<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="59a7db1f-1411-4378-b175-3e1291e29d00"><ac:parameter ac:name="">Apple 06</ac:parameter></ac:structured-macro> \[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="649a6efd-9356-4ace-917c-f176ce4beda2"><ac:parameter ac:name="">Austin Group 08</ac:parameter></ac:structured-macro> \[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1_D4 , Jan 2008. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York, NY: The Institute of Electrical & Electronics Engineers, Inc. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="daf801ad-5bf0-4c62-bd4b-f5cb0d549489"><ac:parameter ac:name="">Banahan 03</ac:parameter></ac:structured-macro> \[Banahan 03\] Banahan, Mike. [The C Book|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="833f59ca-9795-46e4-aa09-2857e221362b"><ac:parameter ac:name="">Beebe 05</ac:parameter></ac:structured-macro> \[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder ( % ) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7d01fe26-1136-43d9-b2eb-90d4492ffe2b"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro> \[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf]. April, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c033ecf6-5a84-49e9-a6e1-ed1700e4ed59"><ac:parameter ac:name="">Bryant 03</ac:parameter></ac:structured-macro> \[Bryant 03\] Bryant, Randy & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice Hall, 2003. ISBN 0-13-034074-X. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1f6d3f11-6fe0-4766-ad55-85033445d8f9"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro> \[Burch 06\] Burch, H., Long, F., & Seacord, R. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae1a9974-82f2-4112-abd2-01134acfde87"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro> \[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3917e27-4e6c-4d3d-b27e-e63416a6ddcb"><ac:parameter ac:name="">CERT 06a</ac:parameter></ac:structured-macro> \[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988-2006|http://www.cert.org/stats/cert_stats.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e50bf0b5-0c6e-4260-b6e1-2e087162019c"><ac:parameter ac:name="">CERT 06b</ac:parameter></ac:structured-macro> \[CERT 06b\] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53571d4a-ca53-4f1d-92a0-a17545df1cd4"><ac:parameter ac:name="">CERT 06c</ac:parameter></ac:structured-macro> \[CERT 06c\] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web site. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5655188-a2b0-4955-8883-f9ef8273079f"><ac:parameter ac:name="">Corfield 93</ac:parameter></ac:structured-macro> \[Corfield 93\] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f3759db5-dda4-45fb-bf79-a32aaf3da45b"><ac:parameter ac:name="">Coverity 07</ac:parameter></ac:structured-macro> \[Coverity 07\] Coverity Prevent User's Manual (3.3.0), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca99ec17-db2a-43ea-bece-e24674043e0c"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro> \[Dewhurst 02\] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston, MA: Addison-Wesley Professional, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7afce445-de43-4995-86d4-f951b0c3196f"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro> \[Dewhurst 05\] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7520f862-75b3-4da2-b49e-b1a81549d970"><ac:parameter ac:name="">DHS 06</ac:parameter></ac:structured-macro> \[DHS 06\] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f393c2b8-ea89-4602-aa81-04abcef760e3"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro> \[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston, MA: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13bf6373-5fd2-4584-9ad5-119aea6fa61c"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro> \[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ad82c835-047b-4945-a13a-14ed494e23f9"><ac:parameter ac:name="">Eckel 07</ac:parameter></ac:structured-macro> \[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ - Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/]. January 25, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="00e40d16-7811-4940-bb48-f3e48c42b018"><ac:parameter ac:name="">Finlay 03</ac:parameter></ac:structured-macro> \[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8839fd8f-ef5e-4be4-a56e-418e6423a8f9"><ac:parameter ac:name="">Fisher 99</ac:parameter></ac:structured-macro> \[Fisher 99\] David Fisher & Howard Lipson, "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems," Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5-8, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b8df3175-c0b7-4819-9cab-44935b55db9f"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro> \[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="83fc80d0-48c6-4828-b356-e2607672ca78"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro> \[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f1919f00-e4d1-4571-9efa-6b1fa3a36545"><ac:parameter ac:name="">Garfinkel 96</ac:parameter></ac:structured-macro> \[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. O'Reilly Media, April 1996 (ISBN 1-56592-148-8). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="04d7e0ee-f735-4e43-abaf-51adcc26a8ee"><ac:parameter ac:name="">GNU Pth</ac:parameter></ac:structured-macro> \[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="45da4bbc-11b8-42f0-b7ef-d09b24513317"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro> \[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="590555d6-568c-42b7-a3a9-f55df4393058"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro> \[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="84cb951a-5ed9-4fda-8302-3d886c925720"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro> \[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2eb883a-8e31-4aca-bebe-b9dfa3953c34"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro> \[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="30133b05-c003-407d-a486-047277e5a321"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro> \[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a610096c-f43e-4240-a117-521985067159"><ac:parameter ac:name="">Henricson 92</ac:parameter></ac:structured-macro> \[Henricson 92\] Henricson, Mats & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="afcfa2da-d427-4280-9f2d-11e28056e655"><ac:parameter ac:name="">Horton 90</ac:parameter></ac:structured-macro> \[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="daa0682b-7189-4074-8db8-ae79a9f43675"><ac:parameter ac:name="">Howard 02</ac:parameter></ac:structured-macro> \[Howard 02\] Howard, Michael & LeBlanc, David C. _[_Writing Secure Code, Second Edition_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df6106f3-f170-4058-9313-a739301809e9"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro> \[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="381eea7d-8e51-4c46-bb37-da06f6196d29"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro> \[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f972102b-e80d-40d1-9a4e-5821eb53e4f0"><ac:parameter ac:name="">IEC 61508 4</ac:parameter></ac:structured-macro> \[IEC 61508-4\] _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53a424c0-1a16-44aa-a6e0-7040c7b5e5d6"><ac:parameter ac:name="">IEEE Std 610.12 1990</ac:parameter></ac:structured-macro> \[IEEE Std 610.12 1990\] _IEEE Standard Glossary of Software Engineering Terminology_, September 1990. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70497c4e-c336-4910-89f8-45e808aa80c5"><ac:parameter ac:name="">IEEE 754 2006</ac:parameter></ac:structured-macro> \[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="898c1f46-959e-4eb0-8d49-776f4baeeba2"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro> \[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ec1fbd0-d24a-4b4b-8504-0cc526757b95"><ac:parameter ac:name="">Intel 01</ac:parameter></ac:structured-macro> \[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8821e31-b00b-408c-99ce-a5e52ae23bc7"><ac:parameter ac:name="">Internet Society 00</ac:parameter></ac:structured-macro> \[Internet Society 00\] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp.rfc-editor.org/in-notes/rfc2828.txt], 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5d7197bc-0a26-44c0-939a-2ae7d01d2222"><ac:parameter ac:name="">ISO/IEC 10646-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 10646:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c612d639-751f-4a88-aaf9-ed0cb1246c1c"><ac:parameter ac:name="">ISO/IEC 646-1991</ac:parameter></ac:structured-macro> \[ISO/IEC 646-1991\] ISO/IEC. _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b89e0e1-ed86-49cb-9a88-af6edb4fec71"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro> \[ISO/IEC 9899:1999\] ISO/IEC. _Programming Languages --- C, Second Edition_ (ISO/IEC 9899:1999). Geneva, Switzerland: International Organization for Standardization, 1999. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8449364b-4712-40b3-a906-912be0d397d2"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro> \[ISO/IEC 14882-2003\] ISO/IEC. _Programming Languages --- C++, Second Edition_ (ISO/IEC 14882-2003). Geneva, Switzerland: International Organization for Standardization, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac15e97b-7cc8-4003-8738-4f3f85dd8448"><ac:parameter ac:name="">ISO/IEC 03</ac:parameter></ac:structured-macro> \[ISO/IEC 03\] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d16ccca-5cad-49fa-bbe3-300d20fbc754"><ac:parameter ac:name="">ISO/IEC JTC1/SC22/WG11</ac:parameter></ac:structured-macro> \[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3731b87c-f161-4936-85a1-ae173bfec907"><ac:parameter ac:name="">ISO/IEC PDTR 24772</ac:parameter></ac:structured-macro> \[ISO/IEC PDTR 24772\] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0125/n0125.pdf], March 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="746b0e99-f5a5-4622-953d-42db9e6d1b67"><ac:parameter ac:name="">ISO/IEC TR 24731-1-2007</ac:parameter></ac:structured-macro> \[ISO/IEC TR 24731-1-2007\] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="52f42755-fc11-4332-bf3f-5f70fdf5c3e6"><ac:parameter ac:name="">Jack 07</ac:parameter></ac:structured-macro> \[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="24dea764-26da-4e98-8a4a-bf5ffac9f67c"><ac:parameter ac:name="">Jones 04</ac:parameter></ac:structured-macro> \[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="627e1cca-ba9e-4286-9e6a-42def080a4a1"><ac:parameter ac:name="">Jones 08</ac:parameter></ac:structured-macro> \[Jones 08\] Derek M. Jones. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software, Ltd, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba6eb359-742a-422d-94e0-d41579f0b2f1"><ac:parameter ac:name="">Keil 08</ac:parameter></ac:structured-macro> \[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d8b0057e-9938-403e-89a7-5a00bafb81a2"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro> \[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8aa54834-9652-4d65-a7f1-44bfaf7baf9a"><ac:parameter ac:name="">Kernighan 88</ac:parameter></ac:structured-macro> \[Kernighan 88\] Kernighan , B. W. & Ritchie, D. M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a5adaa2e-0da1-4bb1-8ea6-0ad1f4e5fd54"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro> \[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9ff70a9-4419-45da-98c0-6136ccb59985"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro> \[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7b290c9-f6b9-488c-ae60-d6bde6313135"><ac:parameter ac:name="">Kirch-Prinz 02</ac:parameter></ac:structured-macro> \[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_. O'Reilly, November 2002 (ISBN: 0-596-00436-2). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f0d5bc46-789f-4bf4-9ad4-069ff27c16a0"><ac:parameter ac:name="">Klarer 04</ac:parameter></ac:structured-macro> \[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f300091d-33dd-4c8b-b0ae-7525a3c408bd"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro> \[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5e82660c-6c76-45e2-841e-7d9c8a40d2a4"><ac:parameter ac:name="">Koenig 89</ac:parameter></ac:structured-macro> \[Koenig 89\] Koenig, Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31df9804-7d8d-4ab1-9e99-f713cf82312b"><ac:parameter ac:name="">Kuhn 06</ac:parameter></ac:structured-macro> \[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7e47871b-43fb-4344-83de-a3e206a06262"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro> \[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7c78043-d956-4d1e-ae00-b6ca2dd86f4f"><ac:parameter ac:name="">Linux 07</ac:parameter></ac:structured-macro> \[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html]. July 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49c323fe-d81a-402f-9c2a-b17985cfad9e"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro> \[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0939a52d-087e-4d73-87a6-974352d0f22e"><ac:parameter ac:name="">Lipson 00</ac:parameter></ac:structured-macro> \[Lipson 00\] Howard Lipson & David Fisher. "Survivability—A New Technical and Business Perspective on Security," 33-39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1bb92c17-6260-4441-b2a0-46db1b734a19"><ac:parameter ac:name="">Lipson 06</ac:parameter></ac:structured-macro> \[Lipson 06\] Howard Lipson, Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks, SEI Technical Note, CMU/SEI-2006-TN-027, September 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40fa9400-e46d-4449-986e-57f4e05d64ae"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro> \[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8ca25908-98f3-4fe0-aa27-7a873f39d2ae"><ac:parameter ac:name="">Loosemore 07</ac:parameter></ac:structured-macro> \[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11. September 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7e5099f-efb4-4204-9dc2-9a7a95bc3998"><ac:parameter ac:name="">McCluskey 01</ac:parameter></ac:structured-macro> \[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29-32. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5754333c-da33-4100-bc29-51ac4f1e5e6c"><ac:parameter ac:name="">mercy 06</ac:parameter></ac:structured-macro> \[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1dcb8289-3584-4d69-bcd7-e4bb2cbdce6d"><ac:parameter ac:name="">Microsoft 03</ac:parameter></ac:structured-macro> \[Microsoft 03\] Microsoft Security Bulletin MS03-026, [Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx], September 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="55013cdd-1773-4f5b-ac2c-877ab924cd4a"><ac:parameter ac:name="">Microsoft 07</ac:parameter></ac:structured-macro> \[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53fb330b-7429-4e7d-862b-4168424dd60b"><ac:parameter ac:name="">Miller 04</ac:parameter></ac:structured-macro> \[Miller 04\] Mark C. Miller, James F. Reus, Robb P. Matzke, Quincey A. Koziol, Albert P. Cheng. [Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]. Proceedings of the Nuclear Explosives Code Developer's Conference. December 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4290134d-0ed0-4fb5-bbfa-2a119ab31271"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro> \[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0b17097-a5b6-43b0-af15-10122f01ee5c"><ac:parameter ac:name="">MIT 05</ac:parameter></ac:structured-macro> \[MIT 05\] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="36e00dc1-1cf5-4810-b1ef-625cdeea13c6"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro> \[MITRE 07\] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ee9bb80-11dc-4bba-82fd-2b26204a4497"><ac:parameter ac:name="">MSDN</ac:parameter></ac:structured-macro> \[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx]. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fc7dd750-6760-4e1e-9a49-88d50a2489cc"><ac:parameter ac:name="">Murenin 07</ac:parameter></ac:structured-macro> \[Murenin 07\] Murenin, Constantine A. [cnst: 10-year-old pointer-arithmetic bug in make(1) is now gone, thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html], June 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c8ee22de-f2b9-46d3-b94d-f7b4bf98c5b5"><ac:parameter ac:name="">NAI 98</ac:parameter></ac:structured-macro> \[NAI 98\] Network Associates Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="162e1dc4-cb03-4734-8271-44502c74ace0"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro> \[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9e6350d5-9838-4e7d-86fa-3c747de44875"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro> \[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d50633a-f166-43d5-8178-71bd050c566c"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro> \[NIST 06b\] NIST. [DRAFT Source Code Analysis Tool Functional Specification. | http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e5b35bd-cb18-4b9b-8ea0-1fee10bca3d3"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro> \[Open Group 97\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="429a4e2d-50a1-4407-ba86-770d54097118"><ac:parameter ac:name="">Open Group 97b</ac:parameter></ac:structured-macro> \[Open Group 97b\] The Open Group. [_Go Solo 2 - The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="953de237-15b7-4b20-8c03-85533c563e6a"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro> \[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19366b2e-4ff9-4748-98eb-d97cde701035"><ac:parameter ac:name="">OWASP Double Free</ac:parameter></ac:structured-macro> \[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4aee766-9d19-4ffc-a3b8-bd99a24e7afd"><ac:parameter ac:name="">OWASP Freed Memory</ac:parameter></ac:structured-macro> \[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]." |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07d9ffcf-28e1-47f9-adab-1db9d081920b"><ac:parameter ac:name="">Pethia 03</ac:parameter></ac:structured-macro> \[Pethia 03\] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="898070b6-b551-4d2e-9a40-d0ad3d330a5e"><ac:parameter ac:name="">Pike 93</ac:parameter></ac:structured-macro> \[Pike 93\] Rob Pike, Ken Thompson. _Hello World_. USENIX Winter 1993 Technical Conference, San Diego, January 25-29, 1993, Proceedings, pp. 43-50. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="68e66212-198d-4302-80e5-82f4e8cef683"><ac:parameter ac:name="">Plakosh 05</ac:parameter></ac:structured-macro> \[Plakosh 05\] Plakosh, Dan. [_Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3e255f8a-bc7b-4423-9c3d-1bf98e39eb9a"><ac:parameter ac:name="">Plum 85</ac:parameter></ac:structured-macro> \[Plum 85\] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ac81d5d8-9301-4f3e-a251-cabe90aa5847"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro> \[Plum 89\] Plum, Thomas, & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cf65cb38-b3a3-4331-a6cc-8d75f0bc69bc"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro> \[Plum 91\] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21adcb6a-fbb5-4b73-a48b-3ba66a70eea4"><ac:parameter ac:name="">Redwine 06</ac:parameter></ac:structured-macro> \[Redwine 06\] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71510fdc-5806-43c9-9399-24487d0f8a36"><ac:parameter ac:name="">RUS-CERT</ac:parameter></ac:structured-macro> \[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee2b3ff2-97db-4411-a4a7-9ceaddb8302f"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro> \[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9f9a876-2a14-4945-aa85-64e624bca201"><ac:parameter ac:name="">Saks 01a</ac:parameter></ac:structured-macro> \[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23bbe24d-7b0c-45dc-98e8-6ca1df5fa375"><ac:parameter ac:name="">Saks 01b</ac:parameter></ac:structured-macro> \[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df429d14-94b0-48f7-85ce-8f68bdd126cc"><ac:parameter ac:name="">Saks 02</ac:parameter></ac:structured-macro> \[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="115737e5-6411-4944-b172-9f86cc27a8ca"><ac:parameter ac:name="">Saks 05</ac:parameter></ac:structured-macro> \[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2feff268-a7d2-431d-8561-3d463b59fd7a"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro> \[Saks 07\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" Embedded Systems Design, July 1, 2002. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92bd2108-866d-4021-87ac-5f340ab78c91"><ac:parameter ac:name="">Saks 07b</ac:parameter></ac:structured-macro> \[Saks 07\] Dan Saks. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. Embedded Systems Design. March, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19c71fb2-3532-471c-a8af-3eddaf844e17"><ac:parameter ac:name="">Saks 08</ac:parameter></ac:structured-macro> \[Saks 08\] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="73f7b5c1-a3f6-4fe6-86a8-db88da540baa"><ac:parameter ac:name="">Schwarz 05</ac:parameter></ac:structured-macro> \[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f1416b5-b5ca-43c9-86b8-08393adf8f9c"><ac:parameter ac:name="">Seacord 03</ac:parameter></ac:structured-macro> \[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bff2f28-292c-45a6-b2dc-1019dc06960a"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9d77c2ad-df9c-4351-868a-6030f58b08f8"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro> \[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ba750833-041c-4957-b95f-29adc3a2dd94"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro> \[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30-34. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea795741-8c2a-4eb8-855e-f41473f217a8"><ac:parameter ac:name="">Seacord 05c</ac:parameter></ac:structured-macro> \[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. Linux World Magazine. November, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="57cc0151-5e2e-43d4-858b-9f5d4f3d280c"><ac:parameter ac:name="">Secunia</ac:parameter></ac:structured-macro> \[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]" 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="277f6f76-5b04-4f8a-b4fe-1dc83e195fd5"><ac:parameter ac:name="">SecurityFocus 07</ac:parameter></ac:structured-macro> \[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e37bebf-3548-48fe-bd00-fe82d6bf3a3b"><ac:parameter ac:name="">Sloss 04</ac:parameter></ac:structured-macro> \[Sloss 04\] Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d4fba6f4-9701-4ef2-a413-80eccb91bf96"><ac:parameter ac:name="">Spinellis 06</ac:parameter></ac:structured-macro> \[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality]. Addison-Wesley, 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f158077-d7bb-4f42-aabf-1b3f1855ccc3"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro> \[Steele 