...
[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. 
Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL)
, May . May 2007.
[Cline 2009] Cline, Marshall. 
C++ FAQ Lite—Frequently Asked Questions. 1991-2009.
| Anchor | 
|---|
| |  | codesourcery 2016a | 
|---|
 |  | codesourcery 2016a | 
|---|
 | 
[CodeSourcery 2016a] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. 
Itanium C++ ABI. 
December 2016 [
Accessed 2016accessed]
.| Anchor | 
|---|
| |  | codesourcery2016b | 
|---|
 |  | codesourcery2016b | 
|---|
 | 
[CodeSourcery 2016b] CodeSourcery, Compaq, EDG, HP, IBM, Intel, Red Hat, SGI, et al. 
Itanium C++ ABI ($RevisionRevision: 1,86 $). 
December 2016 [
Accessed 2016accessed]
.[Coverity 2007]
  Coverity. Coverity Prevent User's Manual (3.3.0). 2007.
...
[Dewhurst 2002] Dewhurst, Stephen C. 
C++ Gotchas: Avoiding Common Problems in Coding and Design. 
Boston, MA: Addison-Wesley Professional
, . 2002.
[Dewhurst 2005] Dewhurst, Stephen C. 
C++ Common Knowledge: Essential Intermediate Programming. 
Boston, MA: Addison-Wesley Professional
, . 2005.
[DISA 2015] DISA. 
Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed 
October 2016April 2015.
[DISA 2016] DISA. 
Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed 
October 2016January 2017.
| Anchor | 
|---|
| |  | DISA 2018 | 
|---|
 |  | DISA 2018 | Dowd 07 | Dowd 07 | 
|---|
 | 
[
Dowd 2007] Dowd, McDonald & Schuh. DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.[Dowd 2006] Dowd, Mark; McDonald, John; & Schuh, Justin. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007. In The Art of Software Security Assessment. Addison-Wesley Professional. 2006.
[Fortify 2006] Fortify Software Inc. 
Fortify Taxonomy: Software Security Errors, . 2006.
[FSF 2005] Free Software Foundation. 
GCC online documentationOnline Documentation. ( 2005
).
[Gamma 
19951994] Gamma, 
Erich; Helm
, Richard; Johnson, Ralph, 
& Vlissides, 
and JohnsonJohn. 
Design Patterns Elements of Reusable Object Oriented Software. Addison
-Wesley 
, 1995Professional. 1994.
[GNU 2016] gnu.org. 
GCC, the GNU Compiler Collection: Declaring Attributes of Functions. December 2016 [accessed
]. https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html].[Goldberg 1991] Goldberg, David. 
What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems
, . March 1991.
[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. 
Secure Coding: Principles and Practices.
 Cambridge, MA: O O'Reilly
, . 2003
 (. ISBN 0596002424
).
[Henricson 1997] Henricson, Mats & Nyquist, Erik. 
Industrial Strength C++. 
Upper Saddle River, NJ: Prentice Hall PTR
, . 1997
 (. ISBN 0-13-120965-5
).
[Hinnant 2005] Hinnant, Howard. 
RValue Reference Recommendations for Chapter 20. N1856, . N1856=05-0116. August 2005.
[Hinnant 2015] Hinnant, Howard. Reply to "
std::exception Why what() is returning a const char* and not a string?" 
[public forum post]. ISO C++ Standard—Discussion, . June 28, 2015.
| Anchor | 
|---|
| |  | IEC 60812 2006 | 
|---|
 |  | IEC 60812 2006 | 
|---|
 | 
[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. 
( IEC 60812
). IEC
, . January 2006.
| Anchor | 
|---|
| |  | IEEE Std 610.12 1990 | 
|---|
 |  | IEEE Std 610.12 1990 | 
|---|
 | 
[IEEE Std 610.12 1990] IEEE. 
 IEEE Standard Glossary of Software Engineering Terminology.
 (1990) 1990.
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2013 | 
|---|
 |  | IEEE Std 1003.1-2013 | 
|---|
 | 
[IEEE Std 1003.1:2013] IEEE 
and & The Open Group. 
Standard for Information Technology—Portable Operating System Interface (POSIX®POSIX), . Base Specifications, . Issue 7 (IEEE Std 1003. 
1, 2013
 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089.
[INCITS 2012] INCITS Document number N3396= 12-0096. 
