Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="148ad36c95cba5fe-c27c570c-42b0413d-bbe3b5f2-ecfb8686b6213fc2eccfa89f"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3118053939dd9f53-0e711067-4e5b4a9e-89a28e6e-543a023b179479709e98e501"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac759779b97c6611-322f563b-441e480a-b906bf62-2bdd5151afc3fc0c25b2efe1"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="176a9a96cc4f0c65-5dca6eb0-415f4603-a92c94e4-e7e5c7749fbd75aac51a283d"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="412f465b26e3b58a-57558f12-46174590-bac69f71-c61686f1ea0d65368c611d1c"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8f4cbcf7441f42b-e6918bd9-4b734c07-8d9d8cdb-05c28fa0863f5f0ade9ff4b9"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>
\[Black 07\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf]

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93d3b80729ead485-158258f9-4e4b45b5-bda2a137-aea03023c46b8c43c8b019b4"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro>
\[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38e74cc72014948e-003b10de-49ef4df7-91558281-ba8fff222dab41bc15b1de4b"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2a061153a3951f6-cb9dc925-47e449fa-af748396-765e93fe3cc3cd32e4f7c5b3"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4876da9c0a002490-9cc5aedd-4c49415f-8eb294ec-bfe1acaac59983ebabbaa703"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9afba8d7d9209759-b2bb2dde-48b7449d-b0e880ef-a987775e2ee68cef89dc9caf"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="196748dcad5a8362-2cb4e0aa-40b64fdc-814db5b7-583546962b454c364557b5ee"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8de426e6831460fe-458d7b2c-494f4da7-a2a9af55-2a7d83eb490f51a2c40a4852"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e6af9c7e29c25115-6f599309-4a644c0f-bc78a29f-556699219aa1385a812ef437"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro>
\[Chen 02\]&nbsp; Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44e9c35bfb80b14b-868ce35b-46384034-85129063-250f4e20db86d767229f706c"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d1b041af672fa0b-fe8d151d-46f04bc0-a1dd9400-d062ab39aaac254292869140"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba44c19697943dd8-3e4d21ab-4c2846a4-b4dbbb33-a9778afaf04171bebafd4f32"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro>
\[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7bf8fe7ac6e7e85b-18018fc7-4a6b4f64-ba0bb854-8cb55b3376306f1586f23d56"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro>
\[C+\+ Reference\] [Standard C Library, General C\++, C++   Standard Template Library|http://www.cppreference.com/]

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="951f077d57ccd2b0-0565e689-4d664126-8a009cab-f44ac76e378c60ff72bb7c77"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c68356d27207202a-70935f24-4a984e1c-b67e85f8-09363203455df32961a97a8b"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="459104311ba928e4-2f69478d-4f1344e6-aa629dcc-f7e97b7f9f16984edad51b81"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="146fcec1c30cd945-b6a1c17b-44774ed1-b1a2be25-a3b15d383e6f053928288918"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro>
\[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb27beabfc5c3159-2eed033a-4f314193-b394a7af-5881ea961c565ae4f1190aa8"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro>
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="511c8d1e4301a3ed-c580cd15-40c14f4b-ac7a9d62-f5c1d5f6c47ce74ce23bcd21"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="346442cab6385fcc-0189438a-4b7e435d-8652aca0-ee36b50baa2bf9d65a560b9c"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80d43120fa43f401-50b8eb02-49704ae6-a84c95e4-006cbee31f13340ed67b4ba0"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c09f771bb815752a-2109d20b-49214b72-baefa223-263578b5ff60d2958307f86c"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro>
\[ECTC 98\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e114136d73192f40-81397428-463e454a-9e26a81d-2a7cd3264d18edb38e565e67"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro>
