<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca5e84d0-e3d1-4298-a6c0-ba7139508457"><ac:parameter ac:name="">Burch 06</ac:parameter></ac:structured-macro>
[Burch 06] Burch, H.; Long, F.; & Seacord, R. Specifications for Managed Strings
(CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a2f76c1-b5e8-4b8f-a745-a80b18696388"><ac:parameter ac:name="">Callaghan 95</ac:parameter></ac:structured-macro>
[Callaghan 95] B. Callaghan, B. Pawlowski, P. Staubach. IETF RFC 1813 NFS Version 3 Protocol Specification. June 1995.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb98dfec-891d-4658-9e37-2fb509982f2b"><ac:parameter ac:name="">CERT 06</ac:parameter></ac:structured-macro>
[CERT 06] CERT. Managed String Library (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ce8e51a5-36ca-4294-8746-6fe350432795"><ac:parameter ac:name="">Dewhurst 02</ac:parameter></ac:structured-macro>
[Dewhurst 02] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ed9cb3b1-e4f3-430a-a570-6e024de97181"><ac:parameter ac:name="">Dowd 06</ac:parameter></ac:structured-macro>
[Dowd 06] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison-Wesley, 2006. See http://taossa.com for updates and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6bdca6cd-a869-4662-a744-082a1b44f607"><ac:parameter ac:name="">Drepper 06</ac:parameter></ac:structured-macro>
[Drepper 06] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4c05879-3482-4ce3-ab35-1d60bf744741"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>
[FSF 05] Free Software Foundation. GCC online documentation. (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b43303b-212d-47bc-a2b3-087dd8b939bb"><ac:parameter ac:name="">Graf 03</ac:parameter></ac:structured-macro>
[Graff 03] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7cf20fb-19ce-4a1e-926d-28a6b3ab51c2"><ac:parameter ac:name="">Griffiths 06</ac:parameter></ac:structured-macro>
[Griffiths 06] Griffiths, Andrew. "Clutching at straws: When you can shift the stack pointer."
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb8eaf15-8921-4e8d-9fa9-425161d15287"><ac:parameter ac:name="">Haddad 05</ac:parameter></ac:structured-macro>
[Haddad 05] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." Linux World Magazine, November, 2005.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7115aff-96e3-4981-861d-70eed08a02f1"><ac:parameter ac:name="">Hatton 95</ac:parameter></ac:structured-macro>
[Hatton 95] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York, NY: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f48f0ccc-2b9f-4b65-b842-b47e2dcba17a"><ac:parameter ac:name="">HP 03</ac:parameter></ac:structured-macro>
[HP 03] Tru64 UNIX Protecting Your System Against File Name Spoofing Attacks. January 2003.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2a13e8d4-62f2-4a73-b0e4-09125a18a2d6"><ac:parameter ac:name="">ilja 06</ac:parameter></ac:structured-macro>
[ilja 06] ilja. "readlink abuse." ilja's blog, August 13, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a50d142d-8f57-44b0-affa-095b32e95aa5"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>
[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a7b6ec1b-ca99-45b1-8b9a-09ba49b117ac"><ac:parameter ac:name="">ISO/IEC TR 24731-2006</ac:parameter></ac:structured-macro>
[ISO/IEC TR 24731-2006] ISO/IEC TR 24731. Extensions to the C Library, — Part I: Bounds-checking interfaces. April, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="817df8b6-1f33-4be9-a3b8-274e11768719"><ac:parameter ac:name="">Kennaway 00</ac:parameter></ac:structured-macro>
[Kennaway 00] Kris Kennaway. Re: /tmp topic. December 2000.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e6bbbcbb-2ea3-49ab-a2dc-dbb41c9c86ab"><ac:parameter ac:name="">Kerrighan 88</ac:parameter></ac:structured-macro>
[Kerrighan 88] Kerrighan, B. W. & Ritchie, D. M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6268a0ad-f765-43f0-ab60-b27c0aa240bb"><ac:parameter ac:name="">Kettle 02</ac:parameter></ac:structured-macro>
[Kettlewell 02] Kettlewell, Richard. C Language Gotchas (February 2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0b5e98d-9d26-4cff-b95f-6d1e3da02dcf"><ac:parameter ac:name="">Kettle 03</ac:parameter></ac:structured-macro>
[Kettlewell 03] Kettlewell, Richard. Inline Functions In C (March 2003).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8595538-3f9d-4430-b386-a111d52cfae5"><ac:parameter ac:name="">Klein 02</ac:parameter></ac:structured-macro>
