<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="190a2fd0-a5ed-4697-8ace-544aeb867c9e"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro> \[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e710d994-bc9e-436b-b48a-a5b100042f95"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro> \[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ad02c89-18af-42f9-b13e-ee720c9b5b7c"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro> \[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f4fda63-4408-41d1-8f7e-771064fa047e"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro> \[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8e57421-1157-4c2e-b545-ccddbd58eaa8"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro> \[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2fdf633-6e55-4288-9dc7-7aa5d95ed4dd"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro> \[Black 07\] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. [http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf] |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="65e23ea5-3267-45e8-8f6a-830eed53ba2b"><ac:parameter ac:name="">Brainbell.com</ac:parameter></ac:structured-macro> \[Brainbell.com\] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c56ef51-5425-4c05-ad5c-6e30242c0d85"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro> \[Bryant 03\] Bryant, Randal E., & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003 (ISBN 0-13-034074-X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="14999c41-584c-40ce-9fd6-40a0ce33fb8b"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro> \[Burch 06\] Burch, Hal, Long, Fred, & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e010d3ca-328a-4c7b-8e9a-b8a1f95bd808"><ac:parameter ac:name="">Butenhof 97</ac:parameter></ac:structured-macro> \[Butenhof 97\] Butenhof, David R. [Programming with POSIX® Threads |http://www.informit.com/store/product.aspx?isbn=0201633922]. Addison-Wesley Professional, 1997. (ISBN 0-201-63392-2). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fdd338a1-733d-45b0-b236-aedf2e8cf81a"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro> \[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68d31222-4007-4b6a-be32-e92aba26ac24"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro> \[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6c830c18-3dd2-48ec-a0ab-a13ff0d31bd7"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro> \[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="593d54bd-c5fc-453a-bcf9-4541bf17bee1"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro> \[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd2c4e76-5d38-491d-b3e6-ebeec142c8c9"><ac:parameter ac:name="">Chen 02</ac:parameter></ac:structured-macro> \[Chen 02\] Chen, H., Wagner, D., & Dean, D. [Setuid Demystified|http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf] USENIX Security Symposium, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4b394dc-0e1c-4c4c-a9ff-2d892884f41e"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro> \[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d636ced-44eb-4a80-87ea-9697b79a3cc4"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro> \[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2ea2740-6288-4161-904e-3a37ac45a54d"><ac:parameter ac:name="">CVE</ac:parameter></ac:structured-macro> \[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f93a0af9-b472-417e-9884-68ab807f4ea1"><ac:parameter ac:name="">CPPReference</ac:parameter></ac:structured-macro> \[C+\+ Reference\] [Standard C Library, General C\++, C++ Standard Template Library|http://www.cppreference.com/] |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92487734-56fe-43d7-b977-9294b5ca95a1"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro> \[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="95b7f0c5-801e-4d15-917b-9941001895b7"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro> \[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68fb9584-5718-4dac-91e9-54b1fd0c3029"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro> \[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60468b03-a131-41dc-ab79-d1255439bdb0"><ac:parameter ac:name="">DISA 2008</ac:parameter></ac:structured-macro> \[DISA 2008\] DISA. [Application Security and Development Security Technical Implementation Guide, Version 2, Release 1|http://iase.disa.mil/stigs/stig/application_security_and_development_stig_v2r1_final_20080724.pdf]. July, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="86f1b2fe-ed79-4a09-97ba-3879593a69b4"><ac:parameter ac:name=""> DOD 5220</ac:parameter></ac:structured-macro> \[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b21ab2ac-c971-4204-9d0e-10c76d7cc638"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro> \[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0db36e47-8f36-40a9-8a0c-83ce098c948a"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro> \[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="099e0838-8d27-4c4c-9e0a-4d2c03d78ab7"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro> \[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5e8ba5b-52d7-4475-810f-a6972d6d227f"><ac:parameter ac:name="">ECTC 98</ac:parameter></ac:structured-macro> \[ECTC 98\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d42ee818-5a5b-4b92-80be-aabac0489dc8"><ac:parameter ac:name="">Eide and Regehr</ac:parameter></ac:structured-macro> \[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J. 