SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 261

changes.mady.by.user Ron Bandes

Saved on

compared with

New Version 262

changes.mady.by.user Ron Bandes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d46c701a5a3c1e7-1ccbf411-491c4ae7-97e1ae94-2ddc5ac9b2a6382f31dd355e"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1cbdef8d9f5b0d4a-d0c296c2-47444797-88f78f2b-d3ddf5e987355111c007afa8"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27c2cceb3bf28ea3-8de1e4d2-43c8443c-b8ceaf38-709d34bcf4f754e3fe9cbb33"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="77243aa52a6143eb-c277482b-42c44fb2-ab94accd-f260d6d75c4b0839dc46eae1"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="813acf6fdc3b7f3d-bb1b6325-4710417f-8d8c8890-130ffc8cf7857fe97c127a6b"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ad4e75379bcc651-94f719c6-49f34f0f-bac1a944-4168eb9f8b046e52129ad505"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
\[Black 07\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c2e7400aca94e0dd-80f6fbce-4e4f413f-b72eb7e3-219d10c695bddee95ebf37a8"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ddc7bf88403f66a9-8e174ace-42844cbd-b337b87d-c0cb0e4433eae3b6812d51df"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="17248edda2e7429d-13e2eb1a-4eed4c41-b5af9fbf-317b58230af858ce5908c42d"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8439489e79e5e8ae-c9dfa9fe-407049d9-ae0f8bf9-3894ecea9a7d1dd098736dab"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6da9a1d411ecf914-f8580c20-4ee04601-87a6bfbf-e95f2bb585d4359a83fd762f"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4213a753d6447fc-219c75b3-46ab4292-bee1b408-94e9778c4431a80b16065df9"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4fcde01c1286872-ce69d311-40d14f72-ab839a0e-0e96c5c6c964a1776cf74111"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cdfaf768154e6507-c7fb8f3e-4ce847cf-ac7c9b9a-0099e6446aace8903fc42775"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 02\]&nbsp; Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb949dc43f472e03-da59b8c7-48ca41da-918081b0-a03f6f60c115dcb94054986f"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8e5acdb2a5152b2-d7801b86-46ea4558-aef3bb30-89931f6d0157a22c7d9cac3b"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b2b5a6bcbe114c5-10152698-48114558-8bc49cd4-c9955f1210e4ddd6f1b9b4b8"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d6106d5c4a3caf02-c11a955b-4c184ffd-9b7e9162-ae5ff8acd653b40557fbc15e"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C\++, C++   Standard Template Library|http://www.cppreference.com/]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efd20b77aada77e8-be38e3f2-479f48bf-a36cb788-3314e2a30ec4586f429c0305"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed3d37093a24b216-c91a77db-48ec492d-aa56bc06-f3da6444d1fd3637c74e0473"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c1175dcfbe0ff75e-08b3c8a5-45314097-8366b7e5-7b18f84b15bd3e04cbed9c17"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c24bd21e6b4fdeb4-ff9fc7f5-4b744463-aed2bf60-1472f3792bc80367f6856b32"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
\[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="115856b0b2993c0c-131a96f1-4b024ce3-aea2afe6-58c78023a52ac229ef7e6d1b"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f64c56ef5d0f5a47-81dafaf7-45034a8e-b7f595a3-c23d9bc31f15558d8068b2b3"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51b95f6ea2bf1b8b-546c38f7-4d654e09-a8dcabbe-7458b5021d5d50a12d532ce7"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64276590e0e1890b-2c712c02-468a4077-b73f9faa-ebf9121b67240d7607601639"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="460c7de14fe5d684-3035f8b5-452a49e2-913384ff-61dbf024e9cfe12eaf148948"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
