[Acton 2006] Acton, Mike. "Understanding Strict Aliasing." CellPerformance, June 1, 2006.
[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.
[Apiki 2006] Apiki, Steve. "Lock-Free Programming on AMD Multi-Core System." AMD Developer Central, 2006.[Apple 2006] Apple, Inc. Secure Coding Guide . May 2006.[Asgher 2000] Asgher, Sarmad. "Practical Lock-Free Buffers." Dr. Dobbs Go-Parallel, August 26, 2000.[Bailey 2014] Bailey, Don A. Raising Lazarus—The 20 Year Old Bug that Went to Mars . 2014.[Banahan 2003] Banahan, Mike. The C Book . 2003.[Barney 2010] Barney, Blaise. "Mutex Variables." POSIX Threads Programming, 2010.[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++. April 2008.[Beebe 2005] Beebe, Nelson H. F. Re: Remainder (%) Operator and GCC. 2005.[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. Anchor |
---|
| Brainbell.com |
---|
| Brainbell.com |
---|
|
[Brainbell.com] Brainbell.com. Advice and Warnings for C Tutorials .[Bryant 2003] Bryant, Randal E. & O'Halloran, David. Computer Systems: A Programmer's Perspective. Upper Saddle River, NJ: Prentice Hall, 2003 (ISBN 0-13-034074-X).[Burch 2006] Burch, Hal; Long, Fred; & Seacord, Robert C. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.[Butenhof 1997] Butenhof, David R. Programming with POSIX® Threads . Boston: Addison-Wesley Professional, 1997 (ISBN 0-201-63392-2).[C99 Rationale 2003] Rationale for International Standard—Programming Languages—C, Revision 5.10 (C99 Rationale), April 2003.[Callaghan 1995] Callaghan, B; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.[Cassidy 2014] Cassidy, Sean. existential type crisis : Diagnosis of the Heartbleed Bug [blog post]. April 2014.[CERT 2006a] CERT/CC. CERT/CC Statistics 1988–2006.[CERT 2006b] CERT/CC. US-CERT's Technical Cyber Security Alerts.[CERT 2006c] CERT/CC. Secure Coding website.[Chen 2002] Chen, H.; Wagner, D.; & Dean, D. Setuid Demystified. USENIX Security Symposium, 2002.[Chess 2007] Chess, Brian, & West, Jacob. Secure Programming with Static Analysis. Boston: Addison-Wesley 2007.[Corfield 1993] Corfield, Sean A. "Making String Literals 'const'." November 1993.[Coverity 2007] Coverity Prevent User's Manual (3.3.0). 2007.[CVE] Common Vulnerabilities and Exposures.[C++ Reference] Standard C Library, General C+, C+ Standard Template Library.[Dewhurst 2002] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston: Addison-Wesley Professional, 2002.[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston: Addison-Wesley Professional, 2005.[DHS 2006] U.S. Department of Homeland Security. Build Security In. 2006.[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed April 2015.[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.[DOD 5220] U.S. Department of Defense. DoD Standard 5220.22-M (Word document).[Dowd 2006] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston: Addison-Wesley, 2006.[Drepper 2006] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.[Duff 1988] Duff, Tom. Tom Duff on Duff's Device. August 29, 1988.[Dutta 2003] Dutta, Shiv. Best Practices for Programming in C. June 26, 2003.[Eckel 2007] Eckel, Bruce. Thinking in C++, Vol. 2 . January 25, 2007.[ECTC 1998] Embedded C++ Technical Committee. The Embedded C++ Programming Guide Lines , Version WP-GU-003. January 6, 1998. Anchor |
---|
| Eide and Regehr |
---|
| Eide and Regehr |
---|
|
[Eide and Regehr] Eide, E., & Regehr, J. Volatiles Are Miscompiled, and What to Do about It. 2008.[Feather 1997] Feather, Clive, D. W. Solving the struct Hack Problem. JTC1/SC22/WG14 N791. (1997).[Finlay 2003] Finlay, Ian A. CERT Advisory CA-2003-16, Buffer Overflow in Microsoft RPC. CERT/CC, July 2003.[Fisher 1999] Fisher, David & Lipson, Howard. "Emergent Algorithms—A New Method for Enhancing Survivability in Unbounded Systems." Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5–8, 1999.[Flake 2006] Flake, Halvar. "Attacks on Uninitialized Local Variables." Black Hat Federal, 2006.[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors. 2006.[Fomichev 2016] Fomichev, Roman. "Safe Clearing of Private Data". PVS-Studio Team, 2016.[FSF 2005] Free Software Foundation. GCC Online Documentation. 2005.[Garfinkel 1996] Garfinkel, Simson & Spafford, Gene. Practical UNIX & Internet Security, 2nd ed. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).[GCC Bugs] GCC Team. GCC Bugs. Free Software Foundation, Inc.[GNU 2010] GNU. Coding Standards. GNU, 2010.[GNU Pth] Engelschall, Ralf S. GNU Portable Threads, 2006.[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know about Floating-Point Arithmetic. Sun Microsystems, March 1991.[Goodin 2009] Goodin, Dan. Clever Attack Exploits Fully-Patched Linux Kernel. The Register, July 2009.[Gough 2005] Gough, Brian J. An Introduction to GCC. Network Theory Ltd., Revised August 2005 (ISBN 0-9541617-9-3).[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).[Greenman 1997] Greenman, David. Serious Security Bug in wu-ftpd v2.4 . BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.[Griffiths 2006] Griffiths, Andrew. Clutching at Straws: When You Can Shift the Stack Pointer. 2006.[Gutmann 1996] Gutmann, Peter. Secure Deletion of Data from Magnetic and Solid-State Memory. July 1996.[Haddad 2005] Haddad, Ibrahim. "Secure Coding in C and C++: An Interview with Robert Seacord, Senior Vulnerability Analyst at CERT." Linux World Magazine, November 2005.[Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill, 1995 (ISBN 0-07-707640-0).[Hatton 2003] Hatton, Les. EC-: A Measurement-Based Safer Subset of ISO C Suitable for Embedded System Development. November 5, 2003.[Henricson 1992] Henricson, Mats & Nyquist, Erik. Programming in C++, Rules and Recommendations. Ellemtel Telecommunication Systems Laboratories, 1992.[Horton 1990] Horton, Mark R. Portable C Software. Upper Saddle River, NJ: Prentice-Hall, 1990 (ISBN:0-13-868050-7).[Howard 2002] Howard, Michael & LeBlanc, David C. Writing Secure Code 2nd ed. Redmond, WA: Microsoft Press, 2002.[HP 2003] Hewlett-Packard Company. Tru64 UNIX: Protecting Your System against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003. Anchor |