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d506693-7b19-417d-8146-52037ba2163e"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro> \[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="468f40f7-9b2e-4364-94e4-848629bb35f9"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro> \[Fisher 99\] Fisher, David & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ccd2b80f-abb8-4af1-9935-09df6c6cc80d"><ac:parameter ac:name="">Flake 06</ac:parameter></ac:structured-macro> \[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef761c36-8428-4804-ac3d-461c5eae6199"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro> \[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4a2830c1-aed6-42a7-9fa4-4779e8b922ee"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro> \[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c82b4d3-c00f-431d-b0b2-97e5f4f29420"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro> \[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9018b9cb-3da7-4e12-9692-28633df786c0"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro> \[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79f53c1a-cf55-4800-8cdc-2a199357a61c"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro> \[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e43d5589-4646-41b9-8785-edf471ee9a78"><ac:parameter ac:name="">Goodin 2009</ac:parameter></ac:structured-macro> \[Goodin 2009\] Dan Goodin. [Clever attack exploits fully-patched Linux kernel|http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/] The Register. July 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0778f1f8-0f2a-442e-ad7e-416eb7a30584"><ac:parameter ac:name="">Gough 2005</ac:parameter></ac:structured-macro> \[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="289b83f5-af7d-4108-92f5-23e53d39e95c"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro> \[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f8df9113-e484-40c3-86e4-54fdef3863bf"><ac:parameter ac:name="">Greenman 97</ac:parameter></ac:structured-macro> \[Greenman 97\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74ade3b0-bf97-4a9c-bfc4-1e2448267aaa"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro> \[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d6dc4bf-ab90-4a4e-a7f4-f7110e9bdfeb"><ac:parameter ac:name="">Gutmann 96</ac:parameter></ac:structured-macro> \[Gutmann 96\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8fed5e7d-86d5-4c15-9a06-2023a266d8c4"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro> \[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efdcbe4f-2c8b-4c48-9b03-cab25db39df0"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro> \[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e34f70b7-6d41-491f-8c37-92d2d46772c7"><ac:parameter ac:name="">Hatton 03</ac:parameter></ac:structured-macro> \[Hatton 03\] Hatton, Les. [EC-: A measurement based safer subset of ISO C suitable for embedded system development|http://www.leshatton.org/Documents/ISOC_subset.pdf]. November 5, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="981215d1-8b5c-472f-937c-8beec0b85a52"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro> \[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82a45502-cf12-4482-bc04-fc532770d8b7"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro> \[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a88e6586-6a4e-4aa6-bd70-6e46de963d65"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro> \[Howard 02\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="473c343b-a039-45bd-bb48-4c6b00f51656"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro> \[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff2c340f-b1e2-4ffc-9876-25a328a928bd"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro> \[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed0765ae-27b6-44f3-8466-e9d1d838cfd2"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro> \[IEC 61508-4\] _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c2e22f1-0383-42ff-bf36-395750c20c0a"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro> \[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29f1d173-2b34-4506-95e5-be13c13d5ee5"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro> \[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="60f56ff4-840a-416f-a758-6bbc62ddd179"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro> \[IEEE 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1f5590f-55dc-4304-89a8-ca098095ca65"><ac:parameter ac:name="">IEEE 1003</ac:parameter></ac:structured-macro> \[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6be3ec06-d756-4ac5-8031-560643ca0e58"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro> \[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1718536-5587-41db-841b-b48f1a6ea756"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro> \[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7811ccf4-078f-4a80-a73f-375d326633e7"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro> \[ISO/IEC 646:1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9e9beaca-e227-46ca-b378-b88a97016bb8"><ac:parameter ac:name="">ISO/IEC 9945-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="de5eea08-e4ae-41d2-8806-8e8ead244259"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro> \[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages---C, 2nd