Page History

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d7a779929c02353-438825b7-4ff14cac-9647b680-c0b31f5beec7c0de20bc8d97"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35c747dc2549c541-4313b7eb-4d034e0b-9cb2ba21-15d2725c72f944f4b94b0a28"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e663d00cd913743-8c3cd926-4982466f-a4da9e99-9e8c91d90bae270147552a79"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47e5301ffc0846c7-2fda59fa-4d6e4ab9-af0488e9-7832b603bce49fa7776dba08"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="871a7930b3211aa7-d4e396ac-4e7d42f5-ae5ebb08-6344ebb56a9c7f7648bcec7a"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d73a8cde6f586420-618338fc-45bc4d7f-b4f18fea-31344e4c401ec31e0b44abbe"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7475110871224c58-50e94104-4e2f46e7-a120b73c-b36c4dde502a30707e0384d8"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a2f2cb36d662b811-97be7b59-44434767-a801a71a-4e101c920ba095d2de7ef16c"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1204faf0ea92b297-ee7c134f-4dc3440b-ba899d28-1db643543bcccb08232ecf27"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="615e7210a4965768-11842439-40614314-a43f89d5-35c6c007fde92f47366bffd6"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a6e307d18a587e1-def07aa5-4ca44753-9e4ca5a4-09e7c4daebbc3b92d3dd09fc"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ca120dfd26918d3-1e4fa713-4db74e20-b615a806-61283b8ab7e6da1eea038522"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8865d50f0140b83-69c6ffc2-461a4020-9be2a5ee-8d7c5b487a6df015ed1a811d"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8f3beab12b16f0d3-5fbdabc5-44cf4168-acd481f6-b2cc8fbfee1cb73d07492ef7"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="940415b46bffe300-4b461554-40244241-a54f80fd-d9697da30124cb0c9fd05b3a"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d229497b8c5d58f-3c0fdf57-4bf4404e-ae2ebba7-250347630049944a357f44b9"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="86c7402ae12f3b47-369c97d3-4d4a45c1-b49c8778-e3aad58d6c1cc28cd02ff6a2"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ba2af45e9b9423f-738df745-4d504507-abb3b767-cd447de2f8ab7d0576163b4e"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="148e0f1897e74682-1700ee8e-46f14b29-9719a642-fa05f3ff755ccde86600654f"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a506ea491f482106-346cbabe-4e1b4027-a7ae84c4-06d1cf4b91af6f71f49b322d"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="446c460f3f09a88d-02dc57b4-47a04a24-a6a88ff3-6ca14ea566432f5932c9d732"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro>
\[Fisher 99\] David Fisher & Howard Lipson, "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems," Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5-8, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="844a2eb00db9b31b-fcf67206-4ed94f9e-a2c7902a-5c9b56239586e138a5b79166"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d22806e5121344a3-920b6f42-4d4144e6-a97998e8-96f4cfb2d53f39e7fff952f5"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c887fb2578b80a12-5793844b-49a64040-808db6c7-36a49ea23d43bfbd3944dd59"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="411bf97ed5b7fc15-0921d473-4f3247a9-a705ac11-7142ceed7caad77e8d7cb136"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11f1c8ac1f476237-f4555136-41d6470e-a220b5c8-2ee0ae480684d3c4fe057647"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="908bcaa39ea15345-9b1fbc09-4078493d-bb15b950-5a4bd6002be0836f07e6ac6b"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b0d3ac7732fbf1f0-73ac078d-4392498f-8789b115-5c697513e4238f0008b9013b"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27fb31e2c4f1150b-74a28162-44954f64-9ee0ae9f-18a5207df27f3d3b6c20fcf8"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b9ef675b1e0cc79-2969cf61-445d42b6-bfdd8cb3-380a4f5048da1bfacfa12681"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07f59105c306bd20-2788aaf2-4d0945a5-890bac5c-dc4b7d108b5e7ba561be5d3f"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="274d0b86422ffac8-f341fe1a-49194bf5-bcfca322-6c0604109eca76d6cf212b2f"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5706459b221ef6f7-8398a580-435147a2-b33c9170-9da7fe268b19eed907c96563"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael & LeBlanc, David C. