<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e35b0693-bea1-41bc-bcf8-bf028ad29f8a"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro> \[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a61136a-9a3b-4a81-a94a-b495979bbce7"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro> \[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="726cb401-ee81-42d4-9adf-a3e9d2b613b2"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro> \[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b4663e6-4e0e-4f2f-92b3-db7b9c1b54ca"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro> \[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="604308f8-f6fa-4535-b2cb-fb8275bc0a8c"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro> \[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ddf275da-c911-468b-8f9f-12e505b9681e"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro> \[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d74e9a7-11df-47db-a3f2-f95851dcfbe8"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro> \[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e6171eac-ac69-4e92-9de1-9ab5a1ee0d4d"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro> \[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d4ecff9-933c-4a19-86bf-bb0472e62d88"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro> \[Corfield 93\] Corfield, Sean A. "[http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]" 24 November 1993. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="78673a25-7674-4c4a-b406-e6dff53f13e7"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro> \[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57fb8b19-e566-40b6-a6da-27d31185318a"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro> \[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fcfa3680-aacf-4935-b1a8-247ec3b48bb1"><ac:parameter ac:name="">Dewhurst 03</ac:parameter></ac:structured-macro> \[Dewhurst 03\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c063f8ba-0bff-4753-ace2-58c128dabd64"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro> \[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="48b1c852-7355-4646-beca-6a7a6539922e"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro> \[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69515a55-7491-4e67-b45b-268314933cae"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro> \[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db848799-9c71-4b65-af19-43670d5b0a09"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro> \[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63746d68-d870-4179-b16b-6f2e1dcaa532"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro> \[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e18c9ea8-b185-484a-8153-912d9dd53ed5"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro> \[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="370d272b-d084-4fb2-83a0-9bab5ec72811"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro> \[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="030f281c-040e-4b0d-b7e9-4cd68aba45c7"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro> \[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4790dde-548e-4131-9087-5900a1d41ae4"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro> \[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ab59fc2-0bcd-49c1-b1ee-5ca20bff5c16"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro> \[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d51b76d5-de6e-44c2-b711-a321753104eb"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro> \[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c75013fd-346f-47c4-944e-c2c4930b88b4"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro> \[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e211b65-999a-41ab-8c54-67c6979b77e7"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro> \[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="61022592-16b6-4d37-bc4c-70dc2fb3f859"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro> \[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="39a5ea5c-dcc8-4387-a5db-f4d12cfa57a1"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro> \[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d982e2d-9793-42b6-9c36-ab30b12737e4"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro> \[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dc856b4e-37ad-4007-8a77-52583ad75d64"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro> \[Howard 02\] Michael Howard, David C. LeBlanc. [Writing Secure Code, Second Edition|http://www.microsoft.com/mspress/books/5957.aspx] Microsoft Press; 2 Sub edition, December, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7cdbba7d-e400-4476-9d2e-9ecedeb09af8"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro> \[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0191dc85-c890-49bc-95e7-c247ebcca4a9"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro> \[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="073cf259-9284-48f9-bbc2-97344030e0e4"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro> \[IEC 61508-4\] _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4e5909e-27da-413c-bb06-4b47d502529d"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro> \[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56c00044-5c06-42c4-9405-402cde42e22a"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro> \[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0310074-dddf-4954-b0b6-3fc3db2fd643"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 10646:2003\] _Information technology -- Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5a56f08-4404-4179-b8b3-515b1df65d12"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro> \[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82e68680-d029-4c32-a2b9-7ce59924bfac"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro> \[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46478149-9aba-4b78-ba0e-6e69903b92b1"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a88e3c8c-9f5a-4e00-a740-9e45218cd867"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro> \[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cdff35f6-4994-45cc-b79a-98f993aceb92"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro> \[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e65344e9-4fe5-4055-b9b6-8434737810be"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro> \[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006. |
anchor:ISO/IEC DTR 24772-2007} \[ISO/IEC DTR 24772-2007\] ISO/IEC TR 24731. [Information Technology ? Programming Languages ? Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-n-0106/n0106.pdf]. November, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bfc59b60-47c2-4180-beca-1ee2d374a818"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro> \[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63f2c6f8-ece5-44f9-a0f0-4d16842f2e1e"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro> \[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="72dcdfd4-69d9-4be2-bf9f-a90cff6e9bfb"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro> \[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf5dded5-d50c-4b7a-a794-6f6fc5861576"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro> \[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82264d14-e1c9-479d-b3cb-92689d076aa7"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro> \[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af2ab210-25b7-4497-a152-1376ce743ced"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro> \[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="519ff558-fdb7-4cc9-9b2f-f4b5662f1cde"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro> \[Kirch-Prinz 02\] Ulla Kirch-Prinz, Peter Prinz. _C Pocket Reference_. O'Reilly, November 2002, (ISBN: 0-596-00436-2). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e62b16d2-71ef-4c82-bd54-c29985c4c129"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro> \[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02cbdabc-0d7c-42f4-9396-6f393d027745"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro> \[Koenig 89\] Andrew Koenig. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ce5e562-fbc7-4af3-9572-b871bee1e2a7"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro> \[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf083be6-d5f3-44aa-9bf1-233127d5a904"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro> \[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1aa82a48-b450-45bd-a8a4-14a269cd84c0"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro> \[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1ee146a6-4a19-46e9-a6b0-40386b9baee7"><ac:parameter ac:name="">Lockheed Martin 2005</ac:parameter></ac:structured-macro> \[Lockheed Martin 2005\] Lockheed Martin. _Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program_. Document Number 2RDU00001, Rev C. December 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9cdc6ed-e428-492b-8a27-8e21015bd3a6"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro> \[Loosemore 07\] Sandra Loosemore, Richard M. Stallman, Roland McGrath, Andrew Oram, and Ulrich Drepper. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/]. Edition 0.11. September, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="355104b6-3ba3-4cc8-b5c3-bc52af404734"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro> \[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc92f89a-7105-4bf4-9541-b994c611d58f"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro> \[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcf3d062-ac95-4a5f-9d4c-2be448987ab5"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro> \[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a32ca28d-849b-4cdd-afcd-27f12629c95f"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro> \[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49dc8ebf-c845-49ce-b716-c19d0eff38c7"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro> \[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9916f1e-586a-40e9-b553-8100b94b4b1a"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro> \[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54b9ec37-ee88-4b6f-93a1-dbf2d32999e7"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro> \[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 7|http://cwe.mitre.org/], October 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f354654-a9f3-4eca-8c01-5977b45ab10c"><ac:parameter ac:name="">MSDN 07</ac:parameter></ac:structured-macro> \[MSDN 07\] MSDN. [Inheritance (Windows)|http://msdn2.microsoft.com/en-us/library/ms683463.aspx], 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2367d0b7-3168-4004-b033-408301d2cbb1"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro> \[Murenin 07\] Constantine A. Murenin. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74e73df5-4994-456f-9cd3-7921235199c2"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro> \[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed47ed17-d67d-4400-94f6-6819b29eee46"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro> \[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56bbcfde-2224-43bd-bf45-3e623df29e35"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro> \[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d21336c7-caed-416b-b73a-9b488dc21a97"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro> \[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0251769d-b2d0-4d39-bb42-752a48f7f3a0"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro> \[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="87ab976c-0b4f-4fd0-b3e1-861495e62b31"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro> \[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3aa2f5db-a674-435e-94bb-aaea7ad25e5c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro> \[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="93bd3cdf-4c84-4715-9482-be67ae54af71"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro> \[Plakosh 05\] Plakosh, Dan. _[_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html]_, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0af39e3e-a591-450d-83fd-7063c3be04fc"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro> \[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13fb6d67-6281-4da5-ab8b-fbb094b62159"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro> \[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c22f99f3-f42b-4424-8676-d6e3f1969906"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro> \[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a54720a9-8d1e-44cc-a576-c2aeed863b88"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro> \[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4cf706c2-0fa1-40c2-b63c-d0afa245a49c"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro> \[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e774af84-6c93-4382-9a1d-2c35712afed9"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro> \[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53b6f557-135d-4a3e-9287-50aad701ef32"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro> \[Schwarz 05\] Schwarz, B. Hao Chen Wagner, D. Morrison, G. West, J. Lin, J. Wei Tu. _Model checking an entire Linux distribution for security violations_. Published in proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN: 1063-9527; ISBN: 0-7695-2461-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa7d39f6-cca1-4de0-a114-ad9a2169e0a9"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b64f5c65-a2c0-4a4f-a98b-16e259d4edf5"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro> \[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cdaeca8c-2751-4b1e-8bba-11c7508e1fca"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro> \[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03e4a5c1-3047-4601-871a-fec6f80c97f2"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro> \[Seacord 05c\] Robert C. Seacord. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine. November, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ad87296-0d58-45ae-b94d-2aade81103b0"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro> \[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf2bba33-e299-40fa-ac9a-971f328c3a49"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro> \[Steele 77\] Steele, G. L. 1977. [Arithmetic shifting considered harmful.|http://doi.acm.org/10.1145/956641.956647] _SIGPLAN Not._ 12, 11 (Nov. 1977), 61-69. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6b0e4ff-ecfb-4291-854e-f4e6f3b44d12"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro> \[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c19cd5d-14bf-4077-868c-3587c926a095"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro> \[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4530d584-16bc-4f1e-ae8b-246f578d786e"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro> \[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dc88d80f-8cee-4db3-a813-164c0b4a56e1"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro> \[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. |
\[van Sprundel 06\] van Sprundel, Ilja. [Unusual Bugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ac6082e-b093-4879-b53c-99904568fa04"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro> \[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="862927f6-be07-4faf-9d6e-d525f9cf43a9"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro> \[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fdbc9b0f-7ad5-42db-9e69-f484fd6d773b"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro> \[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14170b2d-1255-4bea-b7a0-ce3579c48561"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro> \[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e048653-401c-412b-816d-9af682e7c72f"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro> \[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="659b9d5c-c652-4a85-87bb-c78437b7b2b5"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro> \[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83962efa-9775-4177-bc37-165f9068e16d"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro> \[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21765a13-9390-46a6-8f31-67e0333618a2"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro> \[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6cdaaa89-e7ee-4ca6-a35a-658c731973ca"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro> \[VU#743092\] Jason A. Rafail; Jeffrey S. Havrilla. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb0468eb-37b4-4758-97ce-18d3158b4274"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro> \[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca3617c6-8441-4e0b-b289-4fb3a7b5a266"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro> \[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ff55e21-3b22-4839-86ba-3cc418960056"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro> \[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a64af83-dd5e-4e2b-ada5-8b03925a4c88"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro> \[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6adcacfa-f6ac-4c23-b8f6-a7ac1849f3d0"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro> \[Zalewski 01\] Michal Zalewski. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May, 2001. |