---|
| IEC 60812 2006 |
---|
| IEC 60812 2006 |
---|
|
[IEC 60812 2006] IEC (International Electrotechnical Commission). Analysis Techniques for System Reliability—Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed. (IEC 60812). Geneva, Switzerland: IEC, 2006.[IEC 61508-4] IEC. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems—Part 4: Definitions and Abbreviations. Geneva, Switzerland: IEC, 1998. Anchor |
---|
| IEEE 754 2006 |
---|
| IEEE 754 2006 |
---|
|
[IEEE 754 2006] IEEE (Institute of Electrical and Electronics Engineers). Standard for Binary Floating-Point Arithmetic (IEEE 754-1985). New York: IEEE, 2006. Anchor |
---|
| IEEE Std 610.12 1990 |
---|
| IEEE Std 610.12 1990 |
---|
|
[IEEE Std 610.12 1990] IEEE. IEEE Standard Glossary of Software Engineering Terminology . (1990). Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
[IEEE Std 1003.1:2004] IEEE and The Open Group. The Open Group Base Specifications Issue 6 (IEEE Std 1003.1), 2004 Edition. (See also ISO/IEC 9945-2004 and Open Group 04.) Anchor |
---|
| IEEE Std 1003.1 |
---|
| IEEE Std 1003.1 |
---|
|
Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
[IEEE Std 1003.1:2008] IEEE and The Open Group. The Open Group Base Specifications Issue 7 (IEEE Std 1003.1), 2008 Edition. See also ISO/IEC 9945-2008 and Open Group 2008. Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
[IEEE Std 1003.1:2013] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 (IEEE Std 1003.1, 2013 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089. Anchor |
---|
| IETF RFC 6520 |
---|
| IETF RFC 6520 |
---|
|
[IETF: RFC 6520] Internet Engineering Task Force (IETF). Request for Comments 6520: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. February 2012. [ilja 2006] ilja. "readlink abuse." ilja's blog. August 13, 2006.[Intel 2001] Intel Corp. _Floating-Point IEEE Filter for Microsoft Windows 2000 on the Intel® Itanium© Architecture. March 2001. Anchor |
---|
| Internet Society 00 |
---|
| Internet Society 00 |
---|
|
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000. Anchor |
---|
| ISO/IEC 10646-2003 |
---|
| ISO/IEC 10646-2003 |
---|
|
Anchor |
---|
| ISO-IEC 10646-2003 |
---|
| ISO-IEC 10646-2003 |
---|
|
[ISO/IEC 10646:2003] ISO/IEC (International Organization for Standardization/International Electrotechnical Commission). Information Technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003. Anchor |
---|
| ISO/IEC 10646-2012 |
---|
| ISO/IEC 10646-2012 |
---|
|
Anchor |
---|
| ISO-IEC 10646-2012 |
---|
| ISO-IEC 10646-2012 |
---|
|
[ISO/IEC 10646:2012] ISO/IEC. Information technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2012). Geneva, Switzerland: ISO, 2012.
Anchor |
---|
| ISO/IEC 11889-1-2009 |
---|
| ISO/IEC 11889-1-2009 |
---|
|
Anchor |
---|
| ISO-IEC 11889-1-2009 |
---|
| ISO-IEC 11889-1-2009 |
---|
|
[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.
Anchor |
---|
| ISO/IEC 14882-2003 |
---|
| ISO/IEC 14882-2003 |
---|
|
Anchor |
---|
| ISO-IEC 14882-2003 |
---|
| ISO-IEC 14882-2003 |
---|
|
[ISO/IEC 14882:2003] ISO/IEC. Programming Languages—C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: ISO, 2003. Anchor |
---|
| ISO/IEC 14882-2011 |
---|
| ISO/IEC 14882-2011 |
---|
|
Anchor |
---|
| ISO-IEC 14882-2011 |
---|
| ISO-IEC 14882-2011 |
---|
|
[ISO/IEC 14882:2011] ISO/IEC. Information Technology—Programming Languages—C++, Third Edition (ISO/IEC 14882-2011). Geneva, Switzerland: ISO, 2011.
Anchor |
---|
| ISO/IEC 23360-1-2006 |
---|
| ISO/IEC 23360-1-2006 |
---|
|
Anchor |
---|
| ISO-IEC 23360-1-2006 |
---|
| ISO-IEC 23360-1-2006 |
---|
|
[ISO/IEC 23360-1:2006] ISO/IEC. Linux Standard Base (LSB) Core Specification 3.1—Part 1: Generic Specification . Geneva, Switzerland: ISO, 2006. Anchor |
---|
| ISO/IEC 646-1991 |
---|
| ISO/IEC 646-1991 |
---|
|
Anchor |
---|
| ISO-IEC 646-1991 |
---|
| ISO-IEC 646-1991 |
---|
|
[ISO/IEC 646:1991] ISO/IEC. Information Technology: ISO 7-Bit Coded Character Set for Information Interchange (ISO/IEC 646-1991). Geneva, Switzerland: ISO, 1991. Anchor |
---|
| ISO/IEC 9899:1990 |
---|
| ISO/IEC 9899:1990 |
---|
|
Anchor |
---|
| ISO-IEC 9899-1990 |
---|
| ISO-IEC 9899-1990 |
---|
|
[ISO/IEC 9899:1990] ISO/IEC. Programming Languages—C (ISO/IEC 9899:1990). Geneva, Switzerland: ISO, 1990. Anchor |
---|
| ISO/IEC 9899:1999 |
---|
| ISO/IEC 9899:1999 |
---|
|
Anchor |
---|
| ISO-IEC 9899-1999 |
---|
| ISO-IEC 9899-1999 |
---|
|
[ISO/IEC 9899:1999] ISO/IEC. Programming Languages—C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: ISO, 1999. Anchor |
---|
| ISO/IEC 9899-2011 |
---|
| ISO/IEC 9899-2011 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2011 |
---|
| ISO-IEC 9899-2011 |
---|
|
[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011. Anchor |
---|
| ISO/IEC 9899-2017 |
---|
| ISO/IEC 9899-2017 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2017 |
---|
| ISO-IEC 9899-2017 |
---|
|
[ISO/IEC 9899:2017] ISO/IEC. Programming Languages—C, 4th ed (ISO/IEC 9899:2017). Geneva, Switzerland: ISO, 2017.
Anchor |
---|
| ISO/IEC 9899-2024 |
---|
| ISO/IEC 9899-2024 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2024 |
---|
| ISO-IEC 9899-2024 |
---|
|
[ISO/IEC 9899:2024] ISO/IEC. Programming Languages—C, 5th ed (ISO/IEC 9899:2024). Geneva, Switzerland: ISO, 2024.
