<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4252420-30d4-4acf-a77d-6ddbbdab0794"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
[Apple 06] Apple, Inc. Secure Coding Guide (May 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81a8510a-cb9e-4c8b-9ff7-975b56f266e6"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
[Banahan 03] Banahan, Mike. The C Book (2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ffed5e6-371b-4fcd-9be5-05a3aadfe391"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
[Bryant 03] Bryant, Randy; O'Halloran, David. Computer Systems: A Programmer's Perspective. Prentice Hall, 2003. ISBN 0-13-034074-X.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56419115-0629-4b9a-b1b4-4f73fdb68bd7"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3d01dc6-c3d2-4caa-beac-3b4e01740d67"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] Callaghan, B.; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification (June 1995).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eaf3da1e-4132-4a3f-b9eb-637c754afdbf"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
[CERT 06a] CERT/CC. CERT/CC Statistics 1988-2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d82cab8-996d-4ac2-af22-9cf48732789a"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
[CERT 06b] CERT/CC. US-CERT's Technical Cyber Security Alerts.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3014df3c-c991-40d4-9c73-8f4c92c17120"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
[CERT 06c] CERT/CC. Secure Coding web site.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82e38b37-47f6-4085-9c2f-70c80b1019b4"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3c77dde-4b9b-4022-afb8-b49aeddc48f9"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
[DHS 06] U.S. Department of Homeland Security. Build Security In.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54df1a6d-2139-4483-8346-8b35ef8b201a"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8344ec9a-03ca-4a95-9005-eb65ce2ccbca"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong) (May 3, 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df5ceb48-4276-4067-b511-eec8209354a2"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5847d1c-09ba-41d2-bcde-87d66a8a6890"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
[Fortify 06] Fortify Software Inc. Fortify Taxonomy: Software Security Errors (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="552871d6-391d-48e0-8319-f597d1a1f4e9"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
[GNU Pth] Engelschall, Ralf S. GNU Portable Threads (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34604cbf-686f-41d4-883e-3cd58a50587d"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
[Goldberg 91] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5764c0d6-32e9-4bb2-9195-c5fce7e1b579"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="624bb622-3837-473c-95ad-0a80844ea21a"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer."
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="171da1d5-2aea-4dc8-87ef-80c3aae4cc93"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e5192de-3ad5-4b08-8c90-93b470577d79"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca75fbea-5bba-41f0-b4cd-2b5617cd8df4"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45e2054c-625e-4bd3-9636-d1bc52a846db"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33127f43-e775-4469-87f0-eab18bf07f0e"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
[IEEE 754 2006] IEEE. Standard for Binary Floating-Point Arithmetic (IEEE 754-1985) (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="940c1516-9363-47ca-b0ed-fff2d95f1e02"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3db9109-3f95-4109-a30c-a64b1ec6da1f"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
[ISO/IEC 646-1991] ISO/IEC. Information technology: ISO 7-bit coded character set for information interchange (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="710173e5-7e39-447a-a3e8-9409b82f4b24"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC. Programming Languages — C, Second Edition (ISO/IEC 9899-1999). Geneva, Switzerland: International Organization for Standardization, 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df3cd87a-b826-4692-a12c-b8d1260f9476"><ac:parameter ac:name="">ISO/IEC 9899-1999TC2</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999:TC2] ISO/IEC. Programming Languages — C (ISO/IEC 9899-1999:TC2). Geneva, Switzerland: International Organization for Standardization, 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="345b10d8-a385-47f4-845a-575dc4800a3e"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
[ISO/IEC 14882-2003] ISO/IEC. Programming Languages — C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7872a63-7fba-4843-adfc-b7b75ef58d68"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
[ISO/IEC 03] ISO/IEC. Rationale for International Standard — Programming Languages — C, Revision 5.10. Geneva, Switzerland: International Organization for Standardization, April 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33cb1a55-bebb-4702-b343-258e377984e0"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
[ISO/IEC JTC1/SC22/WG11] ISO/IEC. Binding Techniques (ISO/IEC JTC1/SC22/WG11) (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a9fded9-7838-4bd8-b55a-1975e8b0154e"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. Geneva, Switzerland: International Organization for Standardization, April 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9476a2a9-3f9d-4eec-a359-cea9b18357a3"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
[Jack 07] Jack, Barnaby Vector Rewrite Attack (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5eb2b1d7-a0b4-49f7-bb9f-e59416b5aca0"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kennaway, Kris. Re: /tmp topic (December 2000).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5246353-690b-40ad-ae14-1e55b4f935e6"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d135388-7726-446d-b530-16c4c49c9b29"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2ed0a88-5f88-4fe8-b69c-dfea5f4fa0b6"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c2df27a-9b56-4078-912c-365b99a0f6ca"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f2ad4e3-a80b-4fca-aa10-143278e056da"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
[Kuhn 06] Kuhn, Markus. UTF-8 and Unicode FAQ for Unix/Linux (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e249463d-47e3-4fc0-8fed-12f8e5db4622"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="30882c8b-9b25-4cf4-b49e-37f3ac877311"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