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J.  2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2fed80b8c95a5f6d-5f3f0a7d-4d584e25-b648942e-77e782c016fa631194fefd80"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27490bbdf08a69ec-30ea1454-4a1c4bec-b0ce83d0-087f55a6950b2959bb42d9de"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 99\] Fisher, David  & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db17c8ed91160eda-f73fd050-4d764014-919f8712-64b9c7feeb4e3b3f506bc7b4"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro>
\[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="420c64610afaa7e6-142fada1-4e3a4331-b6babf2b-566e998dc06e127dcb9de132"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="97a225c47bb3dfbb-b480a153-4b6149ca-b61db8a9-8b8c51e30cd192ff5261f391"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da11b355305240a3-fa68020c-4cd54372-8e7a854b-9a78eb9d6fcde63537436c56"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e177f96b115e8163-98167d0a-47ec4e84-85b89b6d-faebaf5f484d35629746775b"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbdfd36dd4bed2da-7797e3cb-448049f0-b248bd94-c1c5c7f9666a3660f2d68df3"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d2aa07acfd4cbdc-2cb54f63-45f84332-923cb27d-28cf14e9cd16ae3dc830c31f"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro>
\[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae0a6a40bf2428da-a61410c8-40c74ae8-b82a8259-c196db8160dc167073aef67c"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro>
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa92299cd173b60c-79b33b00-4c5c4173-8827b161-188dc0aed9e64b4eef85e911"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e891a3f34548c4f-7f143a5b-49d5407d-b66dbc39-48795c16dfa92f765820aabe"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro>
\[Greenman 97\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfea4170c86fbba4-7c2fc8d5-4db74bd5-8f88b34a-ccdf095a493ad89b163c1789"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f8e0c6a290ac193-b3ac314f-4fd94ec0-ab8ab4cf-ebb89c09220048f81adaaaa3"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro>
\[Gutmann 96\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="972e84fe20d6e820-c24dc2f6-4139449d-bfcbae7e-7b5b535a7dab25db93d72e30"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6675ab626c81572a-88ea97d9-4f4d46fa-baa6be18-bd6e1852216937aa9a2f1b5b"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e3a8857a3a58c828-7478b695-47c44dbd-8b289bbd-0569e81406d56cfbb1199b81"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro>
\[Hatton 03\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf]. November 5, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3e0bd17606c5e9f-17ae88bf-49394948-b456914f-546fcc1f0baf9fd043095f74"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dbd46127ad7eaa6e-169b9292-4dd840f6-a56bb0ed-a67f2babcab330be0a2e5f7d"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8a92e70e7afe5a65-97a4bc2a-419544c7-86ea8e62-9c212d9a3c74a396fc59b5d8"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a9fad288c4ed018-ff96f1c7-45304641-86cd82f3-3ee89ff1cc9df6aea2ea5289"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7d1ff7fb13050aa-1e280da9-4a8b407f-9664a595-b6a89481d25521b2e5c93863"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c57c752ac485106e-7dd63796-458d47d0-871283a7-bb7ec3011b5792d556b1d33a"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3633b1ed18f165a8-eb5e6072-4ba448fc-84de86b1-40d0eae6dbe90ec3a5cd4a22"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89ca9de8ba4c5307-d5bf362e-421a4d64-9dae9256-268692a923be4be199f58e7f"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a0f0ad3bef25949-bcb8970a-4d3a4ead-8321af55-4b41902bcf27ec91f510a191"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[IEEE 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4a376c9a5d76f74-f4010eab-45194ab6-a43789a9-f1477c64444868481b94e9b6"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a9bd043eaf7e110e-5ae2eebf-4ab8423e-827bb419-41075b2d30436b2b10d07126"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0a3de8caa8c2fbb-d08bda8d-4d144aba-aead8f26-b308f97f02b946f1304ce028"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0029e6526f55f3e-aa9f6b8f-4f7c427a-8d0eb0e1-0db3163a4962a729307766ec"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="927ac9595e032d97-1c8db44c-4cc94490-94c0bbd4-ea2dfc2102897b4607bd4539"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ca5ad83da2c8ac3-de52769e-476e4f3c-b8b192dc-648110e41c2b6142e91852ee"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ced49c19f9cd1a8b-ab0eeb75-463d4a02-bd3dac79-941402f676dd2d2238478535"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="66d1595ef49e0ed6-385f8675-458140fa-b575ba6d-7dd606bea08eb6abdeb3da54"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc928ea0f1e48f01-884faadb-4ba540fc-96f6a18e-fd34e240a1f313ae33931fb3"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro>
