SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 419

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: replaced dead link

Anchor
Acton 06
Acton 06

[Acton 2006] Acton, Mike. "Understanding Strict Aliasing." CellPerformance, June 1, 2006.

Anchor
Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

Anchor
Apiki 2006
Apiki 2006

[Apiki 2006] Apiki, Steve. "Lock-Free Programming on AMD Multi-Core System." AMD Developer Central, 2006.

...

Anchor
DHS 06
DHS 06

[DHS 2006] U.S. Department of Homeland Security. Build Security In. 2006.

Anchor
DISA 2008
DISA 2008
Anchor
DISA 2015
DISA 2015

[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 23, Release 110. Accessed April 2015.

Anchor
DISA 2016
DISA 2016 DOD 5220 DOD 5220

[DOD 5220DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.

Anchor
DISA 2018
DISA 2018

[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.

Anchor
DOD 5220
DOD 5220

[DOD 5220] U.S. Department of Defense. DoD Standard 5220. U.S. Department of Defense. DoD Standard 5220.22-M (Word document).

Anchor
Dowd 06
Dowd 06

[Dowd 2006] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston: Addison-Wesley, 2006. See http://taossa.com for updates and errata.

Anchor
Drepper 06
Drepper 06

[Drepper 2006] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

...

Anchor
Fortify 06
Fortify 06

[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors. 2006.

Anchor
Fomichev 16
Fomichev 16

[Fomichev 2016] Fomichev, Roman. "Safe Clearing of Private Data". PVS-Studio Team, 2016.

Anchor
FSF 05
FSF 05

[FSF 2005] Free Software Foundation. GCC Online Documentation. 2005.

...

Anchor
Howard 02
Howard 02

[Howard 2002] Howard, Michael & LeBlanc, David C. Writing Secure Code , 2nd ed. Redmond, WA: Microsoft Press, 2002.

...

Anchor
IEEE Std 1003.1
IEEE Std 1003.1
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008

[IEEE Std 1003.1:2008] IEEE and The Open Group. The Open Group Base Specifications Issue 7 (IEEE Std 1003.1), 2008 Edition. See also ISO/IEC 9945-2008 and Open Group 2008.

Anchor
IEEE Std 1003.1
IEEE Std 1003.1
Anchor
IEEE Std 1003.1-2024
IEEE Std 1003.1-2024

[IEEE Std 1003.1:2024] IEEE and The Open Group. The Open Group Base Specifications Issue 8 (IEEE Std 1003.1), 2024 Edition.

Anchor
IEEE Std 1003.1-2013
IEEE Std 1003.1-2013

[IEEE Std 1003.1:2013] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 (IEEE Std 1003.1, 2013 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089.

Anchor
IETF RFC 6520IETF RFC 6520
IEEE Std 1003.1-2024
IEEE Std 1003.1-2024

[IEEE Std 1003.1:2024] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 8 (IEEE Std 1003.1, 2024 Edition). E-book: https://ieeexplore.ieee.org/document/10555529.

Anchor
IETF RFC 6520
IETF RFC 6520

[IETF: RFC 6520] Internet Engineering [IETF: RFC 6520] Internet Engineering Task Force (IETF). Request for Comments 6520: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. February 2012.

...

Anchor
Intel 01
Intel 01

[Intel 2001] Intel Corp. _Floating-Point IEEE Filter for Microsoft * Windows * 2000 on the Intel® Itanium© Architecture_. March 2001.

Anchor
Internet Society 00
Internet Society 00

[Internet Society 2000] The Internet Society. Internet Security Glossary (RFC 2828). 2000.

...

Anchor
ISO/IEC 9899-2011
ISO/IEC 9899-2011
Anchor
ISO-IEC 9899-2011
ISO-IEC 9899-2011

[ISO/IEC 9899:2011] ISO/IEC. Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011.

Anchor
ISO/IEC 99459899-20032017
ISO/IEC 99459899-20032017
Anchor
ISO-IEC 99459899-20032017
ISO-IEC 99459899-20032017

[ISO/IEC 99459899:20032017]  ISOISO/IEC. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX®) [including Technical Corrigendum 1]  Programming Languages—C, 4th ed (ISO/IEC 99459899:20032017). Geneva, Switzerland: ISO, 20032017.

Anchor
ISO/IEC /IEEE 24765:20109899-2024
ISO/IEC /IEEE 24765:20109899-2024
Anchor
ISO/-IEC /IEEE 247659899-20102024
ISO/-IEC /IEEE 247659899-20102024

[ISO/IEC /IEEE 247659899:20102024] ISO/IEC/IEEE. Systems and Software Engineering—Vocabulary . Programming Languages—C, 5th ed (ISO/IEC /IEEE 247659899:20102024). Geneva, Switzerland: ISO, 20102024.