\[ECTC 98\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e45308d031a9c50d-069c1ce0-43ef4a63-995798b1-4f020ef9c5b0d2ad76081e29"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J.  2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b75c70cd7c10e898-97df6db5-4c464ae3-a2d6a400-596c929bd2e0c3839116c6bf"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da987844936b3e92-d79658f3-42544346-b828b377-081cddc25d6cd63c9d7621fc"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 99\] Fisher, David  & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46bc8e9ceeda083b-729d08d7-498948f0-9a87b77d-c6ebb6d945a5df9f1ce02974"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d83e2597b7e383f-183438ee-4a584b15-a745ac64-7787ada6c20538d9fe83c737"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0e8c98fea0f208c-8d7421e1-46754f22-a9fdb73c-0bd1488180180bfab3b5e900"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d9a4aaee6a819a9-7fa70f27-4f294a2b-975fb1f2-9bb4f9310a99036daaf17c18"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56828aaac3222d0e-6760a3fd-4e7c4c6e-9e39a903-d75edceb0e8e9a2038295299"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0ecea05b6e50be0-3898f22d-48dd485c-8c71a2c4-1e9148d94d64d53624a99e71"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25ce7ea457d2c334-558d7051-4eb741dc-b8728595-b84c43ff30b2cff001280624"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
\[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf16bc848c2002e6-8b819141-439c4339-9cbb90dc-33562d79175873eb30317eef"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ec35344bb3fc0e4-89c6af42-449e4a1a-9c3dbd43-ff3ccd754cea94b79ae67799"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4b91c6640da3087-62668387-43c34c24-b3d1a2ee-0dbaf7a66caaf71ee1f6aa1f"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 97\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c1fcfc78bbe333e-7fc82d35-481f4816-bbb89d07-d9ce078cb7abfd0b25971913"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45eb622a31635699-dfc6f165-446d4457-84eb8bdd-05a8f2d59535c4e724827e7d"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
\[Gutmann 96\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d6e6d81cb8640f1-149ffccb-46fb4a24-bc8c883a-122b9a66fedd9c9ec604bbf2"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4f0c6cca484dbeb2-59605b8a-48774a7d-be3eb7e9-352ee670726b11616ca0ab9e"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="309b0aff-c3ed-459b-aaa3-96a25759f973"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>[|Hatton 03]\[Hatton 03\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf] . November 5,
AnchorHatton 03Hatton 03Hatton 03 Hatton, Les.EC—: A measurement based safer subset of ISO C suitable for embedded system development. November 5, 
2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="443db5309e9a2df7-a7bafe5a-42784582-b5ccbfb4-d5d664bd2fd91d0542d5d214"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51722ef29314e0a1-880bc26f-4ecc4b0b-8b8d914f-c1b8ca91142c1fd74abdf5c3"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a5a7b55fae7fe394-efbf617d-4a4e413c-a9e7b4fe-bbe9ece13ae82457ce51e04a"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40bb3a2d6bb97513-c8af454d-4c17495a-ba06894c-935124debac2c67e1e854946"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af4d722035b2deb3-0a370bd1-4abb4eae-8046af51-9372e34ee7a152876a355673"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b2d19142ef1c337-566e092e-45194bd4-aaa0af2a-24bc4fceba3b5a08b29b5fa2"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="748f6fc6bbc44d14-534af549-458347b2-9cd5b009-1fd8f3a1182cbdcb0a82a988"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="980abfcad0a6077e-4a7f2132-47194030-8c5487cc-cce07fd8fbf3826e3ed2069e"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1b6e331597b160f-2ce98111-49364563-b08d97fb-df4e5092d939503505e9ce35"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[IEEE 