Programming Language Vulnerabilities

This page lists proposals written by Derek Jones that were submitted to the SC22 working group OWG: Vulnerabilities (document TR 24772).

Proposals

Forms of Language Specification
14 Feb 08 Added Java phrase count subsection and Fortran processor dependent information: draft
19 Mar 07 Minor corrections

Identifier character sequence reuse.
13 Feb 06 Initial release draft

Culture and formal education issues.
21 Aug 06 Minor updates draft
27 Feb 06 Minor corrections
19 Feb 06 Initial release

Loops and their control variables.
27 Feb 06 Minor corrections draft
20 Feb 06 Initial release

Jump statements.
2 May 06 Initial release draft

Expertise.
21 Aug 06 Initial release draft

Rationale.
May 05 Initial release draft

Useful references

Some relatively recent papers on implementations, for various languages, