View Source

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da4ab742-8de2-4647-b0d5-3954abe33055"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro>
\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ff2df737-2edc-4090-9d5c-262ce244931a"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro>
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIXÂ®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e429ccd2-02bf-4d13-8e1b-a03ef10edd3f"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro>
\[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ce6171e-4faa-48d2-932a-11077f38e6b7"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro>
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="64fe3a0a-88b7-4e08-b675-ebae1847563f"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>
\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15f44923-cfb8-46c2-b08c-a7b2c65d5694"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro>
\[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd09f58a-353f-4e94-b411-1b56b94da2c2"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
\[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="af1b6d89-cc8f-4948-822c-ee15fffce8e0"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6b4351e9-725c-48ef-80ea-1e614a5d3ba7"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro>
\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="da4781e0-dda5-4ebd-9bd2-16eaef74d639"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro>
\[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b8b4886-1376-473d-9376-efeddfb84f1e"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro>
\[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0be3e47-95be-4433-afca-b722a191e628"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro>
\[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84b13a4e-25d6-4458-bdbd-e19096f9b2d7"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro>
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3a9610c-cceb-4d98-9399-96524ad83d08"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
\[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74c0169f-1311-4e5d-ac6a-04515c461ae9"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>
\[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge:  Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae2da19a-b0a3-4491-89b0-8c4033fcd411"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro>
\[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e6948919-18af-40e1-b209-670062a60cd3"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9c77ce55-81fc-4979-8fe1-365c216c52c7"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d17e2978-0028-4c0b-af97-3104eb5862ff"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro>
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b08f509d-8482-48fe-b937-1b4c707389a8"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro>
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="61b2e775-8ebe-46ab-a9dc-458a4344ec32"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a1ba01a1-a574-4602-9ec2-8c18bbeb7720"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a3b77df7-eaee-4a6c-bad0-54db40c7f3bd"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro>
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea49dd34-f208-4f47-9f56-2c1f6e0dc703"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro>
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2e71b66-1a7b-4771-8ce7-3cd1272e4efc"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cff4b48e-53eb-4ff3-94a5-0edf044c1905"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="25c94333-368f-451b-98ca-94ddd85007f4"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1600ad02-1e0d-445a-8a29-ce17fb9aa523"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f41235eb-a20b-465b-a9e0-7e31633f338b"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d1355944-b141-4d3a-8074-db5137e38089"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro>
\[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f90b5b3-f2de-4e66-bcd4-2e9fefe322bf"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro>
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="274bd557-cc48-476f-87b3-6dd8c1331f1e"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro>
\[Howard 02\] Howard, Michael & LeBlanc, David C. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f1b6c26b-fbce-48ad-a8d5-165c25d45083"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="151fae7b-30a9-477f-9fec-da24c84e20d8"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="408c218b-10ba-4eda-9fcd-7620f0350aaf"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro>
\[IEC 61508-4\]&nbsp; _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b28b6c5f-9822-49c0-96fd-d5c48a340155"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro>
\[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4cb864cc-41ed-4dee-8225-b1ed65e5019d"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro>
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cbc6322a-7503-4439-baf0-6dce1db65fd3"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5f9619bc-ded2-42e0-964c-fb4af3aa7f7e"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro>
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the IntelÂ® Itaniumâ„¢ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5aeb714d-1c54-4900-a188-2106f0aeddb6"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro>
\[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d38dd6e1-7d0d-462e-967a-906c6db95d5d"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4269f9da-c863-43ca-88d1-c0f9cbd79dc1"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro>
\[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="15ff5e7a-1dfb-480b-b514-48d379def9f9"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
\[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c72fda71-5e81-4e97-9773-8066df162b86"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>
\[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d5b874d-70ba-4a91-8b55-3f3be02f6f53"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro>
\[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0b886529-b108-4467-907a-85df8efcea7b"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro>
\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="20a01338-730e-416b-9ba1-712cdca1cc39"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro>
\[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f5faf3a5-da5d-48f8-b97d-60655fdf8ed1"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro>
\[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee579105-522f-4993-bdd8-51ef7535f0e5"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro>
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e4b50be-8542-42a9-bb8d-88c1b903e2cf"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro>
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b64ebe4-93f4-4d66-9437-92bf2611ac8d"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro>
\[Jones 08\] Derek M. Jones. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software, Ltd, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73d74c79-3f28-4435-82c6-d6c703e42413"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro>
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4169234a-dec5-4b2e-9080-8bfcae3c4c64"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1df32783-183c-4e58-a310-a44c97ffa12b"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro>
\[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d93de73e-15f9-4c53-8c5e-5d5ca15d5539"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="768974b6-367c-4238-b631-5bbbd74aa516"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c47b629d-0db1-4c2e-a2f9-16272c9a11b0"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro>
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  O'Reilly, November 2002 (ISBN: 0-596-00436-2).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0fe40e09-f14b-401e-8e19-625a65a45e65"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro>
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eae8339b-8321-4d3c-9a0d-b61b499334c2"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47aeacb7-5950-4323-b2b6-a17beac363ee"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro>
\[Koenig 89\]
Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0cf6df58-d8a1-4ead-a2c1-e75bc6a77136"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro>
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8bcaa0b-b3d3-410c-8334-02a6bbeace07"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a217b0f-2741-4b78-b920-76c7a1c2460f"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro>
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1649b5dc-5132-4c3c-9efb-a2383bc40f37"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b261cb21-c4e7-4ff4-a1aa-7015474fbeeb"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d1586703-31e2-4db5-b353-f7453e5a50e0"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro>
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11.  September 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a511b1d-c934-40e8-b90c-da6d22cec788"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro>
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52b625c0-1f83-4b97-85c3-34547aade240"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro>
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e021f34-b62a-4c46-820e-0e28d368b99a"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro>
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4355a6fd-8d43-4a98-a415-37402b3ddb5a"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro>
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8d67819c-18dc-4e71-95f2-edb6a1a298d2"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eaef79bb-9ef0-4022-ab1e-4e22344e6e6d"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro>
\[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a5b50594-812d-42e6-8b96-10c289651ada"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>
\[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/],  April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5cb664d9-47f5-4574-b1e8-f885ca48a5c4"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro>
\[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f094989-5cc5-4f01-a2b9-17596815f529"><ac:parameter ac:name="">Murenin  07</ac:parameter></ac:structured-macro>
\[Murenin 07\] Murenin, Constantine A. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03361db4-2c12-48e5-99a0-ff8538138106"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro>
\[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ed5c554-69a0-4034-9439-2cc70ad136a2"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
\[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f91a24aa-128e-4589-b2cf-87f42dd1cb64"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a65012a4-413d-4da7-9cbd-db8b549ec068"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
\[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd1123d2-ee5c-48db-89a1-7fdc236aae36"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
\[Open Group 97\] The Open Group. [_The Single UNIXÂ® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d73077f-c03a-4bb5-bc88-f4d608916fe1"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro>
\[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b2bad020-daa6-43be-8a29-283b2e08a68b"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e37e168-d196-4fd7-9170-eeb1bbc70af8"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro>
\[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bc40f97-187b-49fc-bb81-b951c5faf370"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro>
\[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="642f9b4e-e9a5-4595-9395-ef0c6aef6996"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro>
\[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5cfb6741-c13a-46fe-8bca-473ac12cd0a2"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro>
\[Pike 93\] Rob Pike, Ken Thompson. _Hello World_. USENIX Winter 1993 Technical Conference, San Diego, January 25-29, 1993, Proceedings, pp. 43-50.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec52479f-ca8f-4ab5-be02-0e5a9a6b90e6"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro>
\[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b11e8619-e11a-493a-a67c-eb5a4cc8eb34"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro>
\[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6544b79c-f63f-4cb1-942b-f69319dfe1b7"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
\[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1d29050-9f7f-4f41-9c25-a3930302cb96"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
\[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34cd60d6-b4f5-463e-88c9-33c5cce1f169"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro>
\[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7813211-4673-467b-a556-7c50ab4a0ba1"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro>
\[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf72987d-4c82-4eab-bd80-d9db3801cd04"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3cadb2a9-304c-46ef-bd06-996aaf97a375"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro>
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="848a94fc-854c-44cc-970a-9b9a9fa51145"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro>
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6132771-cd8d-4c7a-86c7-3b7dc3e460c3"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro>
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3c2d9e63-7738-4412-bcdb-b29cb478ae79"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro>
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="82f59a61-72c8-4054-8ced-832d380139f1"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>
\[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b982a959-6915-4f24-8371-54affa6a71c2"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro>
\[Saks 08\] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73db58c6-3579-426d-8721-ab8caee08a1f"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro>
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e7f83a02-0e16-4cf0-85f8-edebd8e68cf2"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro>
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="62e7cdf3-4894-498d-9de5-f179e75cfdf0"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d612efe2-1696-4676-8d21-4a56f4932901"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e05c2354-f418-49b9-9194-4ae6688c9537"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6facab7-fdd9-40d1-93cd-b83d93972469"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro>
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine.  November, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b549cba-014f-4651-b254-a92dcfa509f0"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro>
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="51f9dacd-aa8a-400f-92cd-2b55a3450525"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro>
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7872d9ae-5dcb-4682-9729-60506de6b8d6"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro>
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="32281828-7ce1-4dbc-b4cd-9cd19de8a1cb"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro>
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cecc0995-2242-42d1-b78c-cb5ebf0146b1"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="856f711f-97af-4c9e-821e-5e94be0e4763"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf70ac32-916c-4972-b628-7acf1825de22"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ab3615c9-7e6f-46ae-a075-e4cca8b9a46e"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro>
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b90490bd-30d8-4d14-acba-448b6b0ed831"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro>
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e77927f9-6d4a-4258-b672-87627760b25e"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro>
\[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007.

