You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 145 Next »

[Abrahams 2010] Abrahams, David. Error and Exception Handling, #7. Boost Library. 2010.

[Banahan 2003] Banahan, Mike. The C Book . 2003.

[Barney 2010] Barney, Blaise. POSIX Threads Programming. Lawrence Livermore National Security, LLC. 2010.

[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++. April 2008.

[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++. September 2009.

[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), May 2007.

[Cline 2009] Cline, Marshall. C++ FAQ Lite—Frequently Asked Questions. 1991-2009.

[CodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI. [Accessed 2016]

[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. Itanium C++ ABI ($Revision: 1,86 $). [Accessed 2016]

[Coverity 2007] Coverity Prevent User's Manual (3.3.0). 2007.

[CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.

[Dewhurst 2002] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed October 2016.

[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed October 2016.

[Dowd 2007] Dowd, McDonald & Schuh. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.

[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

[FSF 2005] Free Software Foundation. GCC online documentation. (2005).

[Gamma 1995] Gamma, Helm, Vlissides, and Johnson. Design Patterns Elements of Reusable Object Oriented Software. Addison Wesley, 1995.

[GNU 2016] gnu.org. GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed]. https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.

[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5).

[Hinnant 2005] Hinnant, Howard. RValue Reference Recommendations for Chapter 20. N1856, August 2005.

[Hinnant 2015] Hinnant, Howard. Reply to "std::exception Why what() is returning a const char* and not a string?" [public forum post]. ISO C++ Standard—Discussion, June 28, 2015.

[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.

[IEEE Std 610.12 1990] IEEE.  IEEE Standard Glossary of Software Engineering Terminology . (1990).


[IEEE Std 1003.1:2013] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 (IEEE Std 1003.1, 2013 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089.

[INCITS 2012] INCITS Document number N3396= 12-0096. Dynamic memory allocation for over-aligned data. 2012. http//www.open-std.org/jtcl/sc22/wg21/docs/papers/2012/n3396.html

[INCITS 2014] INCITS PL22.16 and ISO WG21 C++ Standards Committee, Library Working Group (LWG).  C++ Standard Library Active Issues List (Revision R88) , Doc. N3967, 2014.

[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.

[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011.

[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition, 1998.

[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition, 2003.

[ISO/IEC 14882-2011] ISO/IEC 14882-2011. Programming Languages — C++, Third Edition, 2011.

[ISO/IEC 14882-2014] ISO/IEC 14882-2014. Programming Languages — C++, Fourth Edition, 2014.

[ISO/IEC N3000] Working Draft, Standard for Programming Language C++, November 2009.

[ISO/IEC TR 24772-2013] ISO/IEC TR 24772-2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013.

[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, 2012.

[Jack 2007] Jack, Barnaby.  Vector Rewrite Attack . May 2007.

[Kalev 99] Kalev, Danny. ANSI/ISO C++ Professional Programmer's HandbookIndianapolis, Ind: Que, 1999.

[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

[Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.

[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996.

[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, 2001.

[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, 2005.

[Meyers 2014] Meyers, Scott. Reply to "The Drawbacks of Implementing Move Assignment in Terms of Swap" [blog post]. The View from Aristeia: Scott Meyers' Professional Activities and Interests, 2014.

[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines

[MISRA 2004] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

[MISRA 2008] MIRA Limited. "MISRA C++: 2008 Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9, April 2008.

[MITRE 2008a] MITRE. CWE ID 327, "Use of a Broken or Risky Cryptographic Algorithm," 2008.

[MITRE 2008b] MITRE. CWE ID 330, "Use of Insufficiently Random Values," 2008.

[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.

[MSDN 2010] MSDN. "CryptGenRandom Function."

[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed]. https://msdn.microsoft.com/en-us/library/49147z04.aspx

[NIST 2006] NIST. SAMATE Reference Dataset , 2006.

[Open Group 2013] The Open Group.  The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition , 2013.

[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition , 2008.

[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition , 2004.

[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., November 1991 (ISBN 0911537104).

[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," 27-35. NIST Special Publication 500-262, Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.

[Rohlf 2009] Rohlf, Chris. Fun with erase () . 2009.

[Saks 1999] Dan Saks. const T vs.T const . Embedded Systems Programming. Pg. 13-16. February 1999.

[Saks 2007] Saks, Dan. "Sequence Points" Embedded Systems Design, 07/01/02.

[Seacord 2005] Seacord, R. Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, 2005 (ISBN 0321335724).


[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. See http://www.cert.org/books/secure-coding for news and errata.

[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68, Issue 475, 2010.

[SGI 2006] Silicon Graphics, Inc. "basic_string<charT, traits, Alloc>." Standard Template Library Programmer's Guide, 2006.

[Steele 1977] Steele, G. L. 1977. Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.

[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0201889544).

[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ (2006). Accessed November 2016.

[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques (2001).

[Sun 1993] Sun Security Bulletin #00122, 1993.

[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2000 (ISBN 0201615622).

[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2001 (ISBN 020170434).

[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

[van Sprundel 2006] van Sprundel, Ilja. Unusual bugs, 2006.

[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

[Viega 2005] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software, 2005.

[VU#159523] Giobbi, Ryan. Vulnerability Note VU#159523Adobe Flash Player integer overflow vulnerability. April 2008.

[VU#162289] Dougherty, Chad. Vulnerability Note VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.

[VU#623332] Mead, Robert. Vulnerability Note VU#623332. MIT Kerberos 5 contains double free vulner-ability in "krb5_recvauth()" function. July 2005.

[VU#925211] Weimer, Florian. Vulnerability Note VU#925211. Debian and Ubuntu OpenSSL packages contain a predictable random number generator. May 2008.

[Warren 2002] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

[Williams 2010] Williams, Anthony. Boost Library Thread, 2007-2008.

[Williams 2010] Williams, Anthony. Simpler Multithreading in C++0x, Internet.com, 2010.

[xorl 2009] xorl. xorl %eax, %eax. December 2016 [accessed].

 


 

  • No labels