Anchor |
---|
| ISO/IEC 9945-2003 |
---|
| ISO/IEC 9945-2003 |
---|
|
Anchor |
---|
| ISO-IEC 9945-2003 |
---|
| ISO-IEC 9945-2003 |
---|
|
[ISO/IEC 9945:2003] ISO/IEC. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX®) [including Technical Corrigendum 1] (ISO/IEC 9945:2003). Geneva, Switzerland: ISO, 2003. Anchor |
---|
| ISO/IEC/IEEE 24765:2010 |
---|
| ISO/IEC/IEEE 24765:2010 |
---|
|
Anchor |
---|
| ISO/IEC/IEEE 24765-2010 |
---|
| ISO/IEC/IEEE 24765-2010 |
---|
|
[ISO/IEC/IEEE 24765:2010] ISO/IEC/IEEE. Systems and Software Engineering—Vocabulary (ISO/IEC/IEEE 24765:2010). Geneva, Switzerland: ISO, 2010. Anchor |
---|
| ISO/IEC/IEEE 9945-2008 |
---|
| ISO/IEC/IEEE 9945-2008 |
---|
|
Anchor |
---|
| ISO-IEC-IEEE 9945-2008 |
---|
| ISO-IEC-IEEE 9945-2008 |
---|
|
[ISO/IEC/IEEE 9945:2008] ISO/IEC/IEEE. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX ® ). (ISO/IEC/IEEE 9945:2008) Geneva, Switzerland: ISO, 2008. Anchor |
---|
| ISO/IEC DTR 24732 |
---|
| ISO/IEC DTR 24732 |
---|
|
Anchor |
---|
| ISO-IEC DTR 24732 |
---|
| ISO-IEC DTR 24732 |
---|
|
[ISO/IEC DTR 24732] ISO/IEC JTC1 SC22 WG14 N1290. Extension for the Programming Language C to Support Decimal Floating-Point Arithmetic . Geneva, Switzerland: ISO, March 2008. Anchor |
---|
| ISO/IEC JTC1/SC22/WG11 |
---|
| ISO/IEC JTC1/SC22/WG11 |
---|
|
Anchor |
---|
| ISO-IEC JTC1-SC22-WG11 |
---|
| ISO-IEC JTC1-SC22-WG11 |
---|
|
[ISO/IEC JTC1/SC22/WG11] ISO/IEC. Binding Techniques (ISO/IEC JTC1/SC22/WG11). Geneva, Switzerland: ISO, 2007. Anchor |
---|
| ISO-IEC JTC1-SC22-WG14 |
---|
| ISO-IEC JTC1-SC22-WG14 |
---|
|
[ISO/IEC JTC1/SC22/WG14] ISO/IEC. Solving the Struct Hack Problem (ISO/IEC JTC1/SC22/WG14 N791). Geneva, Switzerland: ISO, 1997. Anchor |
---|
| ISO/IEC TR 24731-1-2007 |
---|
| ISO/IEC TR 24731-1-2007 |
---|
|
Anchor |
---|
| ISO-IEC TR 24731-1-2007 |
---|
| ISO-IEC TR 24731-1-2007 |
---|
|
[ISO/IEC TR 24731-1:2007] ISO/IEC TR 24731. Extensions to the C Library—Part I: Bounds-Checking Interfaces. Geneva, Switzerland: ISO, April 2006. Anchor |
---|
| ISO/IEC PDTR 24731-2-2007 |
---|
| ISO/IEC PDTR 24731-2-2007 |
---|
|
Anchor |
---|
| ISO-IEC PDTR 24731-2-2007 |
---|
| ISO-IEC PDTR 24731-2-2007 |
---|
|
[ISO/IEC PDTR 24731-2] Extensions to the C Library—Part II: Dynamic Allocation Functions. Geneva, Switzerland: ISO, August 2007. Anchor |
---|
| ISO/IEC TR 24731-2-2010 |
---|
| ISO/IEC TR 24731-2-2010 |
---|
|
Anchor |
---|
| ISO-IEC TR 24731-2-2010 |
---|
| ISO-IEC TR 24731-2-2010 |
---|
|
[ISO/IEC TR 24731-2:2010] ISO/IEC TR 24731. Extensions to the C Library—Part II: Dynamic Allocation Functions . Geneva, Switzerland: ISO, April 2010. Anchor |
---|
| ISO/IEC TR 24772-2010 |
---|
| ISO/IEC TR 24772-2010 |
---|
|
Anchor |
---|
| ISO-IEC TR 24772-2010 |
---|
| ISO-IEC TR 24772-2010 |
---|
|
[ISO/IEC TR 24772:2010] ISO/IEC TR 24772:2010. Information Technology— Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, October 2010. Anchor |
---|
| ISO/IEC TR 24772-2013 |
---|
| ISO/IEC TR 24772-2013 |
---|
|
Anchor |
---|
| ISO-IEC TR 24772-2013 |
---|
| ISO-IEC TR 24772-2013 |
---|
|
[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013. Anchor |
---|
| ISO/IEC TS 17961 |
---|
| ISO/IEC TS 17961 |
---|
|
Anchor |
---|
| ISO-IEC TS 17961 |
---|
| ISO-IEC TS 17961 |
---|
|
Anchor |
---|
| ISO/IEC TS 17961-2013 |
---|
| ISO/IEC TS 17961-2013 |
---|
|
[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, 2012. Anchor |
---|
| ISO/IEC WG14 N1173 |
---|
| ISO/IEC WG14 N1173 |
---|
|
Anchor |
---|
| ISO-IEC WG14 N1173 |
---|
| ISO-IEC WG14 N1173 |
---|
|
[ISO/IEC WG14 N1173] ISO/IEC. Rationale for TR 24731 Extensions to the C Library—Part I: Bounds-Checking Interfaces .
