<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e339addf-b37b-4850-a857-48403a24897d"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings
(CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="885671c7-bb14-442f-9722-bd686f7acfac"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1991303e-5fc1-43cf-a959-b260a0997704"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="509159dd-4e72-44ce-8766-f860edfb6134"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c6ff307-9d8e-4bd3-9f7d-109dcb2c45f3"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47d38d97-1d9f-4215-8d67-40806ceba8bc"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation. (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="262acd0d-a296-425a-96fd-813ed8b75aec"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8561759-a7ed-4809-85fe-b3080d41af7e"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer."
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="108b8cb0-52d4-4053-82ea-741bde0cb530"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7cd9c23-61dd-466d-b792-b46d9a17d964"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ced2675c-5b4d-4f5c-819d-7161f2bc35f6"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="88dd5457-a994-4aad-a3ee-bd593b5e5e58"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4f8521bf-f457-4d3b-a695-ae18e96c31ef"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. April, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa1c9549-be71-4d8d-9779-92f9adfef4a4"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df6754a0-e302-49b9-8149-29277c8726a7"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d0c2be8-858b-4776-b742-f1c2b898e7b5"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35cf0b80-36dc-4bdc-9583-989eb522d3fa"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db8b016f-d5c5-4052-a80a-638f6d45c3ff"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Ray Lai. Reading Between the Lines. OpenBSD Journal. October, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72cc3efc-c13f-44f6-9990-e3a5450599de"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb76abd2-79b1-4ae4-b1ee-d41188966c50"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9f48cfb-a355-4b77-a3f9-9a0f7828a65a"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a1b20a3-3bd5-4770-8569-108512e88a3d"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d834f2a1-91ec-4fd6-9014-fb334681382d"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6836c61b-234d-46fc-beb6-f5cbaf9c60cb"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53921ce2-931b-4527-9a08-610fecfdc636"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c17213e8-a16c-4785-856e-5944343a94a0"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58a763b0-e1d1-4c86-b590-b3e94d4d34a9"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0850baf-779d-4099-b164-7fa2b8b87f3a"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99c4048b-f196-40c8-96a6-62067a02890c"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9dc6a1a-51bb-4fef-9087-2f9d77d1d485"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="81d6f78b-8967-4b1a-990b-0b00fd3019fd"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1562cbd0-2377-4595-a5d0-31c13d3dcb98"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33621de9-c09e-447f-8217-3367966356a6"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2ac12f2e-6e8e-4162-a972-af37d1c5473b"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64dfcf1e-201a-4c5f-9130-e1ed0cc87585"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software. (2005)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="33455a03-4fd3-4b64-b5f0-f3c9e2e7b5fd"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).