[Abrahams 2010] Abrahams, David.
Boost Library Error and Exception Handling Guidelines, #7, 2001-. Boost Library. 2010. [Banahan 2003] Banahan, Mike. The C Book . 2003.
[Barney 2010] Barney, Blaise.
POSIX Threads Programming, . Lawrence Livermore National Security, LLC
, . 2010.
[Becker 2008] Becker, Pete.
Working Draft, Standard for Programming Language C++, . April 2008.
[Becker 2009] Becker, Pete
Working Draft, Standard for Programming Language C++, . September 2009.
[Black 2007]
Black, Paul E.
Black; Kass, Michael
Kass; & Koo, Michael
Koo.
Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL)
, Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf. May 2007.[Cline 2009] Cline, Marshall.
C++ FAQ Lite - Frequently Lite—Frequently Asked Questions 1991. 1991-2009
. Anchor |
---|
| codesourcery 2016a |
---|
| codesourcery 2016a |
---|
|
[CodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI. December 2016 [accessed]. Anchor |
---|
| codesourcery2016b |
---|
| codesourcery2016b |
---|
|
[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI (Revision: 1,86). December 2016 [accessed].[Coverity 2007] Coverity. Coverity Prevent User's Manual (3.3.0). 2007. [CWE] MITRE.
Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.
Anchor |
---|
| Dewhurst 0302 |
---|
| Dewhurst 0302 |
---|
|
[Dewhurst
20032002] Dewhurst, Stephen C.
C++ Gotchas: Avoiding Common Problems in Coding and Design.
Boston, MA: Addison-Wesley Professional
, . 2002.
[Dewhurst 2005] Dewhurst, Stephen C.
C++ Common Knowledge: Essential Intermediate Programming.
Boston, MA: Addison-Wesley Professional
, 2005. 2005.[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed April 2015.[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.
[Dowd
20072006] Dowd,
Mark; McDonald
, John; & Schuh
. The Art of Software Security Assessment - , Justin. Attacking delete and delete[] in C++, 2007. In The Art of Software Security Assessment. Addison-Wesley Professional. 2006.
[Fortify 2006] Fortify Software Inc.
Fortify Taxonomy: Software Security Errors, . 2006.
[FSF 2005] Free Software Foundation.
GCC online documentationOnline Documentation. ( 2005
).
[Gamma
19951994] Gamma,
Erich; Helm
, Richard; Johnson, Ralph,
& Vlissides,
and JohnsonJohn.
Design Patterns Elements of Reusable Object Oriented Software. Addison
-Wesley
, 1995Professional. 1994.[GNU 2016] gnu.org. GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed].
[Goldberg 1991] Goldberg, David.
What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems
, . March 1991.
[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R.
Secure Coding: Principles and Practices.
Cambridge, MA: O O'Reilly
, . 2003
(. ISBN 0596002424
).
[Henricson 1997] Henricson, Mats & Nyquist, Erik.
Industrial Strength C++.
Upper Saddle River, NJ: Prentice Hall PTR
, . 1997
(. ISBN 0-13-120965-5
.[Hinnant 2005] Hinnant, Howard. RValue Reference Recommendations for Chapter 20. N1856=05-0116. August 2005.[Hinnant 2015] Hinnant, Howard. Reply to "std::exception Why what() is returning a const char* and not a string?" ISO C++ Standard—Discussion.
June 2015. Anchor |
---|
| IEC 60812 2006 |
---|
| IEC 60812 2006 |
---|
|
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed.
( IEC 60812
). IEC
, . January 2006.
Anchor |
---|
| IEEE Std 610.12 1990 |
---|
| IEEE Std 610.12 1990 |
---|
|
[IEEE Std 610.12 1990] IEEE. IEEE Standard Glossary of Software Engineering Terminology. 1990. Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
[IEEE Std 1003.1:2013] IEEE & The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX). Base Specifications. Issue 7. 2013.[INCITS 2012] INCITS Document number N3396= 12-0096. Dynamic memory allocation for over-aligned data. 2012. [INCITS 2014] INCITS PL22.16 and & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88), Doc. N3967, 2014. 2014.
[INCITS 2020] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N4860. 2020.
Anchor |
---|
| Internet Society 00 |
---|
| Internet Society 00 |
---|
|
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.
Anchor |
---|
| ISO/IEC 9899-1999 |
---|
| ISO/IEC 9899-1999 |
---|
|
Anchor |
---|
| ISO-IEC 9899-1999 |
---|
| ISO-IEC 9899-1999 |
---|
|
[ISO/IEC 9899-1999] ISO/IEC 9899-1999.
Programming Languages — C, Second Edition, . 1999.
Anchor |
---|
| ISO/IEC 9899-2011 |
---|
| ISO/IEC 9899-2011 |
---|
|
Anchor |
---|
| ISO-IEC 9899-2011 |
---|
| ISO-IEC 9899-2011 |
---|
|
[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed. ISO/IEC 9899:2011. 2011. Anchor |
---|
| ISO/IEC14882 14882-1998 |
---|
| ISO/IEC 14882IEC14882-1998 |
---|
|
[ISO/IEC 14882-1998] ISO/IEC 14882-1998.