\[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24569565a0f0abac-37ecc318-46c04b21-8e3d8bac-af38e7a898ad77c49889c4cc"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd1515c598cadbb0-b60ff79c-4a794f1b-b4889bde-5aee33daaae5a761863a7a23"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="360eec4abe236ecc-c54f6e44-4bd04681-b9a690c7-547d6802f5a59d2b779b85b2"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro>
\[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b12ccae54d6fcdd5-5b506e19-45cd4f38-b082acb1-be7916381890de541991404d"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2cfdfa05cb967c7-de5a0aaf-4be14319-8a698e6d-818790748119f97356e591c1"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0134/n0134.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0e6766e6d131c2f-3d63926b-40d045fb-83bf829a-1b5bd08cf6bcd70cbbb3ffff"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c5112c8d4753a0f-47afc72c-49724e87-920ebb6c-3b2de801fa0836dac733c984"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec175122615c8627-e06a9d94-485f42b0-b95d9949-28100ea8ee0e205e1f9492f1"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2c86b0c44b96b98c-43f74d0a-44ff446b-a5d8ac9c-eadf30b4d5c84c3d52c69c8e"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2389f7bec311cc61-b6807346-4e9849e0-9d8c8f13-3ef549d1c0ce0df1fc9ef2c5"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro>
\[Jones 09\] Jones, Larry. [WG14 N1401 Committee Draft ISO/IEC 9899:201x|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1401.pdf]. September 28, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03f86522791ec728-1cd3e8e4-442c4456-bf47bf1e-760bc4781fc8250deeb75a16"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro>
\[Keaton 09\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e83e4f69d68f7c3-784abe15-4cb64cd9-a477af6e-01475979654f56414f7678bd"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7df1f7db7b1a879-c778e51c-450e4b14-bacb969b-7c920c49c35380f78c67a1b0"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ec7c680d329c7af-89d8b826-46144062-a6adba99-17e09de0e2a3346c76bcb763"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d15e2d420d599fdc-2ebc1d85-459b4b15-a0599a2f-dd311f8a819544ae03de26d2"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="48b2971710d0b7d8-5162f54f-452b4ac2-9136bf4d-3a023a1fd42d670fceb7d084"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0093717043cdffb8-82f2f49b-4ddb4157-b9119cc1-36f2c69f643e3c9981e2d7e3"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4641155cb7a35191-5baf73bb-40a84d0d-8a7b9e16-26319cfcc2ade97ef6e0f0b7"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78cdb2260cd55cde-83e14654-43db47cd-95abbeb4-c9b34f8026d6cb2eddb2aa4e"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a336ed5257e8a85-8c0ab108-46cd4547-ae4aa9bd-924506a0193829ee1f8662b5"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\] Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8f0e1a800d6cdd1f-be2462da-42254991-a5ca848c-6126a4bcdb6fe41740ecbfd0"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c38edaeaf968e8d-7e4583ea-483a4ef8-84a1b42c-462550496583cc52ef939cce"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a101fe0d00d733f5-18b40b90-48dc41f2-96d7b9f2-eb50f724da1bf7aa879f550b"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro>
\[Lewis 06\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="509cc0dd4d2c366c-62098f50-4b434e70-95799862-57c0d95a9ee7838498c7302c"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro>
\[Linux 08\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7e6fafb102ab4c1-01b1694e-439c486b-a8f2b764-a031a37761a76b1694de3dc5"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e7ea97efe0e60566-869673f1-426c445c-a7a880b8-9d88c0becd5e1599e2192f9d"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 00\] Lipson, Howard  & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7d99e98e980aa78-e1704acf-446b4354-ab629c5e-ae679cdfcfca51871f1df8d7"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).&nbsp; Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0057a6575f3b015-d541c0aa-43184492-851cb38a-bdd19a5e47095d93fa908823"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro>
