISO/IEC 9945-2004 and Open Group 04.)

Anchor
IEEE Std 1003.1
IEEE Std 1003.1
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008

[IEEE Std 1003.1:2008] IEEE and The Open Group. The Open Group Base Specifications Issue 7 (IEEE Std 1003.1), 2008 Edition. See also ISO/IEC 9945-2008 and Open Group 2008.

Anchor
IEEE Std 1003.1-2013
IEEE Std 1003.1-2013

[IEEE Std 1003.1:2013] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 (IEEE Std 1003.1, 2013 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089.

Anchor
IETF RFC 6520
IETF RFC 6520

[IETF: RFC 6520] Internet Engineering Task Force (IETF). Request for Comments 6520: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. February 2012.

Anchor
IEEE 1003
IEEE 1003
Anchor
ilja 06
ilja 06

 [ilja 2006] ilja. "readlink abuse." ilja's blog. August 13, 2006.

Anchor
Intel 01
Intel 01

[Intel 2001] Intel Corp. _Floating-Point IEEE Filter for Microsoft Windows 2000 on the Intel® Itanium© Architecture. March 2001.

Anchor
Internet Society 00
Internet Society 00

[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.

Anchor
ISO/IEC 10646-2003
ISO/IEC 10646-2003
Anchor
ISO-IEC 10646-2003
ISO-IEC 10646-2003

[ISO/IEC 10646:2003] ISO/IEC (International Organization for Standardization/International Electrotechnical Commission). Information Technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003

...

Wiki Markup
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

...

Wiki Markup
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

...

Wiki Markup
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

AnchorISO/IEC 9899-1999ISO/IEC 9899-1999 Wiki Markup\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Anchor
ISO/IEC 10646-20032012
ISO/IEC 10646-20032012
Anchor
ISO-IEC 10646-2012
ISO-IEC 10646-2012

[ISO/IEC 10646:2012] ISO/IEC. Information technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2012). Geneva, Switzerland: ISO, 2012 Wiki Markup\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Anchor
ISO/IEC 1488211889-1-20032009
ISO/IEC 14882-200311889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

Wiki Markup\[ISO/IEC 14882:2003\] 11889-1:2009] ISO/IEC. _Programming Languages --- C++, Second Edition_ Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 14882-200311889-1:2009). Geneva, Switzerland: International Organization for Standardization, 2003ISO, 2009.

Anchor
ISO/IEC 2336014882-1-20062003
ISO/IEC 23360-1-2006
Wiki Markup\
14882-2003
Anchor
ISO-IEC 14882-2003
ISO-IEC 14882-2003

[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf] AnchorISO/IEC 03ISO/IEC 03

Wiki Markup
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

...

Wiki Markup
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

...

Wiki Markup
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

...

14882:2003] ISO/IEC. Programming Languages—C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: ISO, 2003.

Anchor
ISO/IEC 14882-2011
ISO/IEC 14882-2011
Anchor
ISO-IEC 14882-2011
ISO-IEC 14882-2011

[ISO/IEC 14882:2011] ISO/IEC. Information Technology—Programming Languages—C++, Third Edition (ISO/IEC 14882-2011). Geneva, Switzerland: ISO, 2011.

Anchor
ISO/IEC 23360-1-2006
ISO/IEC 23360-1-2006
Anchor
ISO-IEC 23360-1-2006
ISO-IEC 23360-1-2006

[ISO/IEC 23360-1:2006] ISO/IEC. Linux Standard Base (LSB) Core Specification 3.1—Part 1: Generic Specification . Geneva, Switzerland: ISO, 2006.

Anchor
ISO/IEC 646-1991
ISO/IEC 646-1991
Anchor
ISO-IEC 646-1991
ISO-IEC 646-1991

[ISO/IEC 646:1991] ISO/IEC. Information Technology: ISO 7-Bit Coded Character Set for Information Interchange (ISO/IEC 646-1991). Geneva, Switzerland: ISO, 1991.

Anchor
ISO/IEC 9899:1990
ISO/IEC 9899:1990
Anchor
ISO-IEC 9899-1990
ISO-IEC 9899-1990

[ISO/IEC 9899:1990] ISO/IEC. Programming Languages—C (ISO/IEC 9899:1990). Geneva, Switzerland: ISO, 1990.

Anchor
ISO/IEC 9899:1999
ISO/IEC 9899:1999
Anchor
ISO-IEC 9899-1999
ISO-IEC 9899-1999

[ISO/IEC 9899:1999] ISO/IEC. Programming Languages—C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: ISO, 1999.