Anchor
ISO/IEC /IEEE 9945-20082003
ISO/IEC /IEEE 9945-20082003
Anchor
ISO-IEC -IEEE 9945-20082003
ISO-IEC -IEEE 9945-20082003

[ISO/IEC /IEEE 9945:20082003]ISO ISO/IEC/IEEE 9945:2008 . Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX®) [including Technical Corrigendum 1] (ISO/IEC 9945:2003). Geneva, Switzerland: ISO, 20082003.

Anchor
ISO/IEC DTR 24732/IEEE 24765:2010
ISO/IEC DTR 24732/IEEE 24765:2010
Anchor
ISO/IEC/IEEE 24765-2010
ISO/IEC/IEEE 24765-2010-IEC DTR 24732ISO-IEC DTR 24732

[ISO/IEC DTR 24732/IEEE 24765:2010] ISO/IEC JTC1 SC22 WG14 N1290. Extension for the Programming Language C to Support Decimal Floating-Point Arithmetic/IEEE. Systems and Software Engineering—Vocabulary (ISO/IEC/IEEE 24765:2010). Geneva, Switzerland: ISO, March 20082010.

Anchor
ISO/IEC JTC1/SC22/WG11/IEEE 9945-2008
ISO/IEC JTC1/SC22/WG11/IEEE 9945-2008
Anchor
ISO-IEC JTC1-SC22IEEE 9945-WG112008
ISO-IEC JTC1-SC22IEEE 9945-WG112008

[ISO/IEC JTC1/SC22/WG11/IEEE 9945:2008] ISO/IEC. Binding Techniques /IEEE. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX ® ). (ISO/IEC JTC1/SC22/WG11). Geneva/IEEE 9945:2008) Geneva, Switzerland: ISO, 2007.2008.

Anchor
ISO/IEC DTR 24732
ISO/IEC DTR 24732
Anchor
ISO-IEC JTC1-SC22-WG14DTR 24732
ISO-IEC JTC1-SC22-WG14DTR 24732

[ISO/IEC JTC1/SC22/WG14] ISO/IEC. Solving the Struct Hack Problem (DTR 24732] ISO/IEC JTC1 / SC22 /WG14 N791). GenevaWG14 N1290. Extension for the Programming Language C to Support Decimal Floating-Point Arithmetic . Geneva, Switzerland: ISO, 1997March 2008.

Anchor
ISO/IEC TR 24731-1-2007JTC1/SC22/WG11
ISO/IEC TR 24731-1-2007JTC1/SC22/WG11
Anchor
ISO-IEC TR 24731JTC1-1SC22-2007WG11
ISO-IEC TR 24731JTC1-1SC22-2007WG11

[ISO/IEC TR 24731-1:2007JTC1/SC22/WG11] ISO/IEC TR 24731. Extensions to the C Library—Part I: Bounds-Checking Interfaces. Geneva. Binding Techniques (ISO/IEC JTC1/SC22/WG11). Geneva, Switzerland: ISO, April 20062007.

Anchor
ISO/IEC PDTR 24731-2-2007ISO/IEC PDTR 24731-2-2007
Anchor
IEC JTC1-SC22-WG14
ISO-IEC PDTR 24731JTC1-2SC22-2007WG14

[ISO-IEC PDTR 24731-2-2007 [ISO/IEC PDTR 24731-2] Extensions to the C Library—Part II: Dynamic Allocation Functions/IEC JTC1/SC22/WG14] ISO/IEC. Solving the Struct Hack Problem (ISO/IEC JTC1/SC22/WG14 N791). Geneva, Switzerland: ISO, August 20071997.

Anchor
ISO/IEC TR 24731-21-20102007
ISO/IEC TR 24731-21-20102007
Anchor
ISO-IEC TR 24731-21-20102007
ISO-IEC TR 24731-21-20102007

[ISO/IEC TR 24731-21:20102007] ISO/IEC TR 24731. Extensions to the C Library—Part II: Dynamic Allocation FunctionsI: Bounds-Checking Interfaces. Geneva, Switzerland: ISO, April 20102006.

Anchor
ISO/IEC TR 24772-2010PDTR 24731-2-2007
ISO/IEC TR 24772-2010PDTR 24731-2-2007
Anchor
ISO-IEC TR 24772-2010PDTR 24731-2-2007
ISO-IEC TR 24772-2010PDTR 24731-2-2007

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772:2010. Information Technology—Programming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. GenevaPDTR 24731-2] Extensions to the C Library—Part II: Dynamic Allocation Functions. Geneva, Switzerland: ISO, October 2010August 2007.