\[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3f9b315c0d2dc11-9d0a8d80-43af4526-8f808307-626379ed9b3992740b664ce6"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b92075cab4d61799-a3c44c3a-42054229-b19daa9c-b3c43acbd776dca9a555b4c9"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11,  September 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81309234eb152e29-bc23770b-4596483a-8595b143-01038ba248b2decfe8b928f4"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9054b87c56ca1e4-eb497d30-452e4c78-a330adba-0f87148b04e9aadf50eb7801"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro>
\[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eae637e412af54f0-3dc42d37-4e43432a-bb319779-fdd57e757a1af30ba43d0e1b"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a827d8b88437487f-fdacaa3c-480a4327-9f55b1cd-ba9d41fbda2f38b01913a556"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro>
\[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="340b83dadd7155f1-868f4774-47d24344-a5658cf7-afe4415c1eca5bf5a9bd6d81"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="490529cdb16edcec-af417903-493a4fc2-b3c4a0c5-3cb2e961ab9038614f66da1f"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a69c9986324d21d-bf5183ad-47a34324-8078a4ef-ff525433fb37f7567bdb3032"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro>
\[Miller 99\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e75fc02923f46e2-201e9936-448240c1-a73a98cd-abef55fe0617fc0a584378da"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3ce3dd8b012b000-879cf78c-42164f9b-a3d4a564-94f9fe93ee34e5868b41ebf3"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a75e30409485825-f51a0754-442348d1-9bc1a798-2eab9eb3340f853ce5fa8fdd"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>
\[MISRA 08\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8020a9728a9a7fd2-c07ccd69-4b544617-b119b2c4-a0a2be5e57a96bbf621287d8"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro>
\[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7088e3c98d642a68-009ec251-43134c7e-90758ad9-7eaad51afb268845f4c9b716"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15929a65d8c5f700-d1ba9a2f-4c874a2d-820e8e0c-d5bd8a089ad8b2bfd525e9c8"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c1b1f89ad97aa047-75818db6-4f4b4672-a1778686-8dd40e7c04879b433eec3f76"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41962e54cb52d5fe-2ef756a0-4e83468d-ac9c8d6a-729d6a6230e16e1facdb7585"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5954272a30348163-246a6e33-4ada4366-92ccbb45-40a23663083c8c7283ed7f6c"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98b47b606acce668-b322e27e-445f4c3b-977f8407-c50bfb16a445ac034aee340c"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55efeb33312211e4-be0dd584-44cd4ad1-89e8894a-cf3fba3bfc44bb7f7633b8bf"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37a48535ab76c9f6-49003cc4-4b0c4c05-b2f38fcd-6aa46ddf0d5af7d82b83df32"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro>
\[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="462608961c25c079-c4e0925e-49684032-aa029845-45dc8efe96a5d368855a4cca"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro>
\[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29b871075113a06a-df5cb38d-45db4182-82939fac-f198c8cceb4e1e84362a9ee6"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="add38f1a89bbb0c2-27cf13fe-4fdc4738-a2e98836-39d0909930e3b34f4faf36cd"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c764a2b301525125-62181805-49ab4b31-b374a8f0-237ed32930b546ae120c4d95"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6f5415991734b5d-df26fc8e-49c4495f-b6cba0c5-45b4873a8dd660e9711dedb7"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="be7c855c48ae1321-a27e4712-42284b44-8ede9e09-3d88771ce1ed34bbaede0e7b"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31998b141996051a-a9b5ed16-4f6b4796-bb6f9318-3b0ede4b8eb1db24f21f29be"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro>
\[Pfaff 04\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad9f833d22f0a5ee-3195dfe2-40ef4799-94e5a0e3-f79a1f6a4678c97e9bbcfb7e"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27585af6f3d94c1f-ba683a06-47ac4caa-98d5b8a8-0cb66ef35d1e6882bae8274e"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc70b429f58d9788-c0069c12-480647c9-8f35a821-481ca39509f981c157b07b83"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eeb1b1d8eff37c24-b6586024-4d604cab-be929a23-72a7ff0cdc99ce06067ff4b4"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69c2648a71687d8e-4bd04924-463a4b32-9140888a-6c207dddb754eebaf5b8db87"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="177dc368a493c955-1b8ebcf4-46b848c0-931196a0-53dd437895ce55fea8535367"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro>