Anchor
ISO/IEC 9899-2011
ISO/IEC 9899-2011
Anchor
ISO-IEC 9899-2011
ISO-IEC 9899-2011

[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011.

Anchor
ISO/IEC 9899-2017
ISO/IEC 9899-2017
Anchor
ISO-IEC 9899-2017
ISO-IEC 9899-2017

[ISO/IEC 9899:2017] ISO/IEC. Programming Languages—C, 4th ed (ISO/IEC 9899:2017). Geneva, Switzerland: ISO, 2017.

Anchor
ISO/IEC 9899-2024
ISO/IEC 9899-2024
Anchor
ISO-IEC 9899-2024
ISO-IEC 9899-2024

[ISO/IEC 9899:2024] ISO/IEC. Programming Languages—C, 5th ed (ISO/IEC 9899:2024). Geneva, Switzerland: ISO, 2024.

Anchor
ISO/IEC 9945-2003
ISO/IEC 9945-2003
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003

[ISO/IEC 9945:2003] ISO/IEC. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX®) [including Technical Corrigendum 1] (ISO/IEC 9945:2003). Geneva, Switzerland: ISO, 2003.

Anchor
ISO/IEC/IEEE 24765:2010
ISO/IEC/IEEE 24765:2010
Anchor
ISO/IEC/IEEE 24765-2010
ISO/IEC/IEEE 24765-2010

[ISO/IEC/IEEE 24765:2010] ISO/IEC/IEEE. Systems and Software Engineering—Vocabulary (ISO/IEC/IEEE 24765:2010). Geneva, Switzerland: ISO, 2010.

Anchor
ISO/IEC/IEEE 9945-2008
ISO/IEC/IEEE 9945-2008
Anchor
ISO-IEC-IEEE 9945-2008
ISO-IEC-IEEE 9945-2008

[ISO/IEC/IEEE 9945:2008] ISO/IEC/IEEE. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX ® ). (ISO/IEC/IEEE 9945:2008) Geneva, Switzerland: ISO, 2008.

Anchor
ISO/IEC DTR 24732
ISO/IEC DTR 24732
Anchor
ISO-IEC DTR 24732
ISO-IEC DTR 24732

[ISO/IEC DTR 24732] ISO/IEC JTC1 SC22 WG14 N1290. Extension for the Programming Language C to Support Decimal Floating-Point Arithmetic . Geneva, Switzerland: ISO, March 2008.

Anchor
ISO/IEC JTC1/SC22/WG11
ISO/IEC JTC1/SC22/WG11
Anchor
ISO-IEC JTC1-SC22-WG11
ISO-IEC JTC1-SC22-WG11

[ISO/IEC JTC1/SC22/WG11] ISO/IEC. Binding Techniques (ISO/IEC JTC1/SC22/WG11). Geneva, Switzerland: ISO, 2007.

Anchor
ISO-IEC JTC1-SC22-WG14
ISO-IEC JTC1-SC22-WG14

[ISO/IEC JTC1/SC22/WG14] ISO/IEC. Solving the Struct Hack Problem (ISO/IEC JTC1/SC22/WG14 N791). Geneva, Switzerland: ISO, 1997.

Anchor
ISO/IEC TR 24731-1-2007
ISO/IEC TR 24731-1-2007
Anchor
ISO-IEC TR 24731-1-2007
ISO-IEC TR 24731-1-2007

[ISO/IEC TR 24731-1:2007] ISO/IEC TR 24731. Extensions to the C Library—Part I: Bounds-Checking Interfaces. Geneva, Switzerland: ISO, April 2006.

Anchor
ISO/IEC PDTR 24731-2-2007
ISO/IEC PDTR 24731-2-2007
Anchor
ISO-IEC PDTR 24731-2-2007
ISO-IEC PDTR 24731-2-2007

[ISO/IEC PDTR 24731-2] Extensions to the C Library—Part II: Dynamic Allocation Functions. Geneva, Switzerland: ISO, August 2007.

Anchor
ISO/IEC TR 24731-2-2010
ISO/IEC TR 24731-2-2010
Anchor
ISO-IEC TR 24731-2-2010
ISO-IEC TR 24731-2-2010

[ISO/IEC TR 24731-2:2010] ISO/IEC TR 24731. Extensions to the C Library—Part II: Dynamic Allocation Functions . Geneva, Switzerland: ISO, April 2010.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010
Anchor
ISO-IEC TR 24772-2010
ISO-IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772:2010. Information Technology— Programming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013
Anchor
ISO-IEC TR 24772-2013
ISO-IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013.

