...
 [Black 2007] Black, Paul E.
, ; Kass, Michael
, ; & Koo, Michael. 
Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007
. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf.| Anchor | 
|---|
| |  | Brainbell.com | 
|---|
 |  | Brainbell.com | 
|---|
 | 
 [Brainbell.com] Brainbell.com. 
Advice and Warnings for C Tutorials.
 [Bryant 2003] Bryant, Randal E. 
, & O'Halloran, David. 
Computer Systems: A Programmer's Perspective. Upper Saddle River, NJ: Prentice Hall, 2003 (ISBN 0-13-034074-X).
 [Burch 2006] Burch, Hal
, ; Long, Fred
, ; & Seacord, Robert C. 
Specifications for Managed Strings (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.
...
 [C99 Rationale 2003] 
Rationale for International Standard—Programming Languages—C, Revision 5.10 (C99 Rationale), April 2003.
 http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf. [Callaghan 1995] Callaghan, B
., ; Pawlowski, B.
, ; & Staubach, P. 
IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.
...
 [Chen 2002]  Chen, H.
, ; Wagner, D.
, ; & Dean, D. 
Setuid Demystified. USENIX Security Symposium, 2002.
...
 [DISA 
20082015] DISA. 
Application Security and Development Security Technical Implementation Guide, Version 2, Release 1. 
July 2008Accessed April 2015.
 [DOD 5220] U.S. Department of Defense. 
DoD Standard 5220.22-M (Word document).
 [Dowd 2006] Dowd, M.
, ; McDonald, J.
, ; & Schuh, J. 
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston: Addison-Wesley, 2006. See 
http://taossa.com for updates and errata.
...
[Feather 1997] Feather, Clive, D. W. 
Solving the struct Hack Problem. JTC1/SC22/WG14 N791. 
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n791.htm (1997).
 [Finlay 2003] Finlay, Ian A. CERT Advisory CA-2003-16, 
Buffer Overflow in Microsoft RPC. CERT/CC, July 2003.
 [Fisher 1999] Fisher, 
David, David & Lipson, Howard. "Emergent Algorithms—A New Method for Enhancing Survivability in Unbounded Systems." 
Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5–8, 1999.
...
 [Garfinkel 1996] Garfinkel, 
Simson, Simson & Spafford, Gene. 
Practical UNIX & Internet Security, 2nd ed. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).
[GCC Bugs] GCC Team. 
GCC Bugs. 
Copyright © Free Software Foundation, Inc. http://gcc.gnu.org/bugs/#nonbugs_c (n.d.). [GNU 2010] GNU. 
Coding Standards. GNU, 2010.
...
 [Goodin 2009] 
Goodin, Dan
 Goodin. 
Clever Attack Exploits Fully-Patched Linux Kernel. 
The Register, July 2009.
 [Gough 2005] Gough, Brian J. 
An Introduction to GCC. Network Theory Ltd
., Revised August 2005 (ISBN 0-9541617-9-3).
 [Graff 2003] Graff, Mark G. 
, & Van Wyk, Kenneth R. 
Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
...
 [Henricson 1992] Henricson, Mats 
, & Nyquist, Erik. 
Programming in C++, Rules and Recommendations. Ellemtel Telecommunication Systems Laboratories, 1992.
...
 [Howard 2002] Howard, Michael 
, & LeBlanc, David C. 
Writing Secure Code, 2nd ed. Redmond, WA: Microsoft Press, 2002.
 [HP 2003] 
Hewlett-Packard Company. Tru64 UNIX: Protecting Your System against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January 2003.
...
| Anchor | 
|---|
| |  | IEEE Std 610.12 1990 | 
|---|
 |  | IEEE Std 610.12 1990 | 
|---|
 | 
 [IEEE Std 610.12 1990] IEEE. 
IEEE Standard Glossary of Software Engineering Terminology.
 http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=159342  (1990).
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2004 | 
|---|
 |  | IEEE Std 1003.1-2004 | 
|---|
 | 
 [IEEE Std 1003.1:2004] IEEE and The Open Group. 
The Open Group Base Specifications Issue 6 (IEEE Std 1003.1), 2004 Edition. 
(See also 
ISO/IEC 9945-2004 and 
Open Group 04.
)| Anchor | 
|---|
| |  | IEEE Std 1003.1 | 
|---|
 |  | IEEE Std 1003.1 | 
|---|
 | 
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2008 | 
|---|
 |  | IEEE Std 1003.1-2008 | 
|---|
 | 
 [IEEE Std 1003.1:2008] IEEE and The Open Group. 
The Open Group Base Specifications Issue 7 (IEEE Std 1003.1), 2008 Edition. See also 
ISO/IEC 9945-2008 and 
Open Group 2008.
...