\[Plum 08\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf]

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d0b767fbef4e453b-e2e0c596-48f348e9-8e748611-eb67b79ecf8fa24a7e9cca06"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3dd1c727e5511f3-9a31b669-4260427d-ba02bba5-a7011be72e0cd8a41c24fbd4"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5b3ab70514edcf2c-5c0f5df9-4f304353-86da8639-b3cbd55f6289a18cad012f28"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro>
\[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a2e8b67789f6645-9dd83477-44d04baa-bf8393cb-81e1eb5810f104cd68a63847"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro>
\[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aea11cfb3655a08b-551125f9-4fcc4480-9cfe8bb1-732b189d99c312b195ab8fa3"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c8e1cf71c7a814a-3f7bea14-4aba4d64-a3829cf1-ff8164c2ffaf7eb8c1f33364"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro>
\[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d2f6c1cd24fc0ff-b634f14e-49ae4a80-826f80d0-6f6f3db56e1322a305038c7f"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d8002c65ca28420-e0fdfeaa-45a44ed0-a8cfb477-8fb097db678c255ad49156a2"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e23b980bb5e8187-295b37fc-4f10470f-96fcbdf5-8c6f4dddcb46571a5616ae0b"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b16d20665975ecb3-c6b6b960-458947c7-9bd3ad00-64da3e11857bebd9bb02eb9f"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b511b61ddd41070-898a9344-417a4639-aba49f26-e6c8f43e97283eead4626f80"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro>
\[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="97a01c78303aa83a-74f11eda-41e44b1e-a0b18c57-db07631f84399c15a8a4bbfa"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3aeea2b6b5aee5ac-2e6438d7-4d474e2e-84f286bc-59167f371c525795da675121"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d4d174e952d4fab-1160c872-46cc408a-935dbdcd-97453187794c85aad5749d13"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfce736b69a03c87-8fa3be92-4dbd40e0-a6159a49-2971d7851aff913ff2fbae23"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79a9bc3fad4520b7-7ec5878b-41fe4025-ba09b367-a916c1909d6215d0693d319b"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cacf06775a8f4ca1-82870ca2-454e4cf5-ab618fce-4a476aae6952ae3752df2c24"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89c9f3d66ef6a744-5732a829-433948ff-a51da6b8-0eb7b40ec1d7e9d145e0c022"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9310b314922aae16-251192c3-415b4df5-82b3a1ee-82718ec8b953e740b69346b3"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_,  November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47158b30281760cb-276597dd-48af40eb-bd099e10-f2965429a597fe2493feafc9"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fdbb02ea2dab2d18-c4b6830f-4cd44608-835d9ac6-4dcf0c93b291bc005857e9b0"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6d432420f91ef09-47917929-4b85411a-bf70b1e6-38ba33440b586347efda420c"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro>
\[SecuriTeam 07\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87750b753472b71f-67bc60ad-45f24183-977da4d0-d326015751efebd312f80cea"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffcda58863af7bfc-fa2fe4df-4c8e4a9a-9001b56e-3f47531f6c5c4eb1acc4ccf7"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8bd0acaacba06f78-c78c0e1f-490f44d3-b718963e-9b14c48750ae82422eda82cf"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc4255ce5770981c-e8d84e83-4c6a4d04-ab8c9e5f-eef0a5c31b197eeed78d975d"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54593904358e51c5-41b55dc4-40b245b5-afbca02c-3e820cf678d3c0e741970ed8"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6b9a3fa90e24dff-3f9cd7b5-43b5492f-b623991b-116b25171e7e9bf21b0e308f"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="418c81073c8d930d-341c10b8-42ff4f46-947ca1de-9241896b2d9d73fc03144a16"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d69b54844b8fc6f-c36f75eb-479642ab-8da8831f-3b209627ac3443503d1970eb"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>
