View Source

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21e0e4bd-d94d-4dec-b7c3-f94361655662"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf] (May 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d1600c7-fa30-401e-8373-7cc683010e96"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html] (2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0c659568-9334-4ad2-8b64-f46e65e1a072"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy; O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e892c121-b92f-4341-a0c0-5b72d59f5158"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e921d30-52f2-4fc0-9b33-a5dd39cadc24"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B.; Pawlowski, B.; & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt] (June 1995).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="28082187-85d2-4838-97a3-d950bbd00cd6"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6fa7f2dd-ce28-47d0-9429-e7da52bebeb6"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="951d8d27-5732-4a98-bfae-6c68098ced7f"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6aacdb05-e57d-4ff6-8993-983ccd6775ba"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0) (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72c9f15f-547f-4b6e-8335-f783e5338276"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5264eff-d427-458e-8480-d1fdc35c1487"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ad2f1d5-a735-4e27-8138-388ef9d4ede4"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="903f68ff-f409-4a72-9041-59619e87b102"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf] (May 3, 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ea8943c-c3cb-4819-a99e-abc4a375fa37"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1308b8eb-e7eb-488b-bcbe-b4a5f6cfffdc"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffdba927-8510-4c40-b6c2-084b0ec9c945"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Simson Garfinkel, Gene Spafford. Practical UNIX & Internet Security. ISBN 1-56592-148-8, 1004 pages.
Second Edition, April 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5d91fd3d-6c0a-47c3-8fe2-266926c54759"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73e0060a-e3df-451b-aead-c0b07d77a4f2"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9212cc1f-54af-442a-b207-84f512500da2"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c213e814-2340-4092-8cfb-a99dedcb47ac"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b6df6e37-d9fa-4568-bcb3-2508cd02579a"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d334573f-1a9e-44ec-9a53-928e9b686319"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db6afb01-dfc8-4a81-982c-178899323ea9"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Mark R. Horton. Portable C software. Prentice-Hall, Inc. Upper Saddle River, NJ. 1990. ISBN:0-13-868050-7