[Jack 2007] Jack, Barnaby. Vector Rewrite Attack . May 2007.[Jones 2004] Jones, Nigel. Learn a New Trick with the offsetof() Macro. Embedded Systems Programming, March 2004.[Jones 2008] Jones, Derek M. The New C Standard: An Economic and Cultural Commentary. Knowledge Software Ltd., 2008.[Jones 2010] Jones, Larry. (2010). WG14 N1539 Committee Draft ISO/IEC 9899:201x .[Juric n.d.] Juric, Zeljko, et al. (n.d.). TIGCC Documentation, Latest Development Version (TIGCC/TIGCCLIB CVS): C Language Keywords.[Keaton 2009] Keaton, David; Plum, Thomas; Seacord, Robert C.; Svoboda, David; Volkovitsky, Alex; & Wilson, Timothy. As-if Infinitely Ranged Integer Model. CMU/SEI-2009-TN-023. July 2009.[Keil 2008] Keil, an ARM Company. "Floating Point Support." RealView Libraries and Floating Point Support Guide, 2008.[Kennaway 2000] Kennaway, Kris. Re: /tmp topic. December 2000.[Kernighan 1988] Kernighan, Brian W. & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.[Kettlewell 2002] Kettlewell, Richard. C Language Gotchas . February 2002.[Kettlewell 2003] Kettlewell, Richard. Inline Functions in C . March 2003. Anchor |
---|
| Kirch-Prinz 02 |
---|
| Kirch-Prinz 02 |
---|
|
[Kirch-Prinz 2002] Kirch-Prinz, Ulla & Prinz, Peter. C Pocket Reference. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).[Klarer 2004] Klarer, R.; Maddock, J.; Dawes, B.; & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C++ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004.[Klein 2002] Klein, Jack. Bullet Proof Integer Input Using strtol() . 2002.[Koenig 1989] Koenig, Andrew. C Traps and Pitfalls. Addison-Wesley Professional, 1989.[Kuhn 2006] Kuhn, Markus. UTF-8 and Unicode FAQ for Unix/Linux . 2006.[Lai 2006] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.[Lewis 2006] Lewis, Richard. "Security Considerations when Handling Sensitive Data." Posted on the Application Security by Richard Lewis blog October 2006.[Linux 2008] Linux Programmer's Manual. October 2008.[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.[Lipson 2000] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33–39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22–24, 1999. New York: Association for Computing Machinery, 2000.[Lipson 2006] Lipson, Howard. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks (CMU/SEI-2006-TN-027). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.[Liu 2009] Likai Liu. Making NULL-pointer reference legal, Life of a Computer Science Student. January, 2009. Anchor |
---|
| Lockheed Martin 05 |
---|
| Lockheed Martin 05 |
---|
|
[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001 Rev C., December 2005.[Loosemore 2007] Loosemore, Sandra; Stallman, Richard M.; McGrath, Roland; Oram, Andrew; & Drepper, Ulrich. The GNU C Library Reference Manual, Edition 0.11. September 2007.[McCluskey 2001] McCluskey, Glen. Flexible Array Members and Designators in C9X . ;login:, 26, 4 (July 2001): 29–32.[Mell 2007] Mell, Peter; Scarfone, Karen; & Romanesky, Sasha. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0." FIRST, June 2007.[Mercy 2006] Mercy. Exploiting Uninitialized Data . January 2006.[Meyers 2004] Meyers, Randy. Limited size_t WG14 N1080. September 2004.[Michael 2004] Michael, M.M. "Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects." IEEE Transactions on Parallel and Distributed Systems, 15, 8 (2004).[Microsoft 2003] Microsoft Security Bulletin MS03-026, "Buffer Overrun In RPC Interface Could Allow Code Execution (823980)." September 2003.[Microsoft 2007] Microsoft. C Language Reference, 2007.[Miller 2007] Miller, Damien. "Security Measures in OpenSSH," white paper. OpenSSH Project, 2007.[Miller 1999] Miller, Todd C. & de Raadt, Theo. strlcpy and strlcat—Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference, June 6–11, 1999, Monterey, California, USA. Berkeley, CA: USENIX Association, 1999.[Miller 2004] Miller, Mark C.; Reus, James F.; Matzke, Robb P.; Koziol, Quincey A.; & Cheng, Albert P. "Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing." In Proceedings of the Nuclear Explosives Code Developer's Conference. Livermore, CA: Lawrence Livermore National Laboratory, December 2004.[MISRA 2004] MISRA (Motor Industry Software Reliability Association). MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. Nuneaton, UK: MIRA, 2004 (ISBN 095241564X).[MISRA 2008] MISRA. MISRA C++ : 2008 Guidelines for the Use of the C++ Language in Critical Systems. Nuneaton, UK: MIRA, 2008 (ISBN 978-906400-03-3 [paperback], ISBN 978-906400-04-0 [PDF]), 2008.[MISRA C:2012] MISRA. MISRA C3: Guidelines for the Use of the C Language in Critical Systems 2012. Nuneaton, UK: MIRA, 2012. ISBN 978-1-906400-10-1.[MIT 2004] MIT (Massachusetts Institute of Technology). "MIT krb5 Security Advisory 2004-002," 2004.[MIT 2005] MIT. "MIT krb5 Security Advisory 2005-003.[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9. April 2008.[MKS] MKS, Inc. MKS Reference Pages.[MSDN] Microsoft Developer Network.[Murenin 2007] Murenin, Constantine A. cnst: 10-Year-Old Pointer-Arithmetic Bug in make(1) Is Now Gone, Thanks to malloc.conf and Some Debugging. LiveJournal, June 2007.[NAI 1998] Network Associates, Inc. Bugtraq: Network Associates Inc. Advisory (OpenBSD). 1998. Anchor |
---|
| NASA-GB-1740.13 |
---|
| NASA-GB-1740.13 |
---|
|
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).[NIST 2006] NIST. SAMATE Reference Dataset . 2006.[OpenBSD] Berkley Software Design, Inc. Manual Pages. June 2008. Anchor |
---|
| Open Group 97a |
---|
| Open Group 97a |
---|
|
[Open Group 1997a] The Open Group. The Single UNIX® Specification, Version 2 . 1997. Anchor |
---|
| Open Group 97b |
---|
| Open Group 97b |
---|
|
[Open Group 1997b] The Open Group. Go Solo 2—The Authorized Guide to Version 2 of the Single UNIX Specification . May 1997. Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2003 |
---|
| ISO/IEC 9945:2003 |
---|
|
Anchor |
---|
| ISO-IEC 9945-2003 |
---|
| ISO-IEC 9945-2003 |
---|
|
Anchor |
---|
| Open Group 04 |
---|
| Open Group 04 |
---|
|
[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition . 2004. (See also IEEE Std 1003.1-2004.) Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2008 |
---|
| ISO/IEC 9945:2008 |
---|
|
Anchor |
---|
| ISO-IEC 9945-2003 |
---|
| ISO-IEC 9945-2003 |
---|
|
Anchor |
---|
| Open Group 08 |
---|
| Open Group 08 |
---|
|
[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition . 2008. (See also IEEE Std 1003.1-2008.)[OpenMP] The OpenMP API® Specification for Parallel Programming. Anchor |
---|
| OWASP Double Free |
---|
| OWASP Double Free |
---|
|
[OWASP Double Free] Open Web Application Security Project, "Double Free." Anchor |
---|
| OWASP Freed Memory |
---|
| OWASP Freed Memory |
---|
|