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="313f8e676e8921ff-644ae9c5-48824f2f-82bd956e-589a1928463658d9cc9a29b4"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="151ad86a2510f6f1-414246f0-4f14428b-bf49a088-81fd405d7e34b5862eab2009"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="238d351f46baa706-c7c76a18-405d4b82-abc4be24-feba2c88075a02ed5eae3ba9"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e58f9232dfce1610-9bc8c23e-49894ce8-b9f38309-1551bcecf0cb906a77cfd706"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d09c30aaba89147-a08cbc8e-47d04452-a56e9187-0b9e5050dec4e35aeebbf581"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a69127e27fb63e18-9401ddd1-4cf24b5c-9781b9bd-38dc38fd81a1600eca3ba261"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b7cf6e62624d601-0a7ae85d-49c44156-9b0ea0b6-dff50e56ed0f8ba6b0f16771"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="260301f0c1a55e59-d34d2e92-4a444fa3-bbbd9ae3-adb0e5f16484a85916a7a4d3"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f23eec047c441a3-8e100840-4b98486b-abee85c8-5bb97b89a246091d31b2450a"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="186d593021ebc992-f7abbca2-44074867-937d9394-6a683f3525942145e8637158"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4448dee6b8bf8be0-e7912b72-4f0e4579-a395acdd-b191034ce2e10a25659f06fd"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="967a52fb6e414605-9f1bc4b6-449d4f3e-9de1bba4-c30ffe04ae1bea55f96b9754"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e76e64e2922ae92-b363d649-408b46ac-b356959f-2ccb943ecbbb356cc172537b"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1294a427dd20f292-9ae7c1f6-4b70419a-b99aba74-b3b44365ddfb8d3a3faba9ec"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3be1aa20c607f0c-7a23e86d-4623437b-854796f4-f43a7ab7ab7147184268176f"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df8360a3e5f4c025-eb8f3083-49f9496c-a609aa02-cd26ea625c5ed83f61d10254"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5274404d06702d2-3f2e7b98-42774432-b72194e3-0c77324284bf4d692f2b71af"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5288a7717b02635-16a73349-4d0e442e-9e06b576-cb8a1ed820254842efa5d5ea"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="62571b0fdf89d4e9-cba5495b-430943f4-a216a40e-4a8492bb427f9117971957e5"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Derek M. Jones. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software, Ltd, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="caa0f5a3549e86c8-b86b2daa-443f4b11-89218e66-126d7abe9efb24bd5b842de8"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8997f177adb0c76f-5b4ed395-479842e6-a5458b58-82d1e0493ddab55ca2d838be"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="546b5ed4b9d505e5-33b42b2a-4f724591-90e19760-798fd338c145b9a3b1e35d24"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d432f8fb733307e-0bbf7338-4eef4d1b-b3348def-7a71345936b812c1e4a38ab5"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3da636e4df9d494b-c0c9c7a7-4b534ed3-ae96a23b-c02c713375f33808a570b577"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="413cb0e446dcf2bd-546817c3-48294d14-9e9780e7-8cedc4e4b7cdd5f69c8f0f97"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  O'Reilly, November 2002 (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3573ae31abca1e44-f14da8d6-494a46a7-91a1b907-3ce5227f899bc5b01a77736b"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f5e9d3d207d565f-7435dd57-49e44f06-bf0fa62a-b747a5ae3b7b7e6d04a007c4"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f7f82a1bfae49de-0c17e320-478440c8-b22e807e-f9d90d7a3c2239b4a3b88e7f"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a17be03b46ca44c9-2212e9fb-42dd4816-8b06a9c7-4c5d955bd2c1b04abbedc117"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e4df1228dd718e8-62b3f59a-470b45b1-a2bfb93b-6057bd0b8fb6898a2b2b2b65"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29195dac46a85bf9-0b1316a8-452d4387-92e5b7f0-c7d20fc5428d6e0ed31d6273"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54c0796753fced54-8805beca-42024bcf-8393a86e-87bc186025f148d4a3755908"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff6011dec7f6db1e-6c48452e-43244723-ba9db742-39f849f38401dd9325a667c3"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro>
\[Lipson 00\] Howard Lipson & David Fisher. "Survivability—A New Technical and Business Perspective on Security," 33-39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a40d426b2ead768-adcee2cc-46994fca-9932a242-21b483ffaad2f85561408806"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro>
\[Lipson 06\] Howard Lipson, Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks, SEI Technical Note, CMU/SEI-2006-TN-027, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8dec50a4d0998bd2-ec23141b-4cf041fd-968a9809-7d18fa21ddb7c866ba3bad01"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f117c24fbc2c96ea-08da09ad-44c0416e-9007a9b8-d2a6199531a8e15a082d04d0"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11.  September 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e44730241da189f-ee5dfa03-4494439d-b6d8a467-2d7b61cf40c9c43bab68f81e"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9aa43a7cbee5872f-3e7795a5-410e4717-8cbf8968-1e05308cb3f5660dc2e7e15b"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="782542f393fa53db-0aa448d0-498247f8-ba9688e8-6a0d0aba675ef7228ec150af"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df01216feb53ab45-3f394442-4f844f0e-95598389-ee1bf27497452575e2e9d392"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ac37f88d172b7d3-111699f9-4d6444e0-afe593ce-85938e699fedd6bf1c710f31"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro>