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e896313d-47fd-49f6-a959-62f68312148e"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Michael Howard, David C. LeBlanc. [Writing Secure Code, Second Edition|http://www.microsoft.com/mspress/books/5957.aspx] Microsoft Press; 2 Sub edition (December, 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c61bcb3b-60d9-428f-b875-39525732248f"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a3fc999-dd9d-4460-bffa-e79890d73295"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea55978f-cfa4-4f27-8d9b-236087e0842a"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41887a5d-ab09-440f-9af1-4c40992355f3"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985) (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1024cfee-3692-45c6-871f-31a54ce7f0c9"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b50791f-602c-44b1-b940-d78377d8b4d4"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology -- Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1dcf4d5f-174b-446b-969c-09c62808816a"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="270d9b1e-ff1e-4faa-bba6-fc0ce1db1768"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a0521ca0-4f26-4de2-8f7e-3693c41e4646"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8de2d4f-9f9c-4a02-8c37-38b2916a3c35"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="16818577-2e5a-414e-b08f-aaefcf36b924"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11) (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="209f5575-6b0d-46bc-aa1d-989f6b1fb625"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31cacf78-af42-424b-a8e5-a5ec7013e1e7"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf] (May 2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0e02862-45cf-4abe-8054-76def4925f5d"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2dcb28ae-9e8d-4a59-a127-de5d8cd6ebf3"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3] (December 2000).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f1d9240f-48e9-4d08-8bac-3d80dcb4f1fd"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
\[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46e0842b-fad5-4ac0-8aa6-92691810095f"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="caaf837f-7649-40ee-b1e3-9f00186c9362"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6bf42c69-1263-45f2-adf6-a914083f214c"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Ulla Kirch-Prinz, Peter Prinz. _C Pocket Reference_.  O'Reilly. November 2002 ISBN: 0-596-00436-2.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98202c77-69f3-4e0d-ae9b-e424929fad1b"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9208e51e-0757-4ad8-b5fd-edbd5d318531"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Andrew Koenig. C Traps and Pitfalls. Addison-Wesley Professional (January 1, 1989)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc514b4d-8f55-4371-af22-92a71644001b"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c4cf697f-6bc7-4ef4-bf85-2d41d47593a8"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f509ee10-d578-4384-af24-c71133558f8a"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebeafaec-c9d5-4801-ba6d-657aea86ea3b"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro>
\[Lockheed Martin 2005\] Lockheed Martin. _Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program_. Document Number 2RDU00001, Rev C.  December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c86319ff-a611-4484-b4c7-1cc5a1af2cd0"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2914fb07-4aae-4218-9427-f9499f9461dc"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40730fa2-11e5-4f77-8cf6-c07103823c56"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b29034b7-07c4-47ff-8266-174b958fe34c"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx]. 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="382d75fb-58c8-4539-93d7-c003b344bcc9"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Constantine A. Murenin. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]\]. June, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7da1e9d2-6992-4e55-b862-49c38fcb95a4"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6252ee70-4a4d-4e94-bbad-3285b9dac8bb"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 7|http://cwe.mitre.org/].  October, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="862c5a4f-0ddb-4ccb-a175-5f4708509677"><ac:parameter ac:name="">MSDN 07</ac:parameter></ac:structured-macro>
\[MSDN 07\] MSDN. [Inheritance (Windows)|http://msdn2.microsoft.com/en-us/library/ms683463.aspx] (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a4c88ac-5585-454c-a15d-01a0f4a5a156"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html] (1998).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e37479a3-0897-4738-81e4-f5486abac3b3"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e90a7b2b-4bfb-4224-b2eb-87096e0c52d5"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4d98be4-1746-4596-98ba-48f0acf46627"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="562af772-abed-4f9e-90e9-09469cde3f1b"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIXÂ® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b8387a2-b8e6-4dc6-8fbf-e528bdf5c213"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html] (May 1997).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f7449a9-bb79-4601-97fe-4abf272da67c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm] (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf31a361-8df9-4b2e-8da2-ff58cf84f753"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. _[_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html]_ (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f085f28e-6b59-4c2e-822b-3f055715618e"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c29ec2fa-46d5-48cf-a064-bf6d2c9b8d32"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c28662f-c01f-4370-b1bc-dc0d07e5dcf8"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5fc0822b-77ad-44ce-8b4e-4f15c7764b89"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbb8ae16-8bab-4c32-bb60-9adad6b3544b"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ccf9fe1-a799-41d7-8930-9679453803e1"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, 07/01/02.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c2db71da-1a67-49bb-af1f-8f42c6b6b480"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B. Hao Chen Wagner, D. Morrison, G. West, J. Lin, J. Wei Tu. _Model checking an entire Linux distribution for security violations_. Published in proceedings of the 21st Annual Computer Security Applications Conference.  Dec. 2005. ISSN: 1063-9527. ISBN: 0-7695-2461-3.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="365a5f81-5842-4841-8515-7d87b36294e8"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3bdcd4ee-2de6-42f6-a945-72f0e47e51fe"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34aeb551-7476-4a04-a04f-4b445cbb6b1d"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efb98e6b-9104-4c5c-86a8-2706bcf31783"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Robert C. Seacord. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af98199b-e023-4167-9a25-851be24bb020"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74fc8343-a612-47eb-a793-2db3a06922b0"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. 1977. [Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647] _SIGPLAN Not._ 12, 11 (Nov. 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e288587a-e853-423e-a861-81ba5b7b98a3"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="635d5d37-ec41-4f20-8cd4-eaaaf243411d"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99c89494-c61b-48c7-9ae6-4f37bfb10972"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc. (2005)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02237af8-2939-4f72-87ec-e66ea6bd1a00"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf] (January 29, 2007).

\[van Sprundel 06\] van Sprundel, Ilja. [Unusual Bugs|http://ilja.netric.org/files/Unusual%20bugs.pdf] (2006).&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92304fd6-0bf8-4962-bd82-129bb64cb42c"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b1dc552-0efa-4ed5-bea0-9160a49206cb"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0e0aab4-f971-4fb3-ba43-e3e9186e4596"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c23966a-ceae-4895-9d94-4f6d8e4b5b64"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1340de6-dcb4-4a0b-9ec0-846081ce632a"><ac:parameter ac:name="">VU#551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f14581a3-4cc8-4e58-a4cb-7fe757e63325"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function_ (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57408249-412d-4fa7-b9ca-555f5cb5f003"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c95931a6-1457-40ea-a8fe-d5cb539a4413"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Jason A. Rafail; Jeffrey S. Havrilla.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow_. July, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0262b992-01fe-4f4c-af84-0dd20f332b6f"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability_ (2007).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ceec7217-c2fc-4987-afdc-8d9a9b230511"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e48371f-19d3-4be2-8457-e39fbc4581b2"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010 |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/] (March 2003).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34c32011-4425-4833-ba1d-484361eb0787"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html] (January 1998).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e78379aa-c712-4e4e-9c34-69bef6c8c09a"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Michal Zalewski. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May, 2001.