Programming Languages — C++, First Edition, . 1998.
Anchor |
---|
| ISO/IEC 14882IEC14882-2003 |
---|
| ISO/IEC 14882IEC14882-2003 |
---|
|
[ISO/IEC 14882-2003] ISO/IEC 14882-2003.
Programming Languages — C++, Second Edition, . 2003.
Anchor |
---|
| ISO/IEC 14882IEC14882-2011 |
---|
| ISO/IEC 14882IEC14882-2011 |
---|
|
[ISO/IEC 14882-2011] ISO/IEC 14882-2011.
Programming Languages — C++, Third Edition, . 2011.
Anchor |
---|
| ISO/IEC 14882IEC14882-2014 |
---|
| ISO/IEC 14882IEC14882-2014 |
---|
|
[ISO/IEC 14882-2014] ISO/IEC 14882-2014.
Programming Languages — C++, Fourth Edition, 2014. 2014. Anchor |
---|
| ISO/IEC N3000 |
---|
| ISO/IEC N3000 |
---|
|
[ISO/IEC N3000 2009] Working Draft, Standard for Programming Language C++. November 2009.
Anchor |
---|
| ISO/IEC DTR TR 24772-2013 |
---|
| ISO/IEC DTR TR 24772-2013 |
---|
|
[ISO/IEC
DTR TR 24772
:2013] ISO/IEC
DTR 24772.
Information Technology — Programming Languages — Guidance Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009. TR 24772-2013. ISO. March 2013. Anchor |
---|
| ISO/IEC TS 17961 |
---|
| ISO/IEC TS 17961 |
---|
|
Anchor |
---|
| ISO-IEC TS 17961 |
---|
| ISO-IEC TS 17961 |
---|
|
Anchor |
---|
| ISO/IEC TS 17961-2013 |
---|
| ISO/IEC TS 17961-2013 |
---|
|
[ISO/IEC TS 17961:2012] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. ISO. 2012.
[Jack 2007] Jack, Barnaby.
Vector Rewrite Attack. Juniper Networks. May 2007.
[Kalev 1999] Kalev, Danny. ANSI/ISO C++ Professional Programmer's Handbook. Que. Corporation. 1999[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd Edition. Addison-Wesley Professional. 2000.[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996.
[Lions 1996] Lions, J. L.
ARIANE 5 Flight 501 Failure Report.
Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES)
Inquiry Board, . July 1996.
Anchor |
---|
| Lockheed Martin 05 |
---|
| Lockheed Martin 05 |
---|
|
[Lockheed Martin 2005] Lockheed Martin.
"Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001
, Rev C.
, December 2005
. Anchor |
---|
Meyers 95 | Meyers 95 | [Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995.
[Meyers 1996] Meyers, Scott.
More Effective C++: 35 New Ways to Improve Your Programs and Designs.
Boston, MA: Addison-Wesley
, 1996. Anchor |
---|
Meyers 97 | Meyers 97 | [Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997.. 1996.[Meyers 2001] Meyers, Scott.
Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library.
Boston, MA: Addison-Wesley Professional
, . 2001.
[Meyers 2005] Meyers, Scott.
Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition).
Boston, MA: Addison-Wesley Professional
, 2005. 2005.[Meyers 2014] Meyers, Scott. Reply to The Drawbacks of Implementing Move Assignment in Terms of Swap [blog post]. The View from Aristeia: Scott Meyers' Professional Activities and Interests. 2014.
[Microsoft 2010]
STL std::string class causes crashes and memory corruption on multi-processor machines. 2010.[MISRA 2004] MIRA Limited.
" MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems.
" Warwickshire, UK: MIRA Limited
, . ISBN 095241564X. October 2004
(ISBN 095241564X).
[MISRA 2008]
MIRA MISRA Limited.
"MISRA C++: 2008 " Guidelines for the Use of the C++ Language in Critical Systems", . ISBN 978-906400-03-3 (paperback)
, ISBN ; ISBN 978-906400-04-0 (PDF)
, . June 2008.
[MITRE 2007] MITRE.
Common Weakness Enumeration, Draft 9, . April 2008.
[MITRE 2008a] MITRE.
CWE ID 327, ". Use of a Broken or Risky Cryptographic Algorithm," . 2008.
[MITRE 2008b] MITRE.
CWE ID 330, ". Use of Insufficiently Random Values," 2008. 2008.[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.
[MSDN 2010]
MSDNMicrosoft Developer Network.
"CryptGenRandom Function.". December 2016 [accessed].[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed].[NIST 2006] NIST.
SAMATE Reference Dataset, . 2006.
Anchor |
---|
| IEEE Std 1003.1-2013 |
---|
| IEEE Std 1003.1-2013 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2013 |
---|
| ISO/IEC 9945:2013 |
---|
|
Anchor |
---|
| Open Group 13 |
---|
| Open Group 13 |
---|
|
[Open Group 2013] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition, . 2013.