Anchor
ISO/IEC TR 2477224731-20132-2010
ISO/IEC TR 2477224731-2-20132010
Anchor
ISO-IEC TR 2477224731-2-20132010
ISO-IEC TR 2477224731-2-20132010

[ISO/IEC TR 2477224731-2:20132010] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use24731. Extensions to the C Library—Part II: Dynamic Allocation Functions . Geneva, Switzerland: ISO, March 2013April 2010.

Anchor
ISO/IEC TS 17961TR 24772-2010
ISO/IEC TS 17961TR 24772-2010
Anchor
ISO-IEC TS 17961TR 24772-2010
ISO-IEC TS 17961
Anchor
ISO/IEC TS 17961-2013ISO/IEC TS 17961-2013
[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules
TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772:2010. Information Technology— Programming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, 2012October 2010.

Anchor
ISO/IEC
WG14 N1173
TR 24772-2013
ISO/IEC
WG14 N1173
TR 24772-2013
Anchor
ISO-IEC
WG14 N1173
TR 24772-2013
ISO-IEC
WG14 N1173
TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013.

Anchor
ISO/IEC TS 17961
ISO/IEC TS 17961
Anchor
ISO-IEC TS 17961
ISO-IEC TS 17961
Anchor
ISO/IEC TS 17961-2013
ISO/IEC TS 17961-2013

[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, 2012.

Anchor
ISO/IEC WG14 N1173
ISO/IEC WG14 N1173
Anchor
ISO-IEC WG14 N1173
ISO-IEC WG14 N1173
[ISO/IEC WG14 N1173] ISO/IEC.  Rationale for TR 24731 Extensions to the C Library—Part I: Bounds-Checking Interfaces WG14 N1173] Rationale for TR 24731 Extensions to the C Library—Part I: Bounds-Checking Interfaces. http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1173.pdf.

Anchor
Jack 07
Jack 07

[Jack 2007] Jack, Barnaby. Vector Rewrite Attack. May Jack, Barnaby. Vector rewrite attack: Exploitable NULL pointer vulnerabilities
on ARM and XScale architectures. In CanSecWest 2007, Vancouver,
BC, Canada, April 2007.

Anchor
Jones 04
Jones 04

[Jones 2004] Jones, Nigel. Learn a New Trick with the offsetof() Macro. Embedded Systems Programming, March 2004.

...

Anchor
Jones 10
Jones 10

[Jones 2010] Jones, Larry. (2010). WG14 N1539 Committee Draft ISO/IEC 9899:201x.http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1539.pdf.

Anchor
Juric n.d.
Juric n.d.

[Juric n.d.] Juric, Zeljko, et al. (n.d.). TIGCC Documentation, Latest Development Version (TIGCC/TIGCCLIB CVS): C Language Keywords. http://tigcc.ticalc.org/doc/keywords.html.

Anchor
Keaton 09
Keaton 09

[Keaton 2009] Keaton, David, ; Plum, Thomas, ; Seacord, Robert C., ; Svoboda, David, ; Volkovitsky, Alex, ; & Wilson, Timothy. As-if Infinitely Ranged Integer Model. CMU/SEI-2009-TN-023. July 2009.

...

Anchor
Kernighan 88
Kernighan 88

[Kernighan 1988] Kernighan, Brian W. , & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

...

Anchor
Klarer 04
Klarer 04

[Klarer 2004] Klarer, R., ; Maddock, J., ; Dawes, B.; & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C++ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/ 2004/n1720.html.

Anchor
Klein 02
Klein 02

[Klein 2002] Klein, Jack. Bullet Proof Integer Input Using strtol() . 2002.

...

Anchor
Lai 06
Lai 06

[Lai 2006] Lai, Ray. "Reading between Between the Lines." OpenBSD Journal, October 2006.

Anchor
Lea 2000
Lea 2000

[Lea 2000] Doug Lea, Doug. Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

...

Anchor
Lockheed Martin 05
Lockheed Martin 05

[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001 Rev C., December 2005.

Anchor
Loosemore 07
Loosemore 07

[Loosemore 2007] Loosemore, Sandra, ; Stallman, Richard M., ; McGrath, Roland, ; Oram, Andrew, ; & Drepper, Ulrich. The GNU C Library Reference Manual, Edition 0.11. September 2007.

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] Fexible McCluskey, Glen.  Flexible Array Members and Designators in C9X . ;login:, 26, 4 (July 2001): 29–32.