[OWASP Freed Memory] Open Web Application Security Project, "Using Freed Memory."[Pethia 2003] Pethia, Richard D. "Viruses and Worms: What Can We Do About Them?" September 10, 2003.[Pfaff 2004] Pfaff, Ken Thompson. "Casting (time_t)(-1)." Google Groups comps.lang.c, March 2, 2004.[Pike 1993] Pike, Rob & Thompson, Ken. "Hello World." Proceedings of the USENIX Winter 1993 Technical Conference, San Diego, CA, January 25–29, 1993, pp3 43–50.[Plakosh 2005] Plakosh, Dan. "Consistent Memory Management Conventions." Build Security In, 2005.[Plum 1985] Plum, Thomas. Reliable Data Structures in C. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).[Plum 1989] Plum, Thomas & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).[Plum 2008] Plum, Thomas. "Static Assertions." June 2008.[Plum 2012] Plum, Thomas. C Finally Gets a New Standard. Dr. Dobb's, 2012.[Redwine 2006] Redwine, Samuel T., Jr., ed. Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1. U.S. Department of Homeland Security, September 2006. (See Software Assurance Common Body of Knowledge on Build Security In.)[Roelker 2004] Roelker, Daniel. "HTTP IDS Evasions Revisited." September 2004.[RUS-CERT] RUS-CERT Advisory 2002-08:02, "Flaw in calloc and Similar Routines." 2002.[Saks 1999] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13–16.[Saks 2000] Saks, Dan. "Numeric Literals ." Embedded Systems Programming, September 2000.[Saks 2001a] Saks, Dan. "Symbolic Constants ." Embedded Systems Design, November 2001.[Saks 2001b] Saks, Dan. "Enumeration Constants vs. Constant Objects." Embedded Systems Design, November 2001.[Saks 2002] Saks, Dan. "Symbolic Constant Expressions." Embedded Systems Design, February 2002.[Saks 2005] Saks, Dan. "Catching Errors Early with Compile-Time Assertions." Embedded Systems Design, June 2005.[Saks 2007a] Saks, Dan. "Sequence Points." Embedded Systems Design, July 1, 2002.[Saks 2007b] Saks, Dan. "Bail, Return, Jump, or . . . Throw?" Embedded Systems Design, March 2007.[Saks 2007c] Saks, Dan. "Standard C's Pointer Difference Type." Embedded Systems Design, October 2007.[Saks 2008] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation). March 2008.[Saltzer 1974] Saltzer, J. H. "Protection and the Control of Information Sharing in Multics." Communications of the ACM 17, 7 (July 1974): 388–402.[Saltzer 1975] Saltzer, J. H. & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278–1308.[Schwarz 2005] Schwarz, B.; Wagner, Hao Chen; Morrison, D.; West, G.; Lin, J.; & Tu, J. Wei. "Model Checking an Entire Linux Distribution for Security Violations." Proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).[Seacord 2003] Seacord, Robert C.; Plakosh, Daniel; & Lewis, Grace A. Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices . Boston: Addison-Wesley, 2003. Anchor |
---|
| Seacord 2005a |
---|
| Seacord 2005a |
---|
|
[Seacord 2005a] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2005. (See http://www.cert.org/books/secure-coding for news and errata.)[Seacord 2005b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal, 23, 10 (October 2005): 30–34.[Seacord 2005c] Seacord, Robert C. "Variadic Functions: How They Contribute to Security Vulnerabilities and How to Fix Them." Linux World Magazine, November 2005. Anchor |
---|
| Seacord 2013a |
---|
| Seacord 2013a |
---|
|
[Seacord 2013a] Seacord, Robert C. “C Secure Coding Rules: Past, Present, and Future.” InformIT, June 26, 2013.[Seacord 2013b] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. (See http://www.cert.org/books/secure-coding for news and errata.)[Secunia] Secunia Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability." 2004. Anchor |
---|
| SecurityFocus 07 |
---|
| SecurityFocus 07 |
---|
|
[SecurityFocus 2007] SecurityFocus. "Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability." 2001. Anchor |
---|
| SecuriTeam 07 |
---|
| SecuriTeam 07 |
---|
|
[SecuriTeam 2007] SecuriTeam. "Microsoft Visual C++ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)." February 13, 2007.[Sloss 2004] Sloss, Andrew; Symes, Dominic; & Wright, Chris. ARM System Developer's Guide . San Francisco: Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).[Spinellis 2006] Spinellis, Diomidis. Code Quality: The Open Source Perspective . Boston: Addison-Wesley, 2006. Anchor |
---|
| StackOvflw 09 |
---|
| StackOvflw 09 |
---|
|
[StackOvflw 2009] StackOverflow.com. "Should I return TRUE / FALSE values from a C function?" User Questions, March 15, 2010.[Steele 1977] Steele, G. L. "Arithmetic shifting considered harmful." SIGPLAN Not. 12, 11 (November 1977): 61–69.[Stevens 2005] Stevens, W. Richard. Advanced Programming in the UNIX Environment. Boston: Addison-Wesley, 1995 (ISBN 032152594-9).[Summit 1995] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston: Addison-Wesley, 1995 (ISBN 0201845199).[Summit 2005] Summit, Steve. comp.lang.c Frequently Asked Questions . 2005.[Sun 1993] Sun Microsystems. Sun Security Bulletin #00122 1993.[Sun 2005] Sun Microsystems. C User's Guide. 819-3688-10. Sun Microsystems, 2005.[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston: Addison-Wesley Professional, 2004 (ISBN 0321113586).[Tsafrir 2008] Tsafrir, Dan; Da Silva, Dilma; & Wagner, David. The Murky Issue of Changing Process Identity: Revising "Setuid Demystified." USENIX, June 2008, pp. 55–66[Unicode 2006] The Unicode Consortium. The Unicode Standard, Version 5.0, 5th ed. Boston: Addison-Wesley Professional, 2006 (ISBN: 0321480910).[Unicode 2012] The Unicode Consortium. The Unicode Standard, Version 6.2 .[UNIX 1992] UNIX System Laboratories. System V Interface Definition, 3rd ed. Wokingham, MA: Addison-Wesley, 1992. Anchor |
---|
| van de Voort 07 |
---|
| van de Voort 07 |
---|
|
[van de Voort 2007] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ). January 29, 2007.[Vanegue 2010] Vanegue, Julien. Automated Vulnerability Analysis of Zero-Sized Head Allocations. Hackito Ergo Sum (HES'10) Conference, Paris, April 10, 2010.
Anchor |
---|
| van Sprundel06 |
---|
| van Sprundel06 |
---|
|
[van Sprundel 2006] van Sprundel, Ilja. Unusualbugs. 2006.[Viega 2001] Viega, John. Protecting Sensitive Data in Memory. February 2001.[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).[Viega 2005] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523, Adobe Flash Player Integer Overflow Vulnerability. April 2008.[VU#162289] Dougherty, Chad. Vulnerability Note VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.[VU#196240] Taschner, Chris & Manion, Art. Vulnerability Note VU#196240, Sourcefire Snort DCE/RPC Preprocessor Does Not Properly Reassemble Fragmented Packets. 2007.[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap Contains a Format String Error in the "curses_msg()" Function. 2007.[VU#439395] Lipson, Howard. Vulnerability Note VU#439395, Apache Web Server Performs Case Sensitive Filtering on Mac OS X HFS+ Case Insensitive Filesystem. 2001.[VU#551436] Giobbi, Ryan. Vulnerability Note VU#551436, Mozilla Firefox SVG Viewer Vulnerable to Buffer Overflow. 2007.[VU#568148] Finlay, Ian A. & Morda, Damon G. Vulnerability Note VU#568148, Microsoft Windows RPC Vulnerable to Buffer Overflow. 2003.[VU#623332] Mead, Robert. Vulnerability Note VU#623332, MIT Kerberos 5 Contains Double-Free Vulnerability in "krb5_recvauth()" Function. 2005.[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability. 2007.[VU#654390] Rafail, Jason A. Vulnerability Note VU#654390, ISC DHCP Contains C Includes That Define vsnprintf() to vsprintf() Creating Potential Buffer Overflow Conditions. June 2004.[VU#720951] Dorman, Will. Vulnerability Note VU#720951, OpenSSL TLS Heartbeat Extension Read Overflow Discloses Sensitive Information. April 2014[VU#743092] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note VU#743092, realpath(3) Function Contains Off-by-One Buffer Overflow. July 2003.[VU#834865] Gennari, Jeff. Vulnerability Note VU#834865, Sendmail Signal I/O Race Condition. March 2008.[VU#837857] Dougherty, Chad. Vulnerability Note VU#837857, SX.Org Server Fails to Properly Test for Effective User ID. August 2006.