Anchor
ISO/IEC TS 17961
ISO/IEC TS 17961
Anchor
ISO-IEC TS 17961
ISO-IEC TS 17961
Anchor
ISO/IEC TS 17961-2013
ISO/IEC TS 17961-2013

[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, 2012.

Anchor
ISO/IEC WG14 N1173
ISO/IEC WG14 N1173
Anchor
ISO-IEC WG14 N1173
ISO-IEC WG14 N1173
[ISO/IEC WG14 N1173] ISO/IEC.  Rationale for TR 24731 Extensions to the C Library—Part I: Bounds-Checking Interfaces .

Anchor
Jack 07
Jack 07

[Jack 2007] Jack, Barnaby. Vector Rewrite Attack . May 2007.

Anchor
Jones 04
Jones 04

[Jones 2004] Jones, Nigel. Learn a New Trick with the offsetof() Macro. Embedded Systems Programming, March 2004.

Anchor
Jones 08
Jones 08

[Jones 2008] Jones, Derek M. The New C Standard: An Economic and Cultural Commentary. Knowledge Software Ltd., 2008.

Anchor
Jones 10
Jones 10

[Jones 2010] Jones, Larry. (2010). WG14 N1539 Committee Draft ISO/IEC 9899:201x .

Anchor
Juric n.d.
Juric n.d.

[Juric n.d.] Juric, Zeljko, et al. (n.d.). TIGCC Documentation, Latest Development Version (TIGCC/TIGCCLIB CVS): C Language Keywords.

Anchor
Keaton 09
Keaton 09

[Keaton 2009] Keaton, David; Plum, Thomas; Seacord, Robert C.; Svoboda, David; Volkovitsky, Alex; & Wilson, Timothy. As-if Infinitely Ranged Integer Model. CMU/SEI-2009-TN-023. July 2009.

Anchor
Keil 08
Keil 08

[Keil 2008] Keil, an ARM Company. "Floating Point Support." RealView Libraries and Floating Point Support Guide, 2008.

Anchor
Kennaway 00
Kennaway 00

[Kennaway 2000] Kennaway, Kris. Re: /tmp topic. December 2000.

Anchor
Kernighan 88
Kernighan 88

[Kernighan 1988] Kernighan, Brian W. & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

Anchor
Kettle 02
Kettle 02

[Kettlewell 2002] Kettlewell, Richard. C Language Gotchas . February 2002.

Anchor
Kettle 03
Kettle 03

[Kettlewell 2003] Kettlewell, Richard. Inline Functions in C . March 2003.

Anchor
Kirch-Prinz 02
Kirch-Prinz 02

[Kirch-Prinz 2002] Kirch-Prinz, Ulla & Prinz, Peter. C Pocket Reference. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Anchor
Klarer 04
Klarer 04

[Klarer 2004] Klarer, R.; Maddock, J.; Dawes, B.; & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C++ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004.

Anchor
Klein 02
Klein 02

[Klein 2002] Klein, Jack. Bullet Proof Integer Input Using strtol() . 2002.

Anchor
Koenig 89
Koenig 89

[Koenig 1989] Koenig, Andrew. C Traps and Pitfalls. Addison-Wesley Professional, 1989.

Anchor
Kuhn 06
Kuhn 06

[Kuhn 2006] Kuhn, Markus. UTF-8 and Unicode FAQ for Unix/Linux . 2006.

Anchor
Lai 06
Lai 06

[Lai 2006] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.

Anchor
Lea 2000
Lea 2000

[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

Anchor
Lewis 06
Lewis 06

[Lewis 2006] Lewis, Richard. "Security Considerations when Handling Sensitive Data." Posted on the Application Security by Richard Lewis blog October 2006.

Anchor
Linux 08
Linux 08

[Linux 2008] Linux Programmer's Manual. October 2008.

Anchor
Lions 96
Lions 96

[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Anchor
Lipson 00
Lipson 00

[Lipson 2000] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33–39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22–24, 1999. New York: Association for Computing Machinery, 2000.

Anchor
Lipson 06
Lipson 06

[Lipson 2006] Lipson, Howard. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks (CMU/SEI-2006-TN-027).  Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Anchor
Liu 2009
Liu 2009

[Liu 2009] Likai Liu. Making NULL-pointer reference legal, Life of a Computer Science Student. January, 2009.

