<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d0e1adf-2f18-4b9a-ab21-af640f22c250"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro> \[Burch 06\] Burch, H.; Long, F.; & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f59af3b4-3bf4-4354-be5f-05194a186764"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro> \[Callaghan 95\] B. Callaghan, B. Pawlowski, P. Staubach. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt]. June 1995. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4999a5d-339f-4777-bcb3-fad93ae878d1"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro> \[CERT 06\] CERT. [Managed String Library|http://www.cert.org/secure-coding/managedstring.html] (2006). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3d6d32fd-fef7-4f1c-9e9b-a2bd872ee7a9"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro> \[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83d46675-4a8f-4364-b844-165023232765"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro> \[Dowd 06\] Dowd, M.; McDonald, J.; & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f12606ed-6fd8-4ab0-9933-4f09fe85a2c4"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro> \[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong).|http://people.redhat.com/drepper/defprogramming.pdf] May 3, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3784311-ec9c-4627-a0df-0503ecae7248"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro> \[FSF 05\] Free Software Foundation. [GCC online documentation.|http://gcc.gnu.org/onlinedocs] (2005). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5761709a-5b8c-4884-9970-79ee67dd86cb"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro> \[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ad9a90b-ad5b-4a37-9137-f6b9122ea664"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro> \[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68162759-5683-4668-bac5-e14075a889f7"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro> \[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5835d00-e800-4e1f-a5e2-dec9c3645a61"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro> \[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e991bd47-f516-49b4-ac65-d7364701f123"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro> \[HP 03\] [Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. January 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3875ed9-711c-4600-8ff1-ba648d1b79c7"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro> \[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae2835db-06be-40dc-8971-a8cd4b2b677c"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro> \[ISO/IEC 9899-1999\] ISO/IEC 9899-1999. _Programming Languages --- C, Second Edition_, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d6d995cc-9448-4813-8c2b-1bbe2f6d0fd6"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro> \[ISO/IEC 03\] [Rationale for International Standard?Programming Languages?C Revision 5.10|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. April 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2220087-121d-45b7-bfa8-b8ef30e670a7"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro> \[ISO/IEC TR 24731-2006\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. April, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ae18a03-dfbc-409e-802c-5220afd6c4ca"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro> \[Kennaway 00\] Kris Kennaway. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3]. December 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c5cb7c63-cbc9-4d58-92ac-541a550fb3f3"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro> \[Kerrighan 88\] Kerrighan, B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6202f77d-6c6c-48bc-b264-9ead8f29d734"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro> \[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html] (February 2002). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fba613ef-ac19-4d76-bc18-a88d3b1423a2"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro> \[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html] (March 2003). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4af81912-d864-40ea-905d-388507c86575"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro> \[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html] (2002). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9cb96266-258b-4350-ba0d-92afaffa45ca"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro> \[Lai 06\] Ray Lai. [_Reading Between the Lines_|http://undeadly.org/cgi?action=article&sid=20061027031811]. OpenBSD Journal. October, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="37a17529-19b6-4100-bdef-e4eab2105966"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro> \[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip] (January 2006). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f404e54-8ba1-4d6c-bacf-29b12f780d51"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro> \[MISRA 04\] MIRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7304bf96-4f80-40b7-9dca-04693f5a89e2"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro> \[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7b561c3-4a9e-4e5b-963c-8c6ca545a645"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro> \[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/] (2006). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac5ce150-0b50-44de-af9e-bbf1327622cf"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro> \[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] Information Technology Laboratory (ITL), oftware Diagnostics and Conformance Testing Division. September, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1ff04c3a-cb8c-4c58-afd0-86d6303d1f20"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro> \[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm] (1997). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d67cc137-a6d7-41b7-a620-8ed4413f6663"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro> \[Open Group 04\] The Open Group. "[_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm]." (2004). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b5579cf-2891-43be-bbcb-9890eb182d71"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro> \[Plum 89\] Plum, Thomas, and Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bc42090f-79ac-46b1-9ed3-d31be1eb6a20"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro> \[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a69eb94-e6a9-468d-a2eb-96dfe6bf2e36"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro> \[Saks 99\] Dan Saks. [_const T vs.T const_|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]. Embedded Systems Programming. Pg. 13-16. February 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5eb3aa4d-33bf-414a-b24f-9ccb9cdf2943"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dec8c7f9-70a4-4bea-91dc-7e808348edeb"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro> \[Seacord 05a\] Seacord, R. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="359e4ebb-07cd-4772-bb24-7f09228b7110"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro> \[Seacord 05b\] Seacord, R. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3273c41-e2dd-4e50-a7a5-8c7df5220bcf"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro> \[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="12005da6-1528-4b0f-a6e2-244db5ffd987"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro> \[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/] (2005). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a526936a-d9ad-4312-9752-0ee8fdbcaa58"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro> \[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14ee24a3-1ca4-44fc-ae58-47c530381006"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro> \[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software. (2005) |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6dcaf338-52fa-4621-a26e-7e6d506ac00c"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro> \[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da97c478-74b9-4f9c-a1f5-6021a0303200"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro> \[Wheeler 03\] David Wheeler. [Secure Programming for Linux and Unix HOWTO, v3.010. |http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003. |