\[Miller 04\] Mark C. Miller, James F. Reus, Robb P. Matzke, Quincey A. Koziol, Albert P. Cheng. [Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]. Proceedings of the Nuclear Explosives Code Developer's Conference. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb3f03657300a87f-c31c0a14-4ea0459d-ab678aaa-ec5143e316ecb7ab0a23d8b9"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="554daadd274a0831-dcbd8cd3-41d1470e-99b5a38c-e672fdba32e8a619e2161262"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60922ceb9ee85a46-7114c269-41dd4527-9d3facf3-62020ef91dcbc15d45f56786"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47adf327b854de62-88c00537-41044087-af88af95-bcd6ae8304ff23f759d9939f"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21ae07758620511d-24f64245-46f54a5a-83b7bbbd-7b0db82c00dcfcf0a318a4cc"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71f733fe6990834b-1a037db0-4b634d52-b85bbf41-af6c65c9e6f5dfd9229bb7c1"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f1e852075f6352d-0a5cdd83-42024639-aa359b5a-a5e4f33742a0171a6ad0b7e5"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95913d1450982678-390a79ee-449442a6-b3568b9e-9321e55dd1cc9588719b0a68"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="afa02783fe376e85-a3ecf68d-48f34927-adc3ab66-4390ba1af7b5a7f81ab28a9c"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a8d38ce5ba45507-40d57dec-4c7d4b18-9cd6b566-8ed9b09379a8e8c4151880ba"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="11317d273943caf9-91cb4513-48de4b64-bc46b87e-6894cf9b39afb06aec098459"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1dd15b5f6fa5a1d8-f6ab7c68-4d52448c-8be9a0da-f392c252c40ccbb61fe964ed"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3fe6944cd57cf097-78100afa-41374bc3-84afa7f8-3df117bfad998dd6e48d6548"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a6fcac2e2cb0701-e64264d0-4ad34036-9e4bbda9-29737e6997e48d29e521aa25"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81dc696ae8c4406c-2a27e607-42bb4d9e-968b8833-d33dd3044923fcbaeee53c41"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0abc014476506e4c-b2f8db1b-4c2f4387-8c02b976-20e1edf95293e4e90e8c2fa5"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Rob Pike, Ken Thompson. _Hello World_. USENIX Winter 1993 Technical Conference, San Diego, January 25-29, 1993, Proceedings, pp. 43-50.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f7f5f9fc91f8158-589f79ec-465f4b56-bb948672-aec54d92752f3c4cbdb006a2"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8264d9ac86255242-77d1fa14-40944145-ae05a16e-29a084d6b8c14e8eeeec7db0"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="faa926afb8ec4ca2-400cb663-4cd44dfb-87af8d59-5135d6fa3170af66b8e65b16"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d453f06d903d41e-02da4be2-4207404d-8bd5ba48-8e67bd8b14fdd2d3e764aa86"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9480dcd4e1b3ea9-a41c3f9f-4f3b4cd2-914e8195-f0a42f225ccfc76c32756109"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab64327ed668851c-eb82c5a6-4e524dde-9d3c881c-1878825e8319daff43b0eb89"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a99bcd45c580a0dc-bccb43db-4eaf4fd3-95428f78-906a957bf9bd12ab27a74ebe"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a985da17fa2796bf-573b5c6d-424d464c-97e99f38-e6cf3dfcdcba182fe0d54376"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5fc8371f3a4841b-eff260b9-42424c60-b89eb7f1-90a34d59e9e929dd21db6e8d"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c75a2513ad4c4d0-ba67093a-430f4b27-a96c824b-e2212eb804bb8cc6298f0870"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="22181b1e9d172c31-0636d6d1-4bb64199-818189b1-1c76dab14ad274eb7120e123"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc2cc0ef1b872ad3-12c51348-4dde4263-95999208-065e4ce59808dad4ab7b7fa3"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42aee8fa75a67c4b-3476e30b-4a6e42b7-b7c79fab-4be59c77d06e582e8fb1187e"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro>