Anchor
Lockheed Martin 05
Lockheed Martin 05

[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001 Rev C., December 2005.

Anchor
Loosemore 07
Loosemore 07

[Loosemore 2007] Loosemore, Sandra; Stallman, Richard M.; McGrath, Roland; Oram, Andrew; & Drepper, Ulrich. The GNU C Library Reference Manual, Edition 0.11. September 2007.

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] McCluskey, Glen.  Flexible Array Members and Designators in C9X . ;login:, 26, 4 (July 2001): 29–32.

Anchor
Mell 07
Mell 07

[Mell 2007] Mell, Peter; Scarfone, Karen; & Romanesky, Sasha. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0." FIRST, June 2007.

Anchor
mercy 06
mercy 06

[Mercy 2006] Mercy. Exploiting Uninitialized Data . January 2006.

Anchor
Meyers 2004
Meyers 2004

[Meyers 2004] Meyers, Randy. Limited size_t WG14 N1080. September 2004.

Anchor
Michael 2004
Michael 2004

[Michael 2004] Michael, M.M. "Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects." IEEE Transactions on Parallel and Distributed Systems, 15, 8 (2004).

Anchor
Microsoft 03
Microsoft 03

[Microsoft 2003] Microsoft Security Bulletin MS03-026, "Buffer Overrun In RPC Interface Could Allow Code Execution (823980)." September 2003.

Anchor
Microsoft 07
Microsoft 07

[Microsoft 2007] Microsoft. C Language Reference, 2007.

Anchor
Miller 2007
Miller 2007

[Miller 2007] Miller, Damien. "Security Measures in OpenSSH," white paper. OpenSSH Project, 2007.

Anchor
Miller 99
Miller 99

[Miller 1999] Miller, Todd C. & de Raadt, Theo. strlcpy and strlcat—Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference, June 6–11, 1999, Monterey, California, USA. Berkeley, CA: USENIX Association, 1999.

Anchor
Miller 04
Miller 04

[Miller 2004] Miller, Mark C.; Reus, James F.; Matzke, Robb P.; Koziol, Quincey A.; & Cheng, Albert P. "Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing." In Proceedings of the Nuclear Explosives Code Developer's Conference. Livermore, CA: Lawrence Livermore National Laboratory, December 2004.

Anchor
MISRA 04
MISRA 04

[MISRA 2004] MISRA (Motor Industry Software Reliability Association). MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. Nuneaton, UK: MIRA, 2004 (ISBN 095241564X).

Anchor
MISRA 08
MISRA 08

[MISRA 2008] MISRA. MISRA C++ : 2008 Guidelines for the Use of the C++ Language in Critical Systems. Nuneaton, UK: MIRA, 2008 (ISBN 978-906400-03-3 [paperback], ISBN 978-906400-04-0 [PDF]), 2008.

Anchor
MISRA 12
MISRA 12

[MISRA C:2012] MISRA. MISRA C3: Guidelines for the Use of the C Language in Critical Systems 2012. Nuneaton, UK: MIRA, 2012. ISBN 978-1-906400-10-1.

Anchor
MIT 04
MIT 04

[MIT 2004] MIT (Massachusetts Institute of Technology). "MIT krb5 Security Advisory 2004-002," 2004.

Anchor
MIT 05
MIT 05

[MIT 2005] MIT. "MIT krb5 Security Advisory 2005-003.

Anchor
MITRE
MITRE

[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.

Anchor
MITRE 07
MITRE 07

[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9. April 2008.

Anchor
MKS
MKS

[MKS] MKS, Inc. MKS Reference Pages.

Anchor
MSDN
MSDN

[MSDN] Microsoft Developer Network.

Anchor
Murenin 07
Murenin 07

[Murenin 2007] Murenin, Constantine A. cnst: 10-Year-Old Pointer-Arithmetic Bug in make(1) Is Now Gone, Thanks to malloc.conf and Some Debugging. LiveJournal, June 2007.

Anchor
NAI 98
NAI 98

[NAI 1998] Network Associates, Inc. Bugtraq: Network Associates Inc. Advisory (OpenBSD). 1998.

Anchor
NASA-GB-1740.13
NASA-GB-1740.13

[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).

Anchor
NIST 06
NIST 06

[NIST 2006] NIST. SAMATE Reference Dataset . 2006.