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris Telnet Authentication Bypass Vulnerability. 2007.
[VU#925211] Dougherty, Chad. Vulnerability Note VU#925211, “Debian and Ubuntu OpenSSL Packages Contain a Predictable Random Number Generator.” June 2008. Anchor |
---|
| Walfridsson 03 |
---|
| Walfridsson 03 |
---|
|
[Walfridsson 2003] Walfridsson, Krister. Aliasing, Pointer Casts and GCC 3.3. August 2003.
[Walls 2006] Walls, Douglas. How to Use the Qualifier in C. Sun ONE Tools Group, Sun Microsystems. March 2006.
[Wang 2012] Wang, Xi. More Randomness or Less . June 2012.[Warren 2002] Warren, Henry S. Hacker's Delight . Boston: Addison Wesley, 2002 (ISBN 0201914654).[WG14/N1396] Thomas, J. & Tydeman, F. "Wide function return values." September 2009.[Wheeler 2003] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010. March 2003.[Wheeler 2004] Wheeler, David. Secure Programmer: Call Components Safely . December 2004.[Wojtczuk 2008] Wojtczuk, Rafal. "Analyzing the Linux Kernel vmsplice Exploit." McAfee Avert Labs Blog, February 13, 2008.[xorl 2009] xorl. xorl %eax, %eax. 2009.[Yergeau 1998] Yergeau, F. RFC 2279 - UTF-8, a transformation format of ISO 10646. January 1998.[Zadegan 2009] Zadegan, B. "A Lesson on Infinite Loops." WinJade (formerly AeroXperience), January 2009.[Zalewski 2001] Zalewski, Michal. Delivering Signals for Fun and Profit: Understanding, Exploiting and Preventing Signal-Handling Related Vulnerabilities . Bindview Corporation, May 2001....
Image Added Image Added
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8c83e2e-7f67-4c97-8ec3-38b178b714ca"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40c7368b-0ca2-410e-acc4-594c33e8d910"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba342d07-65af-444c-a826-9968130a7034"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e4716b5-d333-46fd-a91d-08613b715b89"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e074c178-4da9-44af-9193-b09b151bddee"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a5d07ec-85ca-4d51-b3c5-3eb891d4d59c"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
\[Black 07\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ba43517-67c4-4886-b10d-1a598ebf4dbd"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99158bc4-551d-4999-a7d1-15ce8178eebe"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8c7da3d-45d7-4ac4-87b7-538523d78aa2"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8161aaee-2244-4596-aec4-d6fce106f13e"><ac:parameter ac:name="">Butenhof 97</ac:parameter></ac:structured-macro>
\[Butenhof 97\] Butenhof, David R. [Programming with POSIX® Threads |http://www.informit.com/store/product.aspx?isbn=0201633922]. Addison-Wesley Professional, 1997. (ISBN 0-201-63392-2). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d46d342f-7881-4bd2-8902-52f94151e9f8"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9d6169c-a65a-4762-b497-2787869af20f"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57458d24-1c16-498f-8001-628ba28817dd"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4a430c9-bfef-413a-8e64-4de99cf789df"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3e0f7d2-88fb-4391-99f6-681ac86e8350"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 02\] Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbd35ed5-ca0f-4a21-b02f-dfaf8f288f3a"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9eddf92c-b124-4bc1-9554-095c61434b95"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c5ecd23-6c30-4ad2-a399-9c73b28d1df1"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e063d1de-c558-41e6-ac28-6e0c6537595b"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C\++, C++ Standard Template Library|http://www.cppreference.com/] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0bb5788e-7426-411d-ab33-34b0596aacae"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52c5697a-1a98-4edb-9f05-6fca8b74e87e"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c60afc7b-8014-4114-b7a6-ddc08add900f"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa9563a8-dff8-4319-812a-17b5ef72c59b"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
\[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53ab8a3c-9f98-42f9-bb2d-f2ccacec3e93"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b11537dc-ac33-487a-a249-44ecd2410603"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d022a332-2edc-4118-85aa-3c4b250cb0a3"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7ef0d5e-1f10-4cef-a9a3-7ed727eccf8c"><ac:parameter ac:name="">Dutta 03</ac:parameter></ac:structured-macro>
\[Dutta 03\] Dutta, Shiv. [Best practices for programming in C|http://www.ibm.com/developerworks/aix/library/au-hook_duttaC.html], June 26, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f283d06-4041-406f-8c5e-fab12846006d"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d853bdb0-c27a-494f-94d6-26fb24257895"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
\[ECTC 98\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f85d3e56-25db-42f5-b3c0-d4e1e3419e8f"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J. 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d809e491-7b91-4fd9-a653-2b88e25b7778"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2d01c16-9d76-425b-ac73-489ba279e53d"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 99\] Fisher, David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="091956f3-2600-4298-a74c-b9c71f2dd6be"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1fa7612c-1cd9-4d4b-8f36-3bd0928383cf"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0471632-68a5-4421-aee9-6a27b2bbd8af"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c1b03c8-0a31-4a62-9227-2c4bd81b4345"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="17fe1230-8e96-433c-82dd-299cf61779f9"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="131c4390-cb50-452f-8065-fe59bc1f2a42"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02608298-de58-4208-b1bd-5234f648a3af"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
\[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f258c6c0-eb86-4c69-8bac-7c3c8b66c5cc"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84a99e70-dce3-4516-9071-cff5e1546db4"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 2003\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6641faf-06e3-467c-bc19-193a5c5e7427"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 1997\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7dd8973-d9fc-4b85-a7a0-fb549346ce00"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 2006\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]." |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b067ff1c-8ca6-47f0-9fcd-d268da2841ba"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
\[Gutmann 1996\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9bd3dd76-bf0e-40d2-aed0-ce375118460d"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 2005\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01aa01b5-ef69-41fa-93ce-4b8f7ef20d49"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 1995\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c01fd59-d27e-4c33-b41e-d8d8ec4e82ab"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>
\[Hatton 2003\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf]. November 5, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="518a3995-1684-4d81-813a-f7fe935846fb"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 1992\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68c8830a-edd5-4992-9248-a520cb763fdd"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 1990\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0eeae3f-b55a-49d0-8729-3733385c5dba"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 2002\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="532ee685-3044-4d09-bb1d-b5cfec5927f9"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 2003\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77f523ff-c841-4a0c-80a1-aa70ae953de4"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0bc981c-2814-46bd-8a45-7350fb5d7c0c"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\] _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b26e601d-df63-4065-b2a1-4e6819bb2d4a"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34956ef2-b2b7-42cf-8167-5a564c911e6c"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aba2bfa8-8681-4dde-b401-936c9df452f4"><ac:parameter ac:name="">IEEE Std 1003.1</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6ceb8a2-7bb3-4b3c-b42b-31471903dee6"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1-2008\] IEEE. [The Open Group Base Specifications Issue 7|http://www.opengroup.org/onlinepubs/9699919799] IEEE Std 1003.1, 2008 Edition. See also [#ISO/IEC 9945-2008] and [#Open Group 2008]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e697f356-f4c5-43ad-8b6b-981a1747afe9"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ed2ce0b-184d-4057-9466-abfae161344e"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[IEEE Std 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition. See also [#ISO/IEC 9945-2004] and [#Open Group 04]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee38fc01-885b-4e17-8343-8b84460271ee"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