ed_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58743bd9-cb73-4d0b-ad72-3abb1fa49e38"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ced9728-042e-48fd-a498-52014380d95b"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 14882:2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3a765abb-be46-49be-b254-4875d0b324e0"><ac:parameter ac:name="">ISO/IEC 23360-1-2006</ac:parameter></ac:structured-macro> \[ISO/IEC 23360-1:2006\] [_Linux Standard Base (LSB) core specification 3.1 - Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf] |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ed9d206-0d18-4caf-9d9c-964d356bb996"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro> \[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a2af72dd-8358-42c3-b1e2-139a33bd833e"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro> \[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee70d288-def0-4d52-8a12-0bd331bb5f2e"><ac:parameter ac:name="">ISO/IEC DTR 24732</ac:parameter></ac:structured-macro> \[ISO/IEC DTR 24732\] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8edfd237-1d70-4d9b-8035-7667d6105490"><ac:parameter ac:name="">ISO/IEC PDTR 24731-2-2007</ac:parameter></ac:structured-macro> \[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f39dfbf-2bde-4a3f-9683-f1aa7991dd0a"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro> \[ISO/IEC DTR 24772\] ISO/IEC DTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_Mtg_13/22-WG23-N-0238/n0238.pdf], November 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9bddda92-5ba7-4dc2-a577-60fc8029fcd1"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro> \[ISO/IEC TR 24731-1:2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9259ec8c-8b79-480b-802a-fa0e221e9900"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro> \[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="003a3ac7-0d14-4c19-8c90-6bfe6acc0daa"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro> \[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e18c19be-d271-4f1b-a80a-b13c060b759c"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro> \[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d691e81-4a66-4819-9848-dab8ac3d4bc5"><ac:parameter ac:name="">Jones 09</ac:parameter></ac:structured-macro> \[Jones 09\] Jones, Larry. [WG14 N1401 Committee Draft ISO/IEC 9899:201x|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1425.pdf]. November 24, 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1c4faba4-6cde-4926-995d-c6c31e4b2c8b"><ac:parameter ac:name="">Keaton 09</ac:parameter></ac:structured-macro> \[Keaton 09\] David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson. [As-if Infinitely Ranged Integer Model|http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html]. CMU/SEI-2009-TN-023. July, 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="381fc32e-f4c2-4960-8289-53499bf8dd4b"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro> \[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="032d0bf8-5ea9-49d8-bb5e-a197808425a5"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro> \[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="726cc1ee-c336-4fb0-8bff-b7b7392bc2ff"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro> \[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af2a6d89-38ce-4f6e-9d3e-e71015c3cbae"><ac:parameter ac:name="">Kernighan 147</ac:parameter></ac:structured-macro> \[Kernighan 147\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8a75a9a-f847-422d-b845-8a7c1e61c120"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro> \[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6b88198-356e-4251-90e7-d1bdd651dfce"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro> \[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f55a3ec2-5699-4ad0-a8ba-197643162247"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro> \[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b08f29ce-50c0-4e09-8798-5e0b4ece54ca"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro> \[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e65e5c11-71b8-43d3-8156-2d331168ea5b"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro> \[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24d42f07-10f8-4a39-9f7b-e5238d1ddae4"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro> \[Koenig 89\] Koenig, Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01e4d255-ba4c-47ce-b83c-e80bf449c875"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro> \[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5d3e398-5437-4688-8332-aee69bc4490c"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro> \[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d89f0d16-e88a-4226-be4b-980a09fba4f0"><ac:parameter ac:name="">Lewis 06</ac:parameter></ac:structured-macro> \[Lewis 06\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca16ef1a-1396-40cc-a37c-0d1270cdfa4e"><ac:parameter ac:name="">Linux 08</ac:parameter></ac:structured-macro> \[Linux 08\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], October 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="98f261b2-717e-4557-b5c0-df5af2523253"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro> \[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="176ed7ce-327d-447b-80f8-06262cea0a53"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro> \[Lipson 