Anchor
OpenBSD
OpenBSD

[OpenBSD] Berkley Software Design, Inc. Manual Pages. June 2008.

Anchor
Open Group 97a
Open Group 97a

[Open Group 1997a] The Open Group. The Single UNIX® Specification, Version 2 . 1997.

Anchor
Open Group 97b
Open Group 97b

[Open Group 1997b] The Open Group. Go Solo 2—The Authorized Guide to Version 2 of the Single UNIX Specification . May 1997.

Anchor
POSIX.1-2004
POSIX.1-2004
Anchor
IEEE Std 1003.1-2004
IEEE Std 1003.1-2004
Anchor
ISO/IEC 9945:2003
ISO/IEC 9945:2003
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 04
Open Group 04

[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition . 2004. (See also IEEE Std 1003.1-2004.)

Anchor
POSIX.1-2008
POSIX.1-2008
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008
Anchor
ISO/IEC 9945:2008
ISO/IEC 9945:2008
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 08
Open Group 08

[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition . 2008. (See also IEEE Std 1003.1-2008.)

Anchor
OpenMP
OpenMP

[OpenMP] The OpenMP API® Specification for Parallel Programming.

Anchor
OWASP Double Free
OWASP Double Free

[OWASP Double Free] Open Web Application Security Project, "Double Free."

Anchor
OWASP Freed Memory
OWASP Freed Memory

[OWASP Freed Memory] Open Web Application Security Project, "Using Freed Memory."

Anchor
Pethia 03
Pethia 03

[Pethia 2003] Pethia, Richard D. "Viruses and Worms: What Can We Do About Them?" September 10, 2003.

Anchor
Pfaff 04
Pfaff 04

[Pfaff 2004] Pfaff, Ken Thompson. "Casting (time_t)(-1)." Google Groups comps.lang.c, March 2, 2004.

Anchor
Pike 93
Pike 93

[Pike 1993] Pike, Rob & Thompson, Ken. "Hello World." Proceedings of the USENIX Winter 1993 Technical Conference, San Diego, CA, January 25–29, 1993, pp3 43–50.

Anchor
Plakosh 05
Plakosh 05

[Plakosh 2005] Plakosh, Dan. "Consistent Memory Management Conventions." Build Security In, 2005.

Anchor
Plum 85
Plum 85

[Plum 1985] Plum, Thomas. Reliable Data Structures in C. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Anchor
Plum 89
Plum 89

[Plum 1989] Plum, Thomas & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Anchor
Plum 91
Plum 91

[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Anchor
Plum 08
Plum 08

[Plum 2008] Plum, Thomas. "Static Assertions." June 2008.

Anchor
Plum 12
Plum 12

[Plum 2012] Plum, Thomas. C Finally Gets a New Standard. Dr. Dobb's, 2012.

Anchor
Redwine 06
Redwine 06

[Redwine 2006] Redwine, Samuel T., Jr., ed. Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1. U.S. Department of Homeland Security, September 2006. (See Software Assurance Common Body of Knowledge on Build Security In.)

Anchor
Roelker 04
Roelker 04

[Roelker 2004] Roelker, Daniel. "HTTP IDS Evasions Revisited." September 2004.

Anchor
RUS-CERT
RUS-CERT

[RUS-CERT] RUS-CERT Advisory 2002-08:02, "Flaw in calloc and Similar Routines." 2002.

Anchor
Saks 99
Saks 99

[Saks 1999] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13–16.

Anchor
Saks 00
Saks 00

[Saks 2000] Saks, Dan. "Numeric Literals ." Embedded Systems Programming, September 2000.

Anchor
Saks 01a
Saks 01a

[Saks 2001a] Saks, Dan. "Symbolic Constants ." Embedded Systems Design, November 2001.

Anchor
Saks 01b
Saks 01b

[Saks 2001b] Saks, Dan. "Enumeration Constants vs. Constant Objects." Embedded Systems Design, November 2001.

Anchor
Saks 02
Saks 02

[Saks 2002] Saks, Dan. "Symbolic Constant Expressions." Embedded Systems Design, February 2002.

Anchor
Saks 05
Saks 05

[Saks 2005] Saks, Dan. "Catching Errors Early with Compile-Time Assertions." Embedded Systems Design, June 2005.

Anchor
Saks 07a
Saks 07a

[Saks 2007a] Saks, Dan. "Sequence Points." Embedded Systems Design, July 1, 2002.