Anchor
Mell 07
Mell 07

[Mell 2007] P. Mell, Peter; Scarfone, K., & Romanosky, SKaren; & Romanesky, Sasha. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0." FIRST, June 2007.

Anchor
mercy 06
mercy 06

[Mercy 2006] mercyMercy. Exploiting Uninitialized Data . January 2006.

[Myers 2001] Meyers, Randy. The New C: X Macros. Dr. Dobbs. May 01, 2001

Anchor
Meyers 2004
Meyers 2004

[Meyers 2004] Meyers, Randy Meyers. Limited size_t WG14 N1080. September 2004.

...

Anchor
Microsoft 07
Microsoft 07

[Microsoft 2007] Microsoft. C Language Reference, 2007.

...

Anchor
Miller 99
Miller 99

[Miller 1999] Miller, Todd C. , & de Raadt, Theo. strlcpy and strlcat—Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference, June 6–11, 1999, Monterey, California, USA. Berkeley, CA: USENIX Association, 1999.

Anchor
Miller 04
Miller 04

[Miller 2004] Miller, Mark C., ; Reus, James F., ; Matzke, Robb P., ; Koziol, Quincey A., ; & Cheng, Albert P. "Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing." In Proceedings of the Nuclear Explosives Code Developer's Conference. Livermore, CA: Lawrence Livermore National Laboratory, December 2004.

...

Anchor
MISRA 12
MISRA 12

[MISRA C:2012] MISRA (Motor Industry Software Reliability Association). MISRA C3: Guidelines for the Use of the C Language in Critical Systems 2012. Nuneaton, UK: MIRA, 2012. ISBN 978-1-906400-10-1.

Anchor
MIT 04
MIT 04

[MIT 2004] MIT (Massachusetts Institute of Technology). "MIT krb5 Security Advisory 2004-002," 2004. http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txtMIT krb5 Security Advisory 2004-002," 2004.

Anchor
MIT 05
MIT 05

[MIT 2005] MIT. "MIT krb5 Security Advisory 2005-003. http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt.

Anchor
MITRE
MITRE

[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.

Anchor
MITRE 07
MITRE 07

[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9. April 2008.

Anchor
MKS
MKS

[MKS] MKS, Inc. MKS Reference Pages.

Anchor
MSDN
MSDN

[MSDN] Microsoft Developer Network.

Anchor
Murenin 07
Murenin 07MITRE 07

[MITRE Murenin 2007] MITRE. Common Weakness Enumeration, Draft 9. April 2008Murenin, Constantine A. cnst: 10-Year-Old Pointer-Arithmetic Bug in make(1) Is Now Gone, Thanks to malloc.conf and Some Debugging. LiveJournal, June 2007.

Anchor
MKSMKS
[MKS] MKS, Inc. MKS Reference Pages. Anchor
NASA-GB-1740.13
NASA-GB-1740.13

[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook  (NASA-GB-1740.13).

Anchor
Myers 2001
Myers 2001

[Myers, 2001]  Meyers, Randy.  The New C: X Macros.  Dr. Dobbs.  May 01, 2001MSDNMSDN [MSDN] Microsoft Developer Network. AnchorMurenin 07Murenin 07 [Murenin 2007] Murenin, Constantine A. cnst: 10-Year-Old Pointer-Arithmetic Bug in make(1) Is Now Gone, Thanks to malloc.conf and Some Debugging. LiveJournal, June 2007.

Anchor
NAI 98
NAI 98

[NAI 1998] Network Associates, Inc. Bugtraq: Network Associates Inc. Advisory (OpenBSD). 1998.

...

Anchor
POSIX.1-2004
POSIX.1-2004
Anchor
IEEE Std 1003.1-2004
IEEE Std 1003.1-2004
Anchor
ISO/IEC 9945:2003
ISO/IEC 9945:2003
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 04
Open Group 04

[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition . 2004. (See also IEEE Std 1003.1-2004.)

Anchor
POSIX.1-2008
POSIX.1-2008
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008
Anchor
ISO/IEC 9945:2008
ISO/IEC 9945:2008
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 08
Open Group 08

[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition . 2008. (See also IEEE Std 1003.1-2008.)

Anchor
OpenMP
OpenMP

[OpenMP] The OpenMP API® Specification for Parallel Programming.

...

Anchor
Plum 89
Plum 89

[Plum 1989] Plum, Thomas , & Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

...

Anchor
Plum 08
Plum 08

[Plum 2008] Plum, Thomas. "Static Assertions." June 2008. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf" June 2008.

Anchor
Plum 12
Plum 12

[Plum 2012] Plum, Thomas. C Finally Gets a New Standard. Dr. Dobb's, 2012.