Anchor |
---|
| IEEE Std 1003.1-2008 |
---|
| IEEE Std 1003.1-2008 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2008 |
---|
| ISO/IEC 9945:2008 |
---|
|
Anchor |
---|
| Open Group 08 |
---|
| Open Group 08 |
---|
|
[Open Group 2008] The Open Group.
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, . 2008.
Anchor |
---|
| IEEE Std 1003.1-2004 |
---|
| IEEE Std 1003.1-2004 |
---|
|
Anchor |
---|
| ISO/IEC 9945:2003 |
---|
| ISO/IEC 9945:2003 |
---|
|
Anchor |
---|
| Open Group 04 |
---|
| Open Group 04 |
---|
|
[Open Group 2004] The Open Group.
The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, . 2004.
[Plum 1991] Plum, Thomas.
C++ Programming.
Kamuela, HI: Plum Hall, Inc.
, November 1991
(. ISBN 0911537104
).
[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas.
" Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++
," . 27-35.
NIST Special Publication Page 500-262, . In Proceedings of the Static Analysis Summit.
Gaithersburg, MD, July 2006
.[Rohlf 2009] Rohlf, Chris.
Fun with erase (). 2009.[Saks 1999]
Saks, Dan
Saks.
const T vs.T const.
Embedded Systems Programming.
Pg February 1999.
Pages 13-16
. February 1999.
http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf[Saks 2007] Saks, Dan.
"Sequence Points" . Embedded Systems Design, 07/01/02. 2007.
[Seacord 2005] Seacord,
RRobert C.
Secure Coding in C and C++.
Upper Saddle River, NJ: Addison-Wesley
, 2006 (ISBN 0321335724). 2005. ISBN 0321335724.[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, Second Edition. Addison-Wesley. 2013.
[Sebor 2004] Sebor, Martin.
C++ Standard Core Language Active Issues, Revision 68, Issue 475, . 2010.
[SGI 2006] Silicon Graphics, Inc.
" basic_string<charT, traits, Alloc>.
" Standard Template Library Programmer's Guide, . 2006.
[Steele 1977] Steele, G. L.
1977. Arithmetic shifting considered harmful. SIGPLAN NotNotices. Volume 12
, . Issue 11
(Nov.
November 1977
), . Pages 61-69.
Anchor |
---|
| Stroustrup 97 |
---|
| Stroustrup 97 |
---|
|
[Stroustrup 1997] Stroustrup, Bjarne.
The C++ Programming Language, Third Edition.
Reading, MA: Addison-Wesley
, . 1997
(ISBN 0201889544). ISBN 978-0201700732.
Anchor |
---|
| Stroustrup 06 |
---|
| Stroustrup 06 |
---|
|
[Stroustrup 2006] Stroustrup, Bjarne.
C++ Style and Technique FAQ (2006).2006. December 2016 [accessed].
Anchor |
---|
| Stroustrup 01 |
---|
| Stroustrup 01 |
---|
|
[Stroustrup 2001] Stroustrup, Bjarne.
Exception Safety: Concepts and Techniques (2001). AT&T Labs. 2001.
[Sun 1993]
Sun Security Bulletin #00122, . 1993.
[Sutter 2000] Sutter, Herb.
Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2000
(. ISBN 0201615622
).
[Sutter 2001] Sutter, Herb.
More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2001
(. ISBN 020170434
).
[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei.
C++ Coding Standards: 101 Rules, Guidelines, and Best Practices.
Boston, MA: Addison Addison-Wesley Professional
, . 2004
(. ISBN 0321113586
).
Anchor |
---|
| van Sprundel06 |
---|
| van Sprundel06 |
---|
|
[van Sprundel 2006] van Sprundel, Ilja.
UnusualbugsUnusual bugs. 2006.
[Viega 2003] Viega, John & Messier, Matt.
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More.
Sebastopol, CA: O'Reilly
, . 2003
(. ISBN 0-596-00394-3
. [Viega 2005] Viega, John. CLASP Reference Guide, Volume 1.1. Secure Software. 2005.[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523. Adobe Flash Player integer overflow vulnerability. April 2008. [VU#162289] Dougherty, Chad. Vulnerability Note VU#162289. GCC Silently Discards Some Wraparound Checks. April 2008.[VU#623332] Mead, Robert. Vulnerability Note VU#623332. MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()
" function.
July 2005. [VU#925211] Weimer, Florian. Vulnerability Note VU#925211. Debian and Ubuntu OpenSSL packages contain a predictable random number generator. May 2008.[Warren 2002] Warren, Henry S.
Hacker's Delight.
Boston, MA: Addison Wesley Professional. 2002
(. ISBN 0201914654
).
[Williams
20102010a] Williams, Anthony
. Thread.
Boost Library Thread, 2007-2008. 2010.
[Williams
20102010b] Williams, Anthony.
Simpler Multithreading in C++0x, . Internet.com
, . 2010.
[xorl 2009] xorl.
xorl %eax, %eax.
Image Removed Image Removed Image Removed. December 2016 [accessed].