[Klein 02] Klein, Jack. Bullet Proof Integer Input Using strtol() (2002).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7ab645c3-1fab-418a-b554-08b833a0385c"><ac:parameter ac:name="">Lai 06</ac:parameter></ac:structured-macro>
[Lai 06] Ray Lai. Reading Between the Lines. OpenBSD Journal. October, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="03e78d0e-5463-4861-a9e2-1aaa96f981fe"><ac:parameter ac:name="">mercy</ac:parameter></ac:structured-macro>
[mercy] mercy. Exploiting Uninitialized Data (January 2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="585f9389-ae10-4ae0-b91d-f3b3e7c69a10"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>
[MISRA 04] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d96fce63-50ac-4612-a722-0077950e8679"><ac:parameter ac:name="">NASA-GB-1740.13</ac:parameter></ac:structured-macro>
[NASA-GB-1740.13] NASA Glenn Research Center, Office of Safety Assurance Technologies. NASA Software Safety Guidebook (NASA-GB-1740.13).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a886377-c899-4fe6-b763-7f9bcd21c232"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>
[NIST 06] NIST. SAMATE Reference Dataset (2006).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5a9e312-f07b-464a-95ab-36482375c64a"><ac:parameter ac:name="">NIST 06b</ac:parameter></ac:structured-macro>
[NIST 06b] NIST. DRAFT Source Code Analysis Tool Functional Specification. Information Technology Laboratory (ITL), oftware
Diagnostics and Conformance Testing Division. September, 2006.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a22ac8c9-5b16-4bc4-9b68-9eaeddd4016a"><ac:parameter ac:name="">Open Group 97</ac:parameter></ac:structured-macro>
[Open Group 97] The Open Group. The Single UNIX® Specification, Version 2 (1997).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b7686302-a0f5-417c-a324-ab85c070e46c"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>
[Open Group 04] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="067a0b78-6455-4b04-9ed5-a54551a3b2cd"><ac:parameter ac:name="">Plum 89</ac:parameter></ac:structured-macro>
[Plum 89] Plum, Thomas, and Saks, Dan. C Programming Guidelines, 2nd ed. Kamuela, HI: Plum Hall, Inc., 1989 (ISBN 0911537074).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c36c99f2-3b67-4005-bacd-3ca837c63f35"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>
[Plum 91] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., 1991 (ISBN 0911537104).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dcf6adf8-3b9d-4f4a-842b-d0dcb54fa72f"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>
[Saks 99] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47b32ccd-246c-4f37-885e-f0d6c3e78ccf"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="08b9147c-03c6-46cf-9224-ece34b715a3c"><ac:parameter ac:name="">Seacord 05a</ac:parameter></ac:structured-macro>
[Seacord 05a] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d48dcd98-e7c3-4278-b7d9-475318829b0f"><ac:parameter ac:name="">Seacord 05b</ac:parameter></ac:structured-macro>
[Seacord 05b] Seacord, R. "Managed String Library for C, C/C++." Users Journal 23, 10 (October 2005): 30-34.
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e585726-0f66-47cc-b322-b2d348edfe16"><ac:parameter ac:name="">Summit 95</ac:parameter></ac:structured-macro>
[Summit 95] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2fda3e22-635c-43f4-a39e-6e7a2bcecd96"><ac:parameter ac:name="">Summit 05</ac:parameter></ac:structured-macro>
[Summit 05] Summit, Steve. comp.lang.c Frequently Asked Questions (2005).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a865142f-0df3-4585-b62f-4d9937327d2a"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>
[Viega 03] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="973afb58-4f42-4cca-999e-786e0ee6e32a"><ac:parameter ac:name="">Viega 05</ac:parameter></ac:structured-macro>
[Viega 05] Viega, John. CLASP Reference Guide Volume 1.1. Secure Software. (2005)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8e69e40-a3c0-46d2-b165-8387d60767a0"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>
[Warren 02] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c21afb52-7234-4b5f-9c68-75bef10682fe"><ac:parameter ac:name="">Wheeler 03</ac:parameter></ac:structured-macro>
[Wheeler 03] David Wheeler. Secure Programming for Linux and Unix HOWTO, v3.010. , March 2003.