\[Saks 07\] Dan Saks. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. Embedded Systems Design. March, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="549120af2843f454-24deac5e-405e4092-be3d98e0-ac1a12f69bd64efb6fcea974"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="844777ded5d37e4b-89d5fd5d-412a458d-b7d9b7c7-61cccb9cd785a592a0f64707"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dcf3b1373695eb11-846ad583-47564704-8e349212-ec010ca0c5e75048f961cf46"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a11d90e850b331cf-fa9e732f-43d74eff-b4cd9129-db6a00d994e28f213ea063d9"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="18c5d7c47b464cbd-cd86fee4-4a3140c2-819e9c3b-f103bb2514f9140fdfd1d033"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2a3d0e9c4072f2c-4a960b88-4c8f4a45-8ad1ab42-eccf2ffb1d241a436e7ce1b1"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="148b0317b50e7859-a136253c-40e3489b-aa078756-2a972953a3d3c54e3c8b18f7"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="328ffe4811b3f2df-8678cd8a-42e94898-9aac976d-11a230418c4b3b536807f341"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3678e76ec3c3168e-915cc087-443040dd-8d449651-c8db3d01caec0a9ff436ae45"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2dda62b0eb0bc52-6d1a0fd2-4e1d4c21-8fc396f0-5f4ca9e8dd3f467f41c2f8c4"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10326bb8c1f3d646-dfabcb74-422b421c-8a3c883d-ed38d38ea8f37b5ff7c3a04c"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1c2828ec268d765-f4f624a0-47314e52-9f5394c0-8045eeab26bef6883b490f67"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13f6126d307c1b41-2eb7c0f1-46b34c1c-9a2a8f61-8e2f764a0bcfa56e323abdd1"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aeaa208505c0eb0c-1a48bd16-430b4286-9ad5b397-88099cd294a326e5f3366270"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04a2553425c6bfb0-37a0b429-4acb40b9-840396ac-a6bfdc9a87c8e6696ec44b33"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4dcf798147199dc3-0c03c031-4633427e-a8d1acf7-5bcf49ecdfd1f3493c208119"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="922d3a111bc16301-75bd6b1e-45364279-895caaec-7878935271a2be497a1009c5"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd9a25fa8ba0fd61-ce29d115-47e54319-9e97ada2-59b0fa3219d7143cb4555c1d"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8e7af5d3fcbc2e6a-2dc8ed21-47a443f0-b6058a50-8bd78c478635a0e02bad2c37"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5116fc7fbd8f02e3-f0b82510-4b864d12-a80e841a-4c64be444bc695743a56d7d6"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289VU\#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa52fd4fd6f9b9af-fcb021c8-438247c5-94b4bb29-5ff5ea7c517c9508c8f5dd4f"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240VU\#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e8c2639619a7d26-c27eff2c-43784b01-9b309cae-2db24f76d970e210ca7a0ca6"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468VU\#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0fd9c717933609d-a06f9aac-437940b6-a6339e46-3b090d9885195de6cdd1dacb"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395VU\#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5a3951524a2c315c-dcfdd187-45934b61-8e7e8a7a-a2735abce9ef25163aa7307e"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436VU\#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a27fd0ae9620c69b-a80eb47b-4a6348fe-9a6189c2-80583bd7c6312f0eb2e3ade3"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148VU\#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81fda83453e121d7-d6dc038f-4725404f-8e528c82-82685039bf32320db42db3cc"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332VU\#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9fc7020fe270bf7c-1e35d19a-4cb849e5-960eba1d-184538918a7770270b28c587"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732VU\#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="500dd66fb551ac41-2acbde43-44094103-90e6b0b9-c7efa1bd2365a95824ed7ef5"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092VU\#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="278e54b7b6b191bb-590fd1f6-440f4359-aa199a6a-461a85ff255c2e22eba5541c"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872VU\#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d48f733278d3e67-e5cfe027-4feb4883-8bc7a910-3efd60b8c321c96e5ae97421"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9e12d01dad74e72-25bb872a-48bf48b2-a89bb229-2484da0fc522402cfff28331"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1ab1d807d0bdff90-3173f1e6-45b044c5-95d097ae-cf984d8e5c53c5ed809b1428"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bb5d68c8dc767e78-32767b60-4d41490c-8b068a32-da650f767874fb07968dc224"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46e36a11725fc612-741d5577-4b4a4cf7-93fc8d26-718f0466bb115ed9c7d9f89f"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf0729ed2ae578c4-61701cf6-44d5456a-a6b99c2e-27ab144ae71556225b24beb8"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.