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ccbb5f84ae517b4c-b1a3f33a-46e84546-abefa8db-96cbe5584853c991e968d749"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8db6acb31bcf201f-821e5eea-4df342d5-998491ce-40cc1a9fbab36a09941c1fef"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a73c353511e245e-58ba8850-41464c79-8fd0b13b-1962479737cf9fc203192cac"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d0230948456b777-66d0e1e4-426e44cc-a230b05c-aabeda57f1cf1412bcc88aa7"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6f82e1bf6263620-21915114-43d94833-8fe9bdc7-b5d74382e0a04c0012ea1b22"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67fe584e0e047164-208e8cdd-430b47cd-ba109cb3-940874ad9344c2279ff7ea8c"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07a3a7674aebeef8-ba4cc5d0-4946407c-a9418639-80e7d2d9f580261ba7184b48"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f13ac5cfae82c9f-b6973873-4f6542de-867b8570-77b1ea03859375f37db4c651"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85dc276aca671e4a-2fd872a0-485e46f7-900bb95e-22eec95c59b5f8d1b1d1ce35"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a9537bfdbd4ee6a-3d305487-495f45a9-aade9269-dbaf310f31fff5ead45a4a43"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b55e207685e12468-f6376d21-428b48dd-9a1195c9-a0f0a65373aa5cd7a6edf76b"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa70fad40b702731-ae553d85-411b4259-ad92ad4d-326d9b093f1805af30c435e8"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a434ff02c6a511b-6a7798d8-4ed34141-80199db0-3969a395bdcee8f91c038955"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="204c4e37bae6fd86-d8f42e53-4d6a4568-985aa3f2-6d0e252b497ed891aac4bdd0"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0134/n0134.pdf], March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2ec190ef82de950-44202b7f-494f4d76-860d9174-7bfa4b91f018f5b926bd73b4"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="551ea9f4b15b195e-82fe36d5-464c47b0-8200b47b-bed352efb5610fb309e3b745"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2e9e3c4048f7695-98c66b5a-42dc44ed-a246bf81-2e4ae90a77406b23580a6ac4"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb03c693e5d1292d-95091656-4850423e-b59baae8-e22cc7f1601e59b5e5b9a4d6"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a610ebed07d64a44-1d79b0ec-40ce4c9a-a1e282f5-7005a728771f23acfbc864de"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
\[Keaton 09\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38f107fb8f0a5d38-d37010b1-400b4669-baeaac0c-af043b55275efcfd6eb9811e"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a18adfecd8aced1-d11157a7-4a894b1e-b6a0bec5-394f4f3df2456cb247ce01fe"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf86fe4572756204-914985c9-447d4534-94039ae5-009de995d2b004317cef6e29"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b73f45d4b08b2029-69bb227d-45e74a39-975dbbff-8ef478854e3fd6f9680204ad"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dbf61a66cf8b3f2a-961383d8-46b6440f-a6889db6-227b831e066d3178177483bc"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2feb068006da1751-b1b741e0-411a4a94-af4fa1ce-49e158f81393f9934306d191"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d54e523592fcea5-05997589-4d6c4022-ba87b2d7-5098df6f983951404bfec5e2"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d629a22d55e90220-790e161f-4a57440e-94e7bf04-0192a109e0702ea6f92c0fdb"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3abb9d41edb3aac-d30e5511-42774340-98c39fb6-552a34d802437509e367c613"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\] Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02bbafac50196e00-8ba38c63-41444d47-a433baff-80f054fe2810f10c7268ce6f"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab251fd885a3fd79-7f6cdbd8-4d2e4bbd-a0c1b90e-142eab7da6c44b638355a824"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f30910a30eab091-17e440bf-4c404471-88e38065-c51c44d14a806f0449625513"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
\[Lewis 06\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a0a026866733978-2636a3ab-4bb74282-be0595d1-88403034e458ef89932d6102"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
\[Linux 08\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7ea63edeb8eaac0-6e3af437-42174120-b7fab139-ae3e507123b3f92e3193a701"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cee15563c923e19a-2cb292ba-45d04c54-a3c4a5b6-cbfb8636cc532ef9133a9def"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 00\] Lipson, Howard  & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5debedcd229fc06-a1d485a4-4cbb4d6a-87948c66-79644d78b4e4632cce23967b"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).&nbsp; Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a71220e9fe05635-267d5f26-45234b37-84069164-0e10106d4ff0bd607581f823"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