\[van Sprundel 06\] van Sprundel, Ilja. [Unusual Bugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006.&nbsp;

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8cb02f09-7549-4a66-a1f9-0f184b9283ab"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
\[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce7f370b-df14-45a4-b67e-a2ca2b6630e1"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
\[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0d1e61c-abc8-4aa4-8a3f-c89c4fdaa599"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro>
\[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4259ab3a-76e5-43bd-b97e-9fd18a648824"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro>
\[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3867597d-fd8c-487e-82ee-863696891936"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro>
\[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44761f8c-8be7-45f4-b2f2-d228f3b44358"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro>
\[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="26b6cc11-7df8-4799-8fab-c3d535605095"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro>
\[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="79822445-6241-4374-896d-4dc730db4852"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro>
\[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="778d4f54-4c00-4ba1-9011-5a9436bfa615"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro>
\[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="42a4ac28-feca-498a-ac20-e3a615ceb55c"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro>
\[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d61ac8a5-5819-4894-94e7-276b553acce4"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro>
\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S.  Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6eb8d1c-8c8f-427c-8983-2cb7d721431d"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro>
\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6b9c28e5-b3be-4ac8-8270-3db8f0a05698"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
\[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b3f8385c-c1bf-4354-973a-6350c8c415c0"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
\[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08ecf47f-62b3-4e44-bc4b-adf250d8df64"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro>
\[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc4e99bd-007a-4391-b58a-de583d255277"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro>
\[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0405f1b-c10d-4610-9f4b-b328f9193bf7"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro>
\[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bec28439-1c23-4e09-b0cb-d13932d3829f"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro>
\[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt],  May 2001.