Anchor
Saks 07b
Saks 07b

[Saks 2007b] Saks, Dan. "Bail, Return, Jump, or . . . Throw?" Embedded Systems Design, March 2007.

Anchor
Saks 07c
Saks 07c

[Saks 2007c] Saks, Dan. "Standard C's Pointer Difference Type." Embedded Systems Design, October 2007.

Anchor
Saks 08
Saks 08

[Saks 2008] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation). March 2008.

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] Saltzer, J. H. "Protection and the Control of Information Sharing in Multics." Communications of the ACM 17, 7 (July 1974): 388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] Saltzer, J. H. & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278–1308.

Anchor
Schwarz 05
Schwarz 05

[Schwarz 2005] Schwarz, B.; Wagner, Hao Chen; Morrison, D.; West, G.; Lin, J.; & Tu, J. Wei. "Model Checking an Entire Linux Distribution for Security Violations." Proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN 1063-9527; ISBN

...

Wiki Markup
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

...

Wiki Markup
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0134/n0134.pdf], March 2008.

...

Wiki Markup
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

...

Wiki Markup
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

...

Wiki Markup
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

...

Wiki Markup
\[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

...

Wiki Markup
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

...

Wiki Markup
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

...

Wiki Markup
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

...

Wiki Markup
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

...

Wiki Markup
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

...

Wiki Markup
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

...

Wiki Markup
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

...

Wiki Markup
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

...

Wiki Markup
\[Koenig 89\] Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

...

Wiki Markup
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

...

Wiki Markup
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

...

Wiki Markup
\[Lewis 06\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

...

Wiki Markup
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], July 2007.

...

Wiki Markup
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

...

Wiki Markup
\[Lipson 00\] Lipson, Howard  & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

...

Wiki Markup
\[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).  Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

...

Wiki Markup
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

...

Wiki Markup
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11,  September 2007.

...

Wiki Markup
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

...

Wiki Markup
\[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

...

Wiki Markup
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

...

Wiki Markup
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

...

Wiki Markup
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

...

Wiki Markup
\[Miller 99\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

...

Wiki Markup
\[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

...

Wiki Markup
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

...

Wiki Markup
\[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

...

Wiki Markup
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

...

Wiki Markup
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

...

Wiki Markup
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

...

Wiki Markup
\[Murenin 07\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

...

Wiki Markup
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

...

Wiki Markup
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

...

Wiki Markup
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

...

Wiki Markup
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. |http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

...

Wiki Markup
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

...

Wiki Markup
\[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

...

Wiki Markup
\[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

...

Wiki Markup
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

...

Wiki Markup
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

...

Wiki Markup
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

...

Wiki Markup
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

...

Wiki Markup
\[Pfaff 04\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

...

Wiki Markup
\[Pike 93\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

...

Wiki Markup
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

...

Wiki Markup
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

...

Wiki Markup
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

...

Wiki Markup
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

...

Wiki Markup
\[Plum 08\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

...

Wiki Markup
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

...

Wiki Markup
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

...

Wiki Markup
\[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

...

Wiki Markup
\[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

...

Wiki Markup
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

...

Wiki Markup
\[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

...

Wiki Markup
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

...

Wiki Markup
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

...

Wiki Markup
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

...

Wiki Markup
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

...

Wiki Markup
\[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

...

Wiki Markup
\[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

...

Wiki Markup
\[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

AnchorSchwarz 05Schwarz 05 Wiki Markup\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Anchor
Seacord 03
Seacord 03
Wiki Markup\
[Seacord 03\2003] Seacord, Robert C., ; Plakosh, Daniel, ; & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. . Boston: Addison-Wesley, February 2003.

Anchor
Seacord 05
Seacord 05
Anchor
Seacord 05a
Seacord 05a
Wiki Markup
Anchor
Seacord 2005a
Seacord 2005a

[Seacord 2005a] Seacord, Robert C. Secure Coding in C and C++. Boston: \[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. (See [http://www.cert.org/books/secure-coding] for news and errata.)

Anchor
Seacord 05b
Seacord 05b

Wiki Markup
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.


[Seacord 2005b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal, 23, 10 (October 2005): 30–34.

Anchor
Seacord 05c
Seacord 05c

[Seacord 2005c] Seacord, Robert C. "Variadic Functions: How They Contribute to Security Vulnerabilities and How to Fix Them." Linux World Magazine, November 2005.