00\] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2086c20-d7df-4e22-ba5f-37f5a42435cc"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro> \[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6ad34969-f77d-4445-8320-452a711d915e"><ac:parameter ac:name="">Lipson 2009</ac:parameter></ac:structured-macro> \[Liu 2009\] Likai Liu. [Making NULL-pointer reference legal|http://lifecs.likai.org/2009/01/making-null-pointer-reference-legal.html], Life of a Computer Science Student, January, 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffa467b6-d1b8-4119-a464-8b0565fd257b"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro> \[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0804b930-1c9d-40f7-8825-2e9848d7b9ea"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro> \[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11, September 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcb360d0-505e-4677-b0e7-3b9921747c05"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro> \[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abe77155-1201-481c-9eb6-279e3e62640c"><ac:parameter ac:name="">Mell 07</ac:parameter></ac:structured-macro> \[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da24fb74-a6e3-49ee-86d0-9c51a2f0fce4"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro> \[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="add21476-bf36-4ec7-92a2-0ea3d606ab87"><ac:parameter ac:name="">Meyers 2004</ac:parameter></ac:structured-macro> \[Meyers 2004\] Randy Meyers. [Limited size_t|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1080.pdf] WG14 N1080. September, 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a523de9-2390-4922-8b8a-6c42bf9ef434"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro> \[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7129f1f-66f9-4e93-940a-1932e650f058"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro> \[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fcfdf6e2-cc9c-4c44-9099-bf3e7b2364cb"><ac:parameter ac:name="">Miller 99</ac:parameter></ac:structured-macro> \[Miller 99\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55829681-f49c-46b8-a00f-2c391cafaab1"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro> \[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2e83d957-d812-4bf8-bb46-39061bf7e593"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro> \[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a31c9016-5555-4427-ba22-6ff221960dad"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro> \[MISRA 08\] MIRA Limited. "[MISRA C+\+|http://www.misra.org.uk/]: 2008 "Guidelines for the Use of the C+\+ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e93c655d-69f8-4267-a256-1fa98b7cb3ef"><ac:parameter ac:name="">MIT 04</ac:parameter></ac:structured-macro> \[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68ca8781-a6f7-44ed-8c9b-e93425e324f9"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro> \[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4b1a0fcb-22f2-4013-b911-c77887bf0904"><ac:parameter ac:name="">MITRE</ac:parameter></ac:structured-macro> \[MITRE\] MITRE. [Common Weakness Enumeration, Version 1.8|http://cwe.mitre.org/], February 2010. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0c50132-38ba-4b85-83ff-1f6e2484ac91"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro> \[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59e0daaa-094b-4204-9a2f-0450ab108599"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro> \[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="46cdc4b0-52e8-4db1-ac35-6457e8cc5b05"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro> \[Murenin 07\] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64df43a6-83a9-42f9-85fb-e3969b4d7879"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro> \[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d9ea9cc-4139-4cd1-8111-8a332d2f1228"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro> \[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7cad0a72-787a-4fe3-a516-7dcd06d4dd5e"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro> \[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35708c4c-171f-46d2-8da5-4eebb03ad6e2"><ac:parameter ac:name="">OpenBSD</ac:parameter></ac:structured-macro> \[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="383d00ff-65de-46ee-b5bc-f9edebed171e"><ac:parameter ac:name="">Open Group 97a</ac:parameter></ac:structured-macro> \[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8bb45b6f-aa60-436d-adcb-6df102a0ca1c"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro> \[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36d8de0b-fa0e-4fd7-88b8-63879532f5ac"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro> \[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="807d7419-35c1-429c-8d62-b34529f4671e"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro> \[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="457c4684-48dd-4817-9c42-c3b3c82cf290"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro> \[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fff44221-41e5-46b2-935c-98b06d2d77c1"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro> \[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d46c7a40-2a71-415a-82f1-d6a2458dfd49"><ac:parameter ac:name="">Pfaff 04</ac:parameter></ac:structured-macro> \[Pfaff 04\] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups comps.lang.c_, March 2, 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e84db0b-656d-484f-9b1e-5d2a9d543158"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro> \[Pike 