Anchor
Redwine 06
Redwine 06

[Redwine 2006] Redwine, Samuel T., Jr., ed. Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1. U.S. Department of Homeland Security, September 2006. (See Software Assurance Common Body of Knowledge on Build Security In.)

Anchor
Roelker 04
Roelker 04

[Roelker 2004] Roelker, Daniel. "HTTP IDS Evasions Revisited." September 2004.

...

Anchor
Saks 07b
Saks 07b

[Saks 2007b] Saks, Dan. "Bail, Return, Jump, or . . . Throw?" Embedded Systems Design, March 2007.

...

Anchor
Saks 08
Saks 08

[Saks 2008] Saks, Dan , & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation). March 2008.

...

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] Saltzer, J. H. , & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278–1308.

Anchor
Schwarz 05
Schwarz 05

[Schwarz 2005] Schwarz, B., ; Wagner, Hao Chen, ; Morrison, D., ; West, G., ; Lin, J., ; & Tu, J. Wei. "Model Checking an Entire Linux Distribution for Security Violations." Proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Anchor
Seacord 03
Seacord 03

[Seacord 2003] Seacord, Robert C., ; Plakosh, Daniel, ; & Lewis, Grace A. Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices . Boston: Addison-Wesley, 2003.

Anchor
Seacord 05
Seacord 05
Anchor
Seacord 05a
Seacord 05a
Anchor
Seacord 2005a
Seacord 2005a

[Seacord 2005a] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2005. (See http://www.cert.org/books/secure-coding for news and errata.)

Anchor
Seacord 05b
Seacord 05b

[Seacord 2005b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal, 23, 10 (October 2005): 30–34.

...

Anchor
Seacord 2013a
Seacord 2013a

[Seacord 2013a] Seacord, Robert C. “C C Secure Coding Rules: Past, Present, and Future.” InformIT, June 26, 2013. http://www.informit.com/articles/article.aspx?p=2088511.

Anchor
Seacord 2013
Seacord 2013
Anchor
Seacord 13
Seacord 13

[Seacord 2013b] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. (See http://www.cert.org/books/secure-coding for news and errata.)

Anchor
Secunia
Secunia

[Secunia] Secunia Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability." 2004.

...

Anchor
Sloss 04
Sloss 04

[Sloss 2004] Sloss, Andrew, ; Symes, Dominic, ; & Wright, Chris. ARM System Developer's Guide . San Francisco: Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

...

Anchor
StackOvflw 09
StackOvflw 09

[StackOvflw 2009] StackOverflow.com. "Should I return TRUE / FALSE values from a C function?" StackOverflow.com User Questions, March 15, 2010.

...

Anchor
Summit 05
Summit 05

[Summit 2005] Summit, Steve. comp.lang.c Frequently Asked Questions . 2005.

Anchor
Sun
Sun
Anchor
Sun 93
Sun 93

[Sun 1993] Sun Microsystems. Sun Security Bulletin #00122.. 1993.

Anchor
Sun 05
Sun 05

[Sun 2005] Sun Microsystems. C User's Guide. 819-3688-10. Sun Microsystems, 2005.

Anchor
Sutter 04
Sutter 04

[Sutter 2004] Sutter, Herb , & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston: Addison-Wesley Professional, 2004 (ISBN 0321113586).

Anchor
Tsafrir 08
Tsafrir 08

[Tsafrir 2008] Tsafrir, Dan, ; Da Silva, Dilma, ; & Wagner, David. The Murky Issue of Changing Process Identity: Revising "Setuid Demystified." USENIX, June 2008, pp. 55–66

...

Anchor
Viega 03
Viega 03

[Viega 2003] Viega, John , & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

...

Anchor
VU654390
VU654390

[VU#654390] Rafail, Jason A. Vulnerability Note VU#654390, ISC DHCP Contains C Includes That Define vsnprintf() to vsprintf() Creating Potential Buffer Overflow Conditions. June 2004.

Anchor
VU720951
VU720951

[VU#720951] Dorman, Will. Vulnerability Note VU#720951, OpenSSL TLS Heartbeat Extension Read Overflow Discloses Sensitive Information. April 2014

...

Anchor
VU925211
VU925211

[VU#925211] Dougherty, Chad. Vulnerability Note VU#925211, “Debian and Ubuntu OpenSSL Packages Contain a Predictable Random Number Generator.” June 2008. https://www.kb.cert.org/vuls/id/925211.

Anchor
Walfridsson 03
Walfridsson 03

...

Anchor
WG14/N1396
WG14/N1396

[WG14/N1396] Thomas, J. , Tydeman& Tydeman, F. "Wide function return values." September 2009.

...