Anchor
Seacord 2013a
Seacord 2013a

[Seacord 2013a] Seacord, Robert C. “C Secure Coding Rules: Past, Present, and Future.” InformIT, June 26, 2013.

Anchor
Seacord 2013
Seacord 2013
Anchor
Seacord 13
Seacord 13

[Seacord 2013b] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. (See AnchorSeacord 05cSeacord 05c Wiki Markup\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_, November 2005. for news and errata.)

Anchor
Secunia
Secunia
Wiki Markup\
[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," ] Secunia Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability." 2004.

Anchor
SecurityFocus 07
SecurityFocus 07
unmigrated-wiki-markup
\
[SecurityFocus 07\2007] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Anchor
SecuriTeam 07
SecuriTeam 07
unmigrated-wiki-markup
\
[SecuriTeam 07\2007] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

Anchor
Sloss 04
Sloss 04
unmigrated-wiki-markup
\
[Sloss 04\2004] Sloss, Andrew, ; Symes, Dominic, ; & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975. html]. San Francisco: Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Anchor
Spinellis 06
Spinellis 06
Wiki Markup\
[Spinellis 06\2006] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006. Boston: Addison-Wesley, 2006.

Anchor
StackOvflw 09
StackOvflw 09

[StackOvflw 2009] StackOverflow.com. "Should I return TRUE / FALSE values from a C function?" User Questions, March 15, 2010.

Anchor
Steele 77
Steele 77
Wiki Markup\
[Steele 77\1977] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-691977): 61–69.

Anchor
Stevens 05
Stevens 05

[Stevens 2005] Stevens, W. Richard. Advanced Programming in the UNIX Environment. Boston: Addison-Wesley, 1995 (ISBN 032152594-9).

Anchor
Summit 95
Summit 95
Wiki Markup
\[Summit 95\1995] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Anchor
Summit 05
Summit 05
Wiki Markup\
[Summit 05\2005] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq. com/], 2005.

Anchor
Sun
Sun
Wiki Markup\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1],
Anchor
Sun 93
Sun 93

[Sun 1993] Sun Microsystems. Sun Security Bulletin #00122 1993.

Anchor
Sun 05
Sun 05
Wiki Markup\
[Sun 05\] [C 2005] Sun Microsystems. C User's Guide|http://docs. sun.com/source/ 819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Anchor
Sutter 04
Sutter 04
Wiki Markup
\[Sutter 04\2004] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

Anchor
Tsafrir 08
Tsafrir 08
Wiki Markup\
[Tsafrir 08\2008] Tsafrir, Dan, ; Da Silva, Dilma, ; & Wagner, David. ["The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66." USENIX, June 2008, pp. 55–66

Anchor
Unicode 06
Unicode 06

[Unicode 2006] The Unicode Consortium. The Unicode Standard, Version 5.0, 5th ed. Boston: Addison-Wesley Professional, 2006 (ISBN: 0321480910).

Anchor
Unicode 12
Unicode 12

[Unicode 2012] The Unicode Consortium.  The Unicode Standard, Version 6.2 .

Anchor
UNIX 92
UNIX 92

[UNIX 1992] UNIX System Laboratories. System V Interface Definition, 3rd ed. Wokingham, MA: Addison-Wesley, 1992.

Anchor
van de Voort 07
van de Voort 07
Wiki Markup\
[van de Voort 07\2007] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. January 29, 2007.

Anchor
Vanegue 2010
Vanegue 2010

[Vanegue 2010] Vanegue, Julien. Automated Vulnerability Analysis of Zero-Sized Head Allocations. Hackito Ergo Sum (HES'10) Conference, Paris, April 10, 2010.

Anchor
van Sprundel06
van Sprundel06
unmigrated-wiki-markup
\
[van Sprundel 06\2006] van Sprundel, Ilja. [Unusualbugs|http://ilja. netric.org/files/Unusual%20bugs.pdf], 2006. 

Anchor
Viega 01
Viega 01
Wiki Markup\[Viega 01\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February
[Viega 2001] Viega, John. Protecting Sensitive Data in Memory. February 2001.

Anchor
Viega 03
Viega 03
Wiki Markup
\[Viega 03\2003] Viega, John , & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Anchor
Viega 05
Viega 05
Wiki Markup\
[Viega 05\2005] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Anchor
VU#159523
VU#159523
Wiki Markup\
[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April Player Integer Overflow Vulnerability. April 2008.

Anchor
VU#162289
VU#162289
Wiki Markup\
[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.