93\] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8883fbc0-1355-4512-93bd-866354d591d7"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro> \[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dedbd238-98b0-4242-b8e1-c4311a4604a5"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro> \[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13c047ec-7d03-4035-a31a-41545f762960"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro> \[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f6bae23d-3365-4dd6-8045-07d799403a53"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro> \[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="794406f7-3c1f-42a6-8c98-7db518b69d2a"><ac:parameter ac:name="">Plum 08</ac:parameter></ac:structured-macro> \[Plum 08\] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf] |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94df046f-8d86-437b-a90c-1ebb5874c5c3"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro> \[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="146b950e-f047-4a49-bf3b-82773690ba8f"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro> \[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31263bd2-2c0b-4a0b-a311-91a4c249f0fb"><ac:parameter ac:name="">Saltzer 74</ac:parameter></ac:structured-macro> \[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6dc7a881-1cb4-4e28-ac32-1b600edba33a"><ac:parameter ac:name="">Saltzer 75</ac:parameter></ac:structured-macro> \[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1549c306-3870-4ab6-96c8-a238eecd9196"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro> \[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff97443a-0128-4267-a097-6702c1f8436d"><ac:parameter ac:name="">Saks 00</ac:parameter></ac:structured-macro> \[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d124ebd3-ea68-4835-bb19-245b4221ca5b"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro> \[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25bf7c06-5c88-4b8d-a2df-d20997a5b7c6"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro> \[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9a662b97-2e38-437c-b33e-f13276a4f671"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro> \[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7de10e76-2704-474b-92fa-f0b477fc11fd"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro> \[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a158d9ec-7677-42a8-89fd-334834c0bef0"><ac:parameter ac:name="">Saks 07a</ac:parameter></ac:structured-macro> \[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af776963-affa-4581-aaef-c17b12cdb74b"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro> \[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="193ab364-c36b-4b09-a638-172d27613267"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro> \[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f07bf0ce-1139-4ad8-a9ad-e8a4b433c47c"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro> \[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b60a35df-7bb9-41ca-b878-1349ef337591"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro> \[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f4af559-8e12-4dc1-ae19-f83cfd6dc8c0"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0feecca1-aa4e-412e-81e1-352e7cc65042"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro> \[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3efd3eca-ba5b-4802-bedc-b7c8ace76ef4"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro> \[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ddbd70d-463a-4867-b651-04def989ebaf"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro> \[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_, November 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e86698b-dda9-44f1-a464-dd08b4bddae1"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro> \[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49f1884a-d8c1-412b-9448-d280b01451e0"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro> \[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="506996d1-cacb-4c67-afe7-e5c076871351"><ac:parameter ac:name="">SecuriTeam 07</ac:parameter></ac:structured-macro> \[SecuriTeam 07\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac05730d-3bb7-4938-877f-19f35f21818f"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro> \[Sloss 04\] Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f9e7cf1-1165-450b-a6f3-ec4a77d05c69"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro> \[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd9b5be6-69a7-4aec-be30-b2c09d602274"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro> \[Steele 77\] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79a3065f-d27c-4476-aa0c-b97240a671ab"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro> \[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e513f18-a917-42b9-93e8-8ee934b6d5e1"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro> \[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://www.faqs.org/faqs/comp.lang.c/C-FAQ-list/?], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e311f2d-a92d-4964-9ab3-e4ee63451d80"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro> \[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="10d92cf7-c97b-4ba9-b60e-1316688df92d"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro> \[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df9d6d6b-057e-4706-8931-da865d4c35cd"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro> \[Sutter 