[Lions 96] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="289ba9ed-3304-410a-a9eb-a1933941986b"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro>
[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001, Rev C. December 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2f6faa93-f818-4e8a-8ef6-6e6bb0523fda"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
[McCluskey 01] flexible array members and designators in C9X ;login:, July 2001, Volume 26, Number 4, p. 29-32
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c9a227a-01f9-4ef3-b127-a539bcd447ba"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e847d200-3d19-4c39-a9ce-7cbe5669c73e"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MISRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bbc9eae-1bff-4443-8889-1b66c7816911"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
[MIT 05] MIT. "MIT krb5 Security Advisory 2005-003 (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38ebfc0d-791f-4dd3-b074-43e0dafe307c"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4f1eb2f-f5b6-4187-a9c7-5b67fb3861da"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd0c900b-aea8-4731-b991-ef862af7f4e4"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="18c9c1bf-ea64-4579-a701-865bf879429c"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8f213589-1203-4cc1-91bd-fe2e65953afe"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
[Open Group 97b] The Open Group. Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification (May 1997).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="76f1b532-c750-4cea-bbdd-52d04fcb5184"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group and the IEEE. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition (2004).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec381472-2ef1-4a62-963b-2c559077a66a"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
[Plakosh 05] Plakosh, Dan. Consistent Memory Management Conventions (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9e7073f-ae03-44ee-80e9-54b8643dcc04"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32d83723-6212-4b06-abcd-1273cc192f6b"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56144ef8-cfba-4e00-8971-cbb805e2d2bc"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
[Redwine 06] Redwine, Samuel T., Jr., ed. Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1. U.S. Department of Homeland Security, September 2006. See Software Assurance Common Body of Knowledge on Build Security In.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9591a22-9328-490c-82bc-337368a5fb72"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13-16.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21ee2755-2f69-4a90-8f3a-ad3fa9113b99"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c136ecb-8f07-4f2b-a428-4591c8418363"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40a564ef-b6f5-46bd-a466-f1a7c60794e9"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4cb337fd-a135-4da6-b960-58902c891eef"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
[Spinellis 06] Spinellis, Diomidis. Code Quality: The Open Source Perspective. Addison-Wesley, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdbe949c-8b98-465e-abb4-2238221afe49"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
[Steele 77] Steele, G. L. 1977. Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="43314724-b16c-4326-b839-667ff96c9d91"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04d533d7-6e0e-4cea-a255-513726cbb28f"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14b7b0cb-7f1f-4d83-b752-2dabd5736ed8"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
[Sun 05] C User's Guide. 819-3688-10. Sun Microsystems, Inc. (2005)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9d6e1a1-e8ea-4787-ad28-f63109501280"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
[van de Voort 07] van de Voort, Marco. Development Tutorial (a.k.a Build FAQ) (January 29, 2007).
[van Sprundel 06] van Sprundel, Ilja. Unusual Bugs (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbed5f0f-eee5-4bd9-a729-00ee141855a0"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="630faa4c-baf2-4677-8f71-c7541dc13a0d"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85fa4fa1-340c-4c5f-84da-70d7a99db138"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
[VU#196240] Taschner, Chris & Manion, Art. Vulnerability Note VU#196240, Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71f1bf03-efb1-4946-9cb0-1d17794452d2"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
[VU#286468] Burch, Hal. Vulnerability Note VU#286468, Ettercap contains a format string error in the "curses_msg()" function (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="411b8f7c-a497-41a5-a98f-05c504333d96"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
[VU#551436] Giobbi, Ryan. Vulnerability Note VU#551436, Mozilla Firefox SVG viewer vulnerable to buffer overflow (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c3ce91e-bc6f-4112-9b5b-e6e95c2e0723"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
[VU#623332] Mead, Robert. Vulnerability Note VU#623332, MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5debd103-95d8-4273-8bdf-e10bb86b8ba6"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
[VU#649732] Gennari, Jeff. Vulnerability Note VU#649732, Samba AFS ACL mapping VFS plug-in format string vulnerability (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a27a64f-8687-49fc-a6c0-8edf80061ade"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris telnet authentication bypass vulnerability (2007).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc957b62-7fdd-46e6-9e89-ccab0d2c5596"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5617dc0e-9bea-4357-8c72-b363b4013a5c"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] Wheeler, David. Secure Programming for Linux and Unix HOWTO, v3.010 (March 2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd66144b-9ea4-4fc1-a4fb-6027afa1e8f2"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
[Yergeau 98] Yergeau, F. RFC 2279 - UTF-8, a transformation format of ISO 10646 (January 1998).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d52ce9f-6e8b-4af1-826f-539b96d8c4a6"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
[Zalewski 01] Michal Zalewski. Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities, May, 2001.