77\] Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bb52c78-8aec-4035-9169-0a223767f3f8"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro> \[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e5b9a763-4c1e-47ff-82be-0b132421f567"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro> \[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d018a879-19a1-4465-880f-0e9605d713d5"><ac:parameter ac:name="">Sun</ac:parameter></ac:structured-macro> \[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2f28f21c-0d65-4eb6-824b-330017a1514f"><ac:parameter ac:name="">Sun 05</ac:parameter></ac:structured-macro> \[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f435fa3-a7eb-467b-a899-5d2e09311032"><ac:parameter ac:name="">van de Voort 07</ac:parameter></ac:structured-macro> \[van de Voort 07\] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. |
\[van Sprundel 06\] van Sprundel, Ilja. [Unusual Bugs|http://ilja.netric.org/files/Unusual%20bugs.pdf], 2006. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fa922ac1-6d8b-4a3c-8e8b-0f916768a55e"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro> \[Viega 03\] Viega, John & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d2c3cbfb-1843-4396-98de-cdf8c9efb5ec"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro> \[Viega 05\] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="06f2f59f-a474-450c-bbf9-334da6facfe7"><ac:parameter ac:name="">VU#162289</ac:parameter></ac:structured-macro> \[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks,_ April 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3ace75ff-273b-40af-ad8c-263ea883b564"><ac:parameter ac:name="">VU196240</ac:parameter></ac:structured-macro> \[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ac934a3-a4bb-469e-a1ca-14ace7583b30"><ac:parameter ac:name="">VU286468</ac:parameter></ac:structured-macro> \[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the "curses_msg()" function_, 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb520079-ca05-42a0-a06f-b13d679eb9a8"><ac:parameter ac:name="">VU439395</ac:parameter></ac:structured-macro> \[VU#439395\] Howard Lipson. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ 2001. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b1769f66-14a2-4d18-a0e1-003657bcdec0"><ac:parameter ac:name="">VU551436</ac:parameter></ac:structured-macro> \[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb897f05-a1ff-4cb0-bd22-d17a2a0acf7a"><ac:parameter ac:name="">VU568148</ac:parameter></ac:structured-macro> \[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b09912b-1e69-4b7c-8584-ce8a77de930e"><ac:parameter ac:name="">VU623332</ac:parameter></ac:structured-macro> \[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function,_ 2005. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9e18d223-bc78-483f-8341-4e5baff6b65d"><ac:parameter ac:name="">VU649732</ac:parameter></ac:structured-macro> \[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL mapping VFS plug-in format string vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8c39e9fa-36b4-4604-b972-a14d79b8bd10"><ac:parameter ac:name="">VU743092</ac:parameter></ac:structured-macro> \[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f5a9b047-db8a-452d-be38-be3ab08aabd5"><ac:parameter ac:name="">VU881872</ac:parameter></ac:structured-macro> \[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70121d1f-bd80-404e-b8d5-439d41804045"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro> \[Warren 02\] Warren, Henry S. [_Hacker's Delight_|http://www.hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654). |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1edf4f6a-70d0-4f70-83a7-13e622acb083"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro> \[Wheeler 03\] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb9e2233-ab86-4d89-9b65-780ba20329bd"><ac:parameter ac:name="">Wheeler 04</ac:parameter></ac:structured-macro> \[Wheeler 04\] Wheeler, David. [_Secure programmer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December 2004. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3b0dd018-2757-49e4-8e42-369f77b56bc5"><ac:parameter ac:name="">Wojtczuk 08</ac:parameter></ac:structured-macro> \[Wojtczuk 08\] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ac461a4-87dd-4c48-a8ff-aa9ee2dfd8d3"><ac:parameter ac:name="">Yergeau 98</ac:parameter></ac:structured-macro> \[Yergeau 98\] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 1998. |
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="23cb48b3-9f54-45dc-8173-80f8ca1ad823"><ac:parameter ac:name="">Zalewski 01</ac:parameter></ac:structured-macro> \[Zalewski 01\] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001. |