\[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9044eb9ccb111c73-595566ff-40fc48e3-8e26bd2d-b89994db31745641517dbe61"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="622f55d8008674ec-57b91d4e-49e1492f-858ab4c5-3411d5ceb3ceafc2fcdf9d6c"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11,  September 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7054f08a7cbd17b0-901447e0-4b0f4dc6-bc80b80f-b942993106f3349cabc026fb"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="449fc4eda7aa1314-32b8ed28-45434524-8ec1a496-ed94c56d8da4cb33d8309675"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b52d7f2bae75a343-b606a5c9-42ba4e52-a6bc81a7-5c6dbc60949e2d2258261377"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd7ef9bf1375c085-01b0b65f-4f264d3b-b446bbbe-31d2bc277bf115d42a724219"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
\[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3adb3c3d82be9b79-352dd640-45af462f-96639452-ab4e691846ee17b5642c5e08"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08aec94747520ca0-27575516-400a4c76-ae4fa0e2-acbd56eabea274fac142c78a"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2569df7f016fef4b-918e55af-41004dd6-b1679e1c-7381bff31c62569166e698c9"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
\[Miller 99\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="85b767ea82078631-f7fbfca9-40cb4c62-bc0fbb74-fa44ca27ac361279b1014d57"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="808b6818d956373e-19bb548c-4c0a42e2-b19b82e8-5a9ecb02bc41eb3328b51582"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d90cd03101290df5-cc9e5fbc-4acd4844-b29f9f31-bcd3834067720f054309aad6"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
\[MISRA 08\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="30735d05f4f621cf-2009b458-4b1a4767-be19b8a5-2429ff66bb8f870021e8956b"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2fa5e182bd48a13-db5a7107-4e814e23-943b831e-00b0baba24581e298c052d2c"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="17f2f8351adcc661-a94bafc3-4c974d42-bffa9299-154b95557e23df8443e2c570"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="058718b9482bc41f-adeda28f-45bd4a40-8f7582dc-0cecc624648037326d83c9a3"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="407991e15f458f8c-2f62478e-48614437-a7aa8186-5636f707210d61f6a2e9b764"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83b80a52d5172313-4473c589-462445cf-a679b66e-2d2317e5bfe82fdcd80823cd"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3eb45185ade070a5-4537c68e-4c734348-95b9a9c3-fe53ea2c7c025b9558a5b000"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03a953aec71a4d57-1d8af20d-44074093-b7b9be1f-a1cc645672961d95c9c6e259"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f0b77d41d75c288-5cae4268-46dd4046-95fb9767-1585d1b6c1fe065dc2bf2678"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e49b5555dfefec7c-ae214d92-4d714dc7-95169626-6b495299d2109439bb7d841c"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8fd9857ac4df378b-008aa11d-45f147f4-af74a544-83c95879ebc9ea2bd50c8e4b"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffb47f15984b643b-219c23d1-4e844af3-9ba08ab2-1fcc208992d68a60e0a42c39"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e96f551a1726869-7e1f1c02-4f114715-b02c8e4e-56018caf777f784fe5a19255"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa4a016535f88148-25fafedc-4ab74a20-8ea69588-5b7e905d31f2d8a0cd233b46"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2357694a126bcaa-1b739628-46034901-89eeba39-92d772c8e85e57b3327e4897"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03fa2c04a978b3aa-8cfc4b42-42814415-ad0eb87a-a8386addada71c721642d3ed"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 