\[Sutter 04\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58bfc1d2d12f66f6-4860329f-474f459f-b4bdaf1f-296ce9eef442208f9f506cdf"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro>
\[Tsafrir 08\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12c26f98f6cc9782-ef6063fc-42534649-85548e1d-3fee835145640921f8772d9e"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro>
\[Unicode 06\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2770fef2572346df-33c42f7a-40da4e9e-a3998e6a-10db480601b33b97e501d653"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb9ffe68dc28d967-85adc661-44ca40cb-bad1be84-da7717300eb150ebf9373874"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro>
\[van Sprundel 06\] van Sprundel, Ilja. [Unusualbugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006.&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba9dc9ae5c37c05d-441b803e-45514a42-8112831b-84a512923c35f4ecf59dcdb1"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro>
\[Viega 01\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff7898efcbe31b36-10d3edd3-419d45bd-8d568544-c16e5086421b9d66940ff634"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0909e552ef8aea7c-fbfe0963-44e7462e-939aa20c-44921c7d2a310be74bd07486"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99dd694613720ee0-af91f273-4e994703-8d89ae24-be3e52b6e71618776585877d"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro>
\[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f82b8d624a07a71a-b122fdd9-47654c66-83e999fd-a7bb3267b5ad49737fa89480"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9f0c6387f60e8ff-c0cb4323-4b8e4992-ae3d9ab8-1322640ad56c10e89c59daac"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebddbf1d11096a2a-5b108d76-4f7648a0-baa8b442-c912c3eeae51373dab3f0728"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ec820d75e3f1f8a-cd835109-4d71453e-a7779c35-9020785d4ba3a34a7cdb6cf6"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c0c86757361e6c6-829a8b8c-47a44cba-84c78f86-7275839f8e4d089e5356a2e9"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4bdfbf6165546904-546b3313-40014cc5-85bebe1f-c373cfdff7bcf0af698c4246"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d19f5fb5df1729e-c8c91081-48234651-8ace8466-6e88a5242d9d5a2e4a1e9a79"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d240125879be12b-af5ae7bb-48744371-a1f2856c-e248a13c971888124a05be3d"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd012c70c093f572-75b955e9-4511460d-95a790fe-37c236121fc13c1c9ded7f13"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro>
\[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d79733fd2f0425b-abd7ffd4-47934a20-8e1e8f7a-ede59a5b64509d83b4e6ab79"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a477c17f049b28d-d39178cc-4f9d4483-bf2b95dd-8765d0ff10535af6d0b49b6e"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro>
\[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36e4f3db88155b3e-506c724e-49934193-b34798b4-5c09a4463d1cec4eeadfb85e"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro>
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a669d42a0a0a344a-8db98a45-4998447c-a4538bfb-5660d61e1b5b2e51058f911f"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e574b275a7fdb6d-a605db1d-401942e0-88548ea9-9e02ed01ccfee4d6f6070fe8"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3408fb57-9d80-4fa2-9caf-0f47d3828039"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro>
\[WG14/N1396\] Thomas, J., Tydeman, F.  "[Wide function return values|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1396.htm]", September 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="922ba50c7c9e7230-c0e4a32a-40df4c72-bee5bcd6-69e9a646d761df2a91199b5b"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e82bb12a33e8173-add7b841-4b4d4e9c-b2f88c99-e36aa3332f89585bf9b8c1a0"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f1de4d13f830052-a48b9c71-438d4eaa-9802b703-4ac02bf6a39098b56e3e80e5"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>
\[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44a022f349b2a83f-3f85cfc6-4b88413a-9a59810a-127ea083ae44d32819d9ae90"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2d1bca32b13f117-f8697bde-4f8a420d-825aabd7-4f48f91f637cfe209773cf8a"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.