Dynamic memory allocation for over-aligned data. 2012.
 http//www.open-std.org/jtcl/sc22/wg21/docs/papers/2012/n3396.html [INCITS 2014] INCITS PL22.16 and & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88), Doc. N3967, 2014. 2014.
[INCITS 2020] INCITS PL22.16 & ISO WG21 C++ Standards Committee, Library Working Group (LWG). C++ Standard Library Active Issues List (Revision R88). N4860. 2020.
| Anchor | 
|---|
| |  | Internet Society 00 | 
|---|
 |  | Internet Society 00 | 
|---|
 | 
[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.
| Anchor | 
|---|
| |  | ISO/IEC 9899-1999 | 
|---|
 |  | ISO/IEC 9899-1999 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO-IEC 9899-1999 | 
|---|
 |  | ISO-IEC 9899-1999 | 
|---|
 | 
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. 
Programming Languages — C, Second Edition, . 1999.
| Anchor | 
|---|
| |  | ISO/IEC 9899-2011 | 
|---|
 |  | ISO/IEC 9899-2011 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO-IEC 9899-2011 | 
|---|
 |  | ISO-IEC 9899-2011 | 
|---|
 | 
[ISO/IEC 9899:2011] ISO/IEC. 
Programming Languages—C, 3rd ed (. ISO/IEC 9899:2011
). Geneva, Switzerland: ISO, 2011. 2011.
| Anchor | 
|---|
| |  | ISO/IEC14882-1998 | 
|---|
 |  | ISO/IEC14882-1998 | 
|---|
 | 
[ISO/IEC 14882-1998] ISO/IEC 14882-1998. 
Programming Languages — C++, First Edition, . 1998.
| Anchor | 
|---|
| |  | ISO/IEC14882-2003 | 
|---|
 |  | ISO/IEC14882-2003 | 
|---|
 | 
[ISO/IEC 14882-2003] ISO/IEC 14882-2003. 
Programming Languages — C++, Second Edition, . 2003.
| Anchor | 
|---|
| |  | ISO/IEC14882-2011 | 
|---|
 |  | ISO/IEC14882-2011 | 
|---|
 | 
[ISO/IEC 14882-2011] ISO/IEC 14882-2011. 
Programming Languages — C++, Third Edition, . 2011.
| Anchor | 
|---|
| |  | ISO/IEC14882-2014 | 
|---|
 |  | ISO/IEC14882-2014 | 
|---|
 | 
[ISO/IEC 14882-2014] ISO/IEC 14882-2014. 
Programming Languages — C++, Fourth Edition, . 2014.
| Anchor | 
|---|
| |  | ISO/IEC N3000 | 
|---|
 |  | ISO/IEC N3000 | 
|---|
 | 
[ISO/IEC N3000 
2009] Working Draft, Standard for Programming Language C++
, . November 2009.
| Anchor | 
|---|
| |  | ISO/IEC TR 24772-2013 | 
|---|
 |  | ISO/IEC TR 24772-2013 | 
|---|
 | 
[ISO/IEC TR 24772
-:2013] ISO/IEC
 TR 24772-2013. 
Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, . TR 24772-2013. ISO. March 2013.
| Anchor | 
|---|
| |  | ISO/IEC TS 17961 | 
|---|
 |  | ISO/IEC TS 17961 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO-IEC TS 17961 | 
|---|
 |  | ISO-IEC TS 17961 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO/IEC TS 17961-2013 | 
|---|
 |  | ISO/IEC TS 17961-2013 | 
|---|
 | 
[ISO/IEC TS 17961:2012] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, . ISO. 2012.
[Jack 2007] Jack, Barnaby. 
Vector Rewrite Attack. Juniper Networks. May 2007.
| Anchor | 
|---|
| |  | kalev1999 | 
|---|
 |  | kalev1999 | Kalev 99 | Kalev 99 | 
|---|
 | 
[Kalev 
991999] Kalev, Danny. 
 ANSI/ISO C++ Professional Programmer's Handbook.  Indianapolis, Ind: Que, 1999.Que. Corporation. 1999[Lea 2000] Lea, Doug. 
Concurrent Programming in Java,  2nd ed2nd Edition., Addison-Wesley Professional
, Boston, 2000. 2000.[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. European Space Agency (ESA) & National Center for Space Study (CNES). July 1996.
[Lions 1996] Lions, J. L. 
ARIANE 5 Flight 501 Failure Report. 
Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES)
 Inquiry Board, . July 1996.
| Anchor | 
|---|
| |  | Lockheed Martin 05 | 
|---|
 |  | Lockheed Martin 05 | 
|---|
 | 
[Lockheed Martin 2005] Lockheed Martin. 
"Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001
, Rev C. 
, December 2005.
[Meyers 1996] Meyers, Scott. 
More Effective C++: 35 New Ways to Improve Your Programs and Designs. 
Boston, MA: Addison-Wesley
, . 1996.
[Meyers 2001] Meyers, Scott. 
Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. 
Boston, MA: Addison-Wesley Professional
, . 2001.
[Meyers 2005] Meyers, Scott. 
Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). 
Boston, MA: Addison-Wesley Professional
, . 2005.
[Meyers 2014] Meyers, Scott. Reply to 
" The Drawbacks of Implementing Move Assignment in Terms of Swap 
" [blog post]. 
The View from Aristeia: Scott Meyers' Professional Activities and Interests, . 2014.
[Microsoft 2010] 
STL std::string class causes crashes and memory corruption on multi-processor machines. 2010.[MISRA 2004] MIRA Limited. 
" MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. 
" Warwickshire, UK: MIRA Limited
, . ISBN 095241564X. October 2004
 (ISBN 095241564X).
[MISRA 2008] 
MIRA MISRA Limited. 
"MISRA C++: 2008 Guidelines for the Use of the C++ Language in Critical Systems", . ISBN 978-906400-03-3 (paperback)
, ISBN ;  ISBN 978-906400-04-0 (PDF)
, . June 2008.
[MITRE 2007] MITRE. 
Common Weakness Enumeration, Draft 9, . April 2008.
[MITRE 2008a] MITRE. 
CWE ID 327, ". Use of a Broken or Risky Cryptographic Algorithm," . 2008.
[MITRE 2008b] MITRE. 
CWE ID 330, ". Use of Insufficiently Random Values," . 2008.
[MITRE] MITRE. 
Common Weakness Enumeration, Version 1.8. February 2010.
[MSDN 
2010] MSDN. "CryptGenRandom Function."2010] Microsoft Developer Network. CryptGenRandom Function. December 2016 [accessed].[MDSN 2016] Microsoft Developer Network. nothrow (C++). December 2016 [accessed].[NIST 2006] NIST. 
SAMATE Reference Dataset, . 2006.
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2013 | 
|---|
 |  | IEEE Std 1003.1-2013 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO/IEC 9945:2013 | 
|---|
 |  | ISO/IEC 9945:2013 | 
|---|
 | 
| Anchor | 
|---|
| |  | Open Group 13 | 
|---|
 |  | Open Group 13 | 
|---|
 | 
[Open Group 2013] The Open Group. 
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2013 Edition, . 2013.
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2008 | 
|---|
 |  | IEEE Std 1003.1-2008 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO/IEC 9945:2008 | 
|---|
 |  | ISO/IEC 9945:2008 | 
|---|
 | 
| Anchor | 
|---|
| |  | Open Group 08 | 
|---|
 |  | Open Group 08 | 
|---|
 | 
[Open Group 2008] The Open Group. 
The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, . 2008.
| Anchor | 
|---|
| |  | IEEE Std 1003.1-2004 | 
|---|
 |  | IEEE Std 1003.1-2004 | 
|---|
 | 
| Anchor | 
|---|
| |  | ISO/IEC 9945:2003 | 
|---|
 |  | ISO/IEC 9945:2003 | 
|---|
 | 
| Anchor | 
|---|
| |  | Open Group 04 | 
|---|
 |  | Open Group 04 | 
|---|
 | 
[Open Group 2004] The Open Group. 
The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, . 2004.
[Plum 1991] Plum, Thomas. 
C++ Programming. 
Kamuela, HI: Plum Hall, Inc. 
, November 1991
 (. ISBN 0911537104
).
[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. 
" Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++
," . 27-35. 
NIST Special Publication Page 500-262, . In Proceedings of the Static Analysis Summit. 
Gaithersburg, MD, July 2006.
[Rohlf 2009] Rohlf, Chris. 
 Fun with erase (). 2009.
[Saks 1999] 
Saks, Dan
 Saks. 
 const T vs.T const. 