04\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59668631-26af-49b2-9365-3b030a964741"><ac:parameter ac:name="">Tsafrir 08</ac:parameter></ac:structured-macro> \[Tsafrir 08\] Tsafrir, Dan, Da Silva, Dilma, & Wagner, David. [The Murky Issue of Changing Process Identity: Revising "Setuid Demystified"|http://www.eecs.berkeley.edu/~daw/papers/setuid-login08b.pdf] USENIX, June 2008, pages 55-66 |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d3ebc17c-09b1-4f47-8df4-5b5bbdbb9732"><ac:parameter ac:name="">Unicode 06</ac:parameter></ac:structured-macro> \[Unicode 06\] The Unicode Consortium. [The Unicode Standard|http://www.unicode.org/standard/standard.html], Version 5.0. Addison-Wesley Professional; 5th edition (November 3, 2006) ISBN: 0321480910. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a2f81631-5103-444e-8c0f-4194c4204b1d"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro> \[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="530dabb7-1084-4cdb-943c-0f99ed024b28"><ac:parameter ac:name="">van Sprundel06</ac:parameter></ac:structured-macro> \[van Sprundel 06\] van Sprundel, Ilja. [Unusualbugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b53bc0b8-5b14-4d5b-836a-4379ad08ace5"><ac:parameter ac:name="">Viega 01</ac:parameter></ac:structured-macro> \[Viega 01\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="41408812-d2b2-4ae7-97f4-e04b1ab59ae1"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro> \[Viega 03\] Viega, John, & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a2c450d-fbba-45f8-a60a-2e3d209d5a36"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro> \[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d1f72f87-6b05-468f-af28-cfc9b9979c5f"><ac:parameter ac:name="">VU#159523</ac:parameter></ac:structured-macro> \[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2822080-9ccc-4c4c-b7d3-5da7815a0adc"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro> \[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c444a2a6-7fd8-4971-b6b2-23e0f4a9820f"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro> \[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="80db08f3-da8a-4128-adda-0e0df032e3b8"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro> \[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f43d73ea-f5e6-49d9-8a3c-15d307b2d31b"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro> \[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2aa97d7-4920-4757-923a-5b7ba2302ac7"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro> \[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a4b44012-c3f5-4ef9-b688-364485a632a8"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro> \[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b73c34b0-76bb-40bc-8109-edddff543d64"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro> \[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="99d1f1a6-027b-4fc8-925e-bdb54a712864"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro> \[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0f484433-da41-4f97-b50c-58f8a270360d"><ac:parameter ac:name="">VU654390</ac:parameter></ac:structured-macro> \[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions_, June 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eec4541c-1ff5-48d3-8f8b-9ddd332ea12a"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro> \[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab90b6df-e040-4076-95cf-1db6b38554e3"><ac:parameter ac:name="">VU834865</ac:parameter></ac:structured-macro> \[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7bef632-9693-42a5-a219-401e84a7e959"><ac:parameter ac:name="">VU837857</ac:parameter></ac:structured-macro> \[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8225f531-530c-448e-afee-03886a073caa"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro> \[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4d8b5c2c-5412-43ff-b459-e16376ac4794"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro> \[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dcec0a5b-46a9-491d-adbb-845eb3c158d7"><ac:parameter ac:name="">WG14/N1396</ac:parameter></ac:structured-macro> \[WG14/N1396\] Thomas, J., Tydeman, F. "[Wide function return values|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1396.htm]", September 2009. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d3f4da5-f72b-4eef-9068-95c6e4604f1f"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro> \[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b5f1b338-23f0-40a2-b229-2641fea19212"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro> \[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="078584e6-0be9-443e-ab77-7b47bd0cc343"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro> \[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e43abb0-15e2-42e9-9d12-913b06bf2a08"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro> \[xorl 2009\] xorl. [xorl %eax, %eax|http://xorl.wordpress.com/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab22a7aa-d336-4d1d-b4d7-cbde966d019b"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro> \[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23f850cf-2b32-492e-943d-b08699bcd8d6"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro> \[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001. |