\[ilja 2006\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49ba02c6-aa3d-4d72-9bbe-717cc8a2bf8f"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 2001\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium⢠Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74b7ba62-508e-4875-ae87-a1265e339771"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 2000\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5b117dae-e7b8-49e9-ad6d-f17543d700a2"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a78df3fc-d261-42c6-8f7d-6f0651783fee"><ac:parameter ac:name="">ISO/IEC 9945-2008</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2008\] _ISO/IEC 9945:2008 Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX ^®^)_. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a83f9a0b-6d6c-4c29-be0a-05c273385926"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3282c62-10d5-4740-a986-3923054f9673"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cfb9b489-58cd-4642-9b46-fd55cf9c55fe"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b36434fb-5afc-4d6d-af39-b9cfdd9af11e"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="206d0c0d-2466-461e-b726-afd228812e98"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d49aeab4-10a1-4bf8-9558-89de03141bb0"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 2003\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55eb24c4-7ca5-4e5e-b4b1-193afbb8fb2b"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06c0f2bc-ab44-45c7-b240-f65c2c07b61e"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c869767-5ab5-41fc-9af5-a87fd153ff93"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74b0b0e8-8b4a-4ae6-b6cf-8e4b1be823eb"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24772\] ISO/IEC DTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_Mtg_13/22-WG23-N-0238/n0238.pdf], November 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e9fb682-e3fb-4b79-8c46-fb6514e6a940"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="834994b3-fa36-4de8-a38d-d11085da063c"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 2007\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc2e2dd2-ed93-4e4e-88ad-1323f2f0f2d8"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 2004\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd5b64e3-fe3e-46d4-8d96-2a1d5a5ed68f"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 2008\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a158e49f-5584-4f6a-b007-be232e871ec6"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro>
\[Jones 2009\] Jones, Larry. [WG14 N1401 Committee Draft ISO/IEC 9899:201x|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1425.pdf]. November 24, 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e22bbd05-5fbc-4bd5-90ef-00bfefc6ef5a"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
\[Keaton 2009\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9be7db5e-4eb4-419e-922a-7eef9b8f1420"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 2008\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1ac9f32-d90d-439d-806e-4e4b188e38f7"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 2000\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="398b1bd8-670b-44fe-b9c9-f5796069ac03"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f38c1a9-39c7-4d09-b936-07d623dd2960"><ac:parameter ac:name="">Kernighan 147</ac:parameter></ac:structured-macro>
\[Kernighan 147\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53ef2165-d1b0-4242-867b-a7578d71759f"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 2002\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1748b1f2-5e18-40e3-bcf5-536c2eeb4b94"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 2003\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19b75f72-8da5-47ee-bd03-1f1ada73be83"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 2002\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="011a0b6a-1f87-4c0b-b7d2-b65fff933978"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 2004\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1a790b9-74db-41bc-9178-16f1c82f874a"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 2002\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3aa251f5-c89b-4dcd-ab0d-b946bfa2f98f"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 1989\] Koenig, Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e132dd3-bef4-4b07-9afc-fce12848b0f2"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 2006\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dea05043-0ac9-463e-b82b-dc9fc5845c17"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 2006\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c426ef9a-6e09-4427-8806-b2ffeedbc8ce"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
\[Lewis 2006\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebb73e8b-d51e-47ea-89a5-0a679b48fe74"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
\[Linux 2008\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04f37f08-e463-4a0b-b0d6-cec1db305f9a"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 1996\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7c55030-c6b4-4323-b573-e8d90a91a99d"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 2000\] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7640d5c-73a9-47a8-80dc-f23dcd52fa51"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 2006\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9e43fb21-f2bd-45ed-a9f1-51b4d7320da3"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
\[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12a8efcf-fcaf-4855-b0d6-7e9ed9921597"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="889db794-3f14-47d4-ae07-e4162830ded5"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 2007\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11, September 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="940c8872-67ce-404c-96ff-737dd07706ee"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 2001\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec1552f9-0024-4567-98e7-f1eea9d982cf"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 2007\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="595d766f-fe87-4ad7-8f1f-6bb01cacaabc"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2286ee26-5b08-4f0e-ae16-8517ae2011fc"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
\[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="045b7128-6f73-45d4-b654-93c97effb111"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 2003\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcf699b7-f91c-4a06-806d-9ca4804ea816"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 2007\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7059403-da02-4aa7-ac6b-beb1738843d4"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
\[Miller 1999\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b572a2ac-fbb9-4c42-ad51-ee0fc51fbc38"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 2004\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a39758e0-f6c4-46da-8e90-a57ab2fcfaa5"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 2004\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8690a1d2-28fc-4cd1-a452-107680dbe835"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
\[MISRA 2008\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9783d52e-3af3-4cce-abc2-55ffe72c3ebd"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 2004\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0ff4843-5132-440b-9f92-9e18ba477a48"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 2005\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a41fad05-396f-417f-9914-5ab950601c12"><ac:parameter ac:name="">MITRE</ac:parameter></ac:structured-macro>
\[MITRE\] MITRE. [Common Weakness Enumeration, Version 1.8|http://cwe.mitre.org/], February 2010. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a216ef3-862b-41c2-9a11-e34cb58532b6"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 2007\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008.\\ |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73208345-54fe-44fa-b9d4-c19abaf5f9dc"><ac:parameter ac:name="">MKS</ac:parameter></ac:structured-macro>
\[MKS\] MKS Inc. [MKS Reference Pages|http://www.mkssoftware.com/docs/api_index.asp/] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2260aaa9-3cb3-4042-9e1d-e570dd089b98"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45212a3d-a685-41f4-be22-0f5fb15d7eb1"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro>
\[Murenin 2007\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88eaf1b1-be70-46be-9bad-d8165196adf8"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 1998\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7740778e-4648-4573-a91c-d9c2d89908e5"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d70555ee-65d5-4a78-8896-ed4657de289a"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 2006\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27ba1429-e29d-4e3f-a61f-cdd48a1ebfaf"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1fe2c212-c1c7-434e-8359-aee0eff738aa"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24cc649b-0d67-4941-848f-acfabc57c42f"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aab40556-6d89-4f4a-b179-2403738aaf88"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d14c4ec-b26c-4318-b262-54c670f45b7a"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>\[Open Group 08\] The Open Group. "[_The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition_|http://www.opengroup.org/onlinepubs/9699919799/toc.htm]." (2008). See also [#IEEE Std 1003.1-2008]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4cf89f9-76c8-4efe-9bb5-7159df5139e4"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 1997a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98a5e21a-cab8-46a3-8b64-63336273ce7c"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 1997b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43a4041e-7465-44a3-af34-362f870e3d55"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1bd3a420-7e5c-4ed0-849b-d2e83d5f7937"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13809143-7e2a-4c16-9eea-175e6f89d008"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d801d274-b5e4-482b-a4d0-d90d806601cc"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>\[Open Group 2004\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004). See also [#IEEE Std 1003.1-2004]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c84870c3-9290-44bc-b802-45391686d358"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]." |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c9269ef-c729-473a-b696-c82b62ea202b"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]." |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64c57d92-d2f9-4e24-87c3-84124ded453a"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 