Anchor
VU196240
VU196240
Wiki Markup\
[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, Preprocessor Does Not Properly Reassemble Fragmented Packets. 2007.

Anchor
VU286468
VU286468
Wiki Markup\
[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the Contains a Format String Error in the "curses_msg()" function_, Function. 2007.

Anchor
VU439395
VU439395
unmigrated-wiki-markup
\
[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ Apache Web Server Performs Case Sensitive Filtering on Mac OS X HFS+ Case Insensitive Filesystem. 2001.

Anchor
VU551436
VU551436
unmigrated-wiki-markup
\
[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ SVG Viewer Vulnerable to Buffer Overflow. 2007.

Anchor
VU568148
VU568148
Wiki Markup\
[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, Vulnerable to Buffer Overflow. 2003.

Anchor
VU623332
VU623332
unmigrated-wiki-markup
\
[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in 5 Contains Double-Free Vulnerability in "krb5_recvauth()" function,_ Function. 2005.

Anchor
VU649732
VU649732
Wiki Markup\
[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ . 2007.

Anchor
VU654390
VU654390
Wiki Markup\
[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains Contains C Includes that define Includes That Define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June Creating Potential Buffer Overflow Conditions. June 2004.

Anchor
VU720951
VU720951

[VU#720951] Dorman, Will. Vulnerability Note VU#720951, OpenSSL TLS Heartbeat Extension Read Overflow Discloses Sensitive Information. April 2014

Anchor
VU743092
VU743092
Wiki Markup\
[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains offFunction Contains Off-by-one buffer overflow,_ July One Buffer Overflow. July 2003.

Anchor
VU834865
VU834865
unmigrated-wiki-markup
\
[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008. AnchorVU837857VU837857

Wiki Markup
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

VU#834865, Sendmail Signal I/O Race Condition. March 2008.

Anchor
VU837857
VU837857

[VU#837857] Dougherty, Chad. Vulnerability Note VU#837857, SX.Org Server Fails to Properly Test for Effective User ID. August 2006.

Anchor
VU881872
VU881872

[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris Telnet Authentication Bypass Vulnerability. 2007.

Anchor
VU925211
VU925211

[VU#925211] Dougherty, Chad. Vulnerability Note VU#925211, “Debian and Ubuntu OpenSSL Packages Contain a Predictable Random Number Generator.” June 2008.

Anchor
Walfridsson 03
Walfridsson 03

[Walfridsson 2003] Walfridsson, Krister. Aliasing, Pointer Casts and GCC 3.3. August 2003.

Anchor
Walls 2006
Walls 2006

[Walls 2006] Walls, Douglas.  How to Use the Qualifier in C.  Sun ONE Tools Group, Sun Microsystems. March 2006.

Anchor
Wang 12
Wang 12

[Wang 2012] Wang, Xi. More Randomness or Less . June 2012 AnchorVU881872VU881872 Wiki Markup\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Anchor
Warren 02
Warren 02
Wiki Markup\
[Warren 02\2002] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight. org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Anchor
WG14/N1396
WG14/N1396

[WG14/N1396] Thomas, J. & Tydeman, F. "Wide function return values." September 2009.

Anchor
Wheeler 03
Wheeler 03
Wiki Markup\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March
Anchor
WG14-N1396
WG14-N1396

[Wheeler 2003] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010. March 2003.

Anchor
Wheeler 04
Wheeler 04
Wiki Markup\
[Wheeler 04\2004] Wheeler, David. [_Secure programmerProgrammer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December Call Components Safely. December 2004.

Anchor
Wojtczuk 08
Wojtczuk 08
Wiki Markup\
[Wojtczuk 08\2008] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Anchor
xorl 2009
xorl 2009

[xorl 2009] xorl. xorl %eax, %eax. 2009.

Anchor
Yergeau 98
Yergeau 98
unmigrated-wiki-markup
\
[Yergeau 98\1998] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 199810646. January 1998.

Anchor
Zadegan 2009
Zadegan 2009

[Zadegan 2009] Zadegan, B. "A Lesson on Infinite Loops." WinJade (formerly AeroXperience), January 2009.

Anchor
Zalewski 01
Zalewski 01
Wiki Markup\
[Zalewski 01\2001] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May Exploiting and Preventing Signal-Handling Related Vulnerabilities. Bindview Corporation, May 2001.

...

Image Modified      CERT C Secure Coding Standard       Image Added Image Modified