Embedded Systems Programming.
 Pg February 1999. 
Pages 13-16
. February 1999.
[Saks 2007] Saks, Dan. 
"Sequence Points" . Embedded Systems Design, 07/01/02. 2007.
[Seacord 2005] Seacord, 
RRobert C. 
Secure Coding in C and C++. 
Upper Saddle River, NJ: Addison-Wesley
, . 2005
 (. ISBN 0321335724
).
[Seacord 2013] Seacord, Robert C. 
Secure Coding in C and C++, Second Edition. 
Boston: Addison-Wesley
, 2013. See http://www.cert.org/books/secure-coding for news and errata.. 2013.[Sebor 2004] Sebor, Martin. 
C++ Standard Core Language Active Issues, Revision 68, Issue 475, . 2010.
[SGI 2006] Silicon Graphics, Inc. 
" basic_string<charT, traits, Alloc>. 
" Standard Template Library Programmer's Guide, . 2006.
[Steele 1977] Steele, G. L.
 1977.  Arithmetic shifting considered harmful. SIGPLAN NotNotices. Volume 12
, . Issue 11
 (Nov. 
November 1977
), . Pages 61-69.
| Anchor | 
|---|
| |  | Stroustrup 97 | 
|---|
 |  | Stroustrup 97 | 
|---|
 | 
[Stroustrup 1997] Stroustrup, Bjarne. 
The C++ Programming Language, Third Edition. 
Reading, MA: Addison-Wesley
, . 1997
 (ISBN 0201889544). ISBN  978-0201700732.
| Anchor | 
|---|
| |  | Stroustrup 06 | 
|---|
 |  | Stroustrup 06 | 
|---|
 | 
[Stroustrup 2006] Stroustrup, Bjarne. 
C++ Style and Technique FAQ (.2006
).
 Accessed November  December 2016 
[accessed].
| Anchor | 
|---|
| |  | Stroustrup 01 | 
|---|
 |  | Stroustrup 01 | 
|---|
 | 
[Stroustrup 2001] Stroustrup, Bjarne. 
Exception Safety: Concepts and Techniques (2001). AT&T Labs. 2001.
[Sun 1993] 
Sun Security Bulletin #00122, . 1993.
[Sutter 2000] Sutter, Herb. 
Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2000
 (. ISBN 0201615622
).
[Sutter 2001] Sutter, Herb. 
More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional
, . 2001
 (. ISBN 020170434
).
[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. 
C++ Coding Standards: 101 Rules, Guidelines, and Best Practices.
 Boston, MA: Addison Addison-Wesley Professional
, . 2004
 (. ISBN 0321113586
).
| Anchor | 
|---|
| |  | van Sprundel06 | 
|---|
 |  | van Sprundel06 | 
|---|
 | 
[van Sprundel 2006] van Sprundel, Ilja. 
Unusual bugs, . 2006.
[Viega 2003] Viega, John & Messier, Matt. 
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. 
Sebastopol, CA: O'Reilly
, . 2003
 (. ISBN 0-596-00394-3
).
 [Viega 2005] Viega, John. 
CLASP Reference Guide, Volume 1.1. Secure Software
, . 2005.
[VU#159523] 
Giobbi, Ryan. Vulnerability Note VU#159523,  Vulnerability Note VU#159523. Adobe Flash Player integer overflow vulnerability. April 2008. [VU#162289] Dougherty, Chad. 
Vulnerability Note VU#162289, . GCC Silently Discards Some Wraparound Checks. April 2008.
[VU#623332] Mead, Robert. 
Vulnerability Note VU#623332. MIT Kerberos 5 contains double free 
vulner-ability vulnerability in "krb5_recvauth()" function. July 2005.
...
[Warren 2002] Warren, Henry S. 
Hacker's Delight. 
Boston, MA: Addison Wesley Professional. 2002
 (. ISBN 0201914654
).
[Williams 
20102010a] Williams, Anthony. 
Thread. Boost Library Thread, 2007-2008. 2010.
[Williams 
20102010b] Williams, Anthony. 
Simpler Multithreading in C++0x, . Internet.com
, . 2010.
[xorl 2009] xorl. 
xorl %eax, %eax. December 2016 [accessed].
 
  Image Removed
Image Removed    Image Removed
Image Removed    Image Removed
Image Removed