2003\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6354b0b-8bac-4b77-b57c-5ce08132469b"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 2004\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="989fa6c1-a5ae-4109-97be-629ae6e238d0"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 1993\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f76b9b9-f3e2-47db-92b4-e76520457fc1"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 2005\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3714ecd5-91c9-4caa-b0cd-985ebcea4203"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 1985\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c4e6254-04e8-4675-945e-a8a946a078d5"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 1989\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c8bfbdb-3cf3-4bed-acd0-0717b36cc3c4"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 1991\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47cab983-d2bb-4c62-bf15-4dca00105521"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 2008\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf] |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="965129e6-0bc5-44d2-974b-95bcc7689890"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 2006\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9a45667-a137-4d20-9fd7-7780a6d96447"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="674731c1-a268-4e90-a6b6-80f6dc937384"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 1974\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="723841f6-3359-4325-a287-033d412d4507"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 1975\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9051b14-93e4-40e8-9bce-b6e18eb37f6a"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 1999\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41f84801-f479-43dd-b25a-092d8f115d42"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 2000\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66a2ef8a-6577-4966-9d03-c1ec8ec70b80"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 2001a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a1d8f79-2a81-45e1-90b2-b1917ae5b1ae"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 2001b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b612dcd-f074-42a4-aed9-f5125ba1b393"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 2002\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11c7319b-8c6e-4cd9-87b5-e04449a398dd"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 2005\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b888b311-f082-487c-8721-3db30367620e"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 2007a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c49e48aa-7fb8-4b54-acaa-4efdf9116b24"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 2007b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="858d1ab6-813e-4436-813d-95e6ac041abe"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 2008\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0931064c-8b50-4ccd-8768-48ab657c1d9c"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 2005\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ea62902-e47f-471a-8e89-72e2d5a4a957"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 2003\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea6d933b-5946-4a8a-906f-55ed73efd574"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87d4cc7a-ace6-4935-ba82-03d0efb8845e"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 2005a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="519a1449-4cd5-4b2a-ab5b-2f2567d2440d"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 2005b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="503b7987-2459-4866-b8f9-d009df8685da"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 2005c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_, November 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="390d4410-fe8a-4914-ae1b-7a76ea10c062"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="325244f4-bd44-4815-aee6-3a845efbe3ec"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 2007\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="05c5b420-d635-4377-bc41-ab8211339cca"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 2007\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="876f4abd-7d75-422c-a7a1-d4b755ccae03"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 2004\] Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e342cb33-e232-4819-9a44-1b7a41fd1fe0"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 2006\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="312b3992-5887-4453-b702-451ae29efa89"><ac:parameter ac:name="">StackOvflw 09</ac:parameter></ac:structured-macro>
\[StackOvflw 2009\] ["Should I return TRUE / FALSE values from a C function?"|http://stackoverflow.com/questions/559061/should-i-return-true-false-values-from-a-c-function] StackOverflow.com User Questions. March 15, 2010. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7a0975c-0c1e-471a-a59d-7acd86221d71"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 1977\] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f677079f-4da9-41f8-ab43-62229bbc081a"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 1995\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9023446-ca67-4703-9b0d-b68138cbb2e3"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 2005\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://www.faqs.org/faqs/comp.lang.c/C-FAQ-list/?], 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c8c2013-621b-4199-996c-12510e1755b6"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11c77796-8946-4bf6-b5f9-deebf663219d"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 2005\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55953899-7dd2-49e9-8696-04299c16dbd9"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 2004\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06b5b8da-65c9-422c-b18f-a79fe5c8b44a"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
\[Tsafrir 2008\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66 |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b856eda-d3ba-4b31-a28e-3df4879abaf6"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
\[Unicode 2006\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29d49ae0-ef29-4dc4-af1e-ed88ec566940"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 2007\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="363ffa62-fd8b-4694-8480-f4e2d25bb872"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 2006\] van Sprundel, Ilja. [Unusualbugs|http://www.ruxcon.org.au/files/2006/unusual_bugs.pdf], 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fde0d6ac-a62a-4886-b5a2-3c3fd239e07e"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
\[Viega 2001\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b25e873-6bed-4d85-8119-a3e18b2a9dce"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 2003\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a2c2745-d9fa-4ed3-b012-aa783d0a9c2a"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 2005\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6be46c0-eb51-43b5-82ec-111a7b217265"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f3f598f-cc77-479b-a85f-847ac5eb3997"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca633d7e-cd43-49ae-9f60-4efa4064a2c2"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="786250b5-452b-4d3e-88a3-35f959ad3125"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="495f1fe3-5b45-4511-b846-331a00613723"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="706a23f0-38d6-4fff-bfd7-cfef5f27ff65"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b6916f2-8611-4de4-b61b-115730c4797c"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13511880-7851-42e2-ac34-1eabd1e4a6bc"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="120b7412-bf14-456f-8be3-bf5f58f4429a"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff4d06a0-dac0-46fd-b771-90f986a118bc"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a8c185f6-79b1-473b-9e93-c4f39dba1417"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b8d7bb1-4468-41ba-b94b-4a1a492cdc74"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa27f4f1-2f89-4408-bae8-9b3a6216b912"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d6110e0f-db73-42ff-aaff-47ea295f7a90"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb7b64ef-c4dc-4781-83a1-ac0755701963"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 2002\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654). |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0a1bca9-6f42-4c66-b52a-83a1638df5cb"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro>
\[WG14/N1396\] Thomas, J., Tydeman, F. "[Wide function return values|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1396.htm]", September 2009. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f9fe780-85ee-425a-bd36-a657ccd9b59e"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 2003\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d9620f7-85bd-45ef-a0bd-b7f2214cb99d"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 2004\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de96bd9d-220b-487b-b2de-233ae21170ca"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 2008\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00264aba-9157-4f53-8970-f44f366590c3"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
\[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/]. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37fff690-133b-40fd-acac-468ceeaf5d3d"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 1998\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998. |
Wiki Markup |
---|
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70b48df7-82dd-4bb7-b73d-f1c92e8ef449"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 2001\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001. |
Image Removed CERT C Secure Coding Standard Image Modified