04\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a46f27e5b233392-e330436f-49b84ae2-a582936c-af8484a5e271f6c21df74327"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d43007b2346d7c4-99474749-428148de-bf93a144-d5054d166151b6f19d86b781"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60cc684cba6209e0-2ce5f93d-407a4366-993095bb-2ebf1d626a83a7ce14bd377f"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb47bd863f48b515-58deb1d3-42854543-a84ba610-49942396c6d986c9c61d6ce7"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5679f7e08536361-19bd9c0a-465e49dc-a9daa5cb-6683813f2a0855e42ad87bcc"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99266d643795fde9-0b4404a7-48004c3b-a2fbb1d0-5fc1871b7aac02b6c98d59d6"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 08\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f645ff5539d657ff-83f581da-46434a84-854493ef-194c431f7421d0891a51c2b7"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b3ab0e9d95c8078-b6fcda44-4e52456f-970fb161-7762506626982393e8dfcc0c"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51c593ac3307144d-976b6f8e-446b4a58-b891b837-23716cd6054124eb717da423"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ffcef6590963ebe-694a605c-47014bb0-8dbe8ce8-017d86075e43c1d39a557d07"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e31faa71419f9867-84bc2148-4fca49bb-bf3389fd-b412ec7349cbe207bd62467e"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="556a669ef89e2b28-9b4bbe67-4974485b-aff0bdd1-9f0b426a82bc20f133c00d20"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a208b6df409f7b34-6b8328e1-4ad645cd-af6b825a-4bda9c5ad083fbc6eecd9b2d"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="908f187eec5b2188-75860ca7-4bcc4674-a7c8b389-80fa042fea21b70acfc2eacf"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f58bee5c0fac4f9-bb407535-49644906-b32185f6-b8d07c8ed88f643e7d624bd4"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1b9cd4c26708030-deb2d19c-49464573-bd86876c-81b96e2915bc4ef47cdd8769"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ffe207193c7ab90-1c47a34b-48b44002-a3d398c5-f7d51c38cc6fb1a8e819b4d5"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b30da6fda2816d52-4425e466-41af4af2-a2fb8818-9f53ebe681f50c5ff12d1db6"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="caa0d1b2dfd3d128-1a7cbe0c-4def441f-8590a84c-b941e4188ed1f0f36bc731e8"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3974b6753ac09e3-da534619-490a4814-8865b73d-031e5d96f37e35a55fd2c626"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="22dfafbabfd27c86-b72698d7-4b34474e-88c4a63b-1509020a4d4e993ca707ab5e"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83bd265bd54172dc-c8c5445a-435e43d3-b39d9468-2480e3c044f2f15b25b4da83"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="18f201531fc06705-729d15ff-4a5a4bd2-a43a8d6c-ac7dd95289e0e19d0c51853c"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d43b4cbdfdad16c-7ec47171-4e584796-901dac6a-7c7c0b77ae1e061b9d1e0dbb"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a5fc0e6253b222a-efcd0efc-4da5451c-bd4e9de8-5834e00e86cc75f1c8134c2c"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_,  November 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4a626f37f9c2861-3f3e1e29-4c264e46-be469ed6-42fd75b929491c1c5817eebf"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebd513c71be5cd50-e9d66e3e-4f5b49c1-91b18d72-a839866c10dd73e6f36bd8ef"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b103b94f7aba4ce9-e61c9687-43b445ac-81d0823f-06a7ae4b9adf04743927a63c"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 07\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="353b4148dc13ae1b-f718deaf-42c14b9d-941e96f9-4f0bcf40b14a7adaac89d1eb"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00170e2caeaf5832-b6de3f55-44374f3d-b65ca661-b10fccc0c6168a073bc39d42"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6cf2caf7516ce6b-b75977d0-4dfc446c-9d94af73-a9ad207267656c250b434c02"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9368d3ed92aec53-f518fa36-4c824370-b8a795f3-168c65493a0a4b2290b1c29c"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7305fdf8c9d58ac7-da5abbd2-467a450d-8138981f-58cd854acad47ac351c108a8"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f41eda545d7fb3b4-7e3fb3d0-4b0c4e58-b382914c-a348f28376bbe1491e63f0c0"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e8211804b88f3e3-eee58b48-446a4cee-b6329ea0-e72985e2e49936c7d60c6c2c"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5bfeeb0c4ffb98d4-587f38b0-4e284c99-95c7969c-edba3eabad9536ada9e5a060"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 04\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e6f368fb822c7ab-f2dfc6db-4b504850-927dacb8-4a522f5f63bcc8dffcec3cb1"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
\[Tsafrir 08\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b83ffad7c6329d7-b2b2ced7-4bcd468a-87e9a2b3-0f973948c4417326d0b71106"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
\[Unicode 06\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fed38124f7d198a4-6e747b7f-4ef443e5-87cfac10-5b23da6f76de975e6eba6318"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19aca42bfff1bea4-9ed7a8c8-4e964878-9850b22f-f604ac608bd04e0fb4f2ae05"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 06\] van Sprundel, Ilja. [Unusualbugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006.&nbsp;

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6cfd9c85849fed3f-fb242021-459f4e6f-917cb5e1-3748e9f8c793d96d910226dc"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
\[Viega 01\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de9f41012ba859c5-4d3df005-4f0d400a-9a49be77-23dfad78ee905cc049efedd4"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc06ae39d5c55776-845fc960-47ba4829-ad9abf92-c332728e81f68b16df29067e"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e86e35809df8b4f0-8a81808f-469f43e1-a82b955c-ab81fe7c5581308239fc0225"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5762d524f4096386-2718fb2d-4c7449cc-bc439b3e-80e5f7102a11d2d01b065c4d"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b7fced79d2c687a-306b2f3a-4aa4409e-9f8fb938-947acbb08814474ad814374f"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72530ae8d3bf5f08-5a87d4bd-40054326-8cae853c-2be90cccd6ac6dc43fcba455"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="67d03331b1c66148-58cad550-40564b90-b23fafee-1c1194d68e4ca2638d6197eb"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc4e008c4d10a2f8-bbc52f6a-4cfe4a7f-828093fe-1776193783af282e45bcdaf6"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aac720900554e04a-516ca151-4d3d4164-8f189a39-4cec3b0af1ed4aa23b6e215f"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15585e4e4ddf0e12-9b1b86dc-40af48a5-b9e882a2-7ef5a6fc17bd387b8076cb1c"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f85af7098f6459ba-6dbd5410-40e14e8e-ba8480e0-a9f8f4b30949a83e55e7834f"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15f8e988c06ec391-97bca41d-43364221-a2f38690-c3adf4a318b28a17f6dc7ee8"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2dbaf77a8637e60a-607f51ac-469f436d-b1c083b5-740cd709eb6842e9869a953d"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a71e552b2ec5ea5-5b5a3273-4ea64393-a6e99c3f-0689335941b2cfba0402fd3d"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa657a0cf0503bab-578d0c98-448c48b4-af8fa20c-973cf80a27b477a7955ea104"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0614486ccadbffe-24ff2458-41d24b99-b1cc9d6e-f499fd80d980350dec913bbb"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b082521e94a8b842-8d53aee0-4bc94fc8-85a28ec3-d44cfba700756922486dc147"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="50258401f395d7cc-01442864-4c2a486d-bb3fa1a1-2bc6a30871df23fa4dc6cbb9"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="699cd89c74184dfb-9a3f59e6-490c4ec5-a3beab92-ddc46aa2602646ac1014ac09"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="155940936ca63f08-b06f6c70-4dc14b66-b561975e-3cb4227646308a75a76a35c8"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e11af7f17af7002c-e013f7f9-47074e4e-9da7bc83-7d103c89ae7a5eb671448a6f"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
\[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="900032899671d638-8ba26736-4d5b4759-b737923d-6a6cbfd16a7af6ed180f5c44"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ba55a12fd13e771-8d7cce6b-4a77416d-93deb53c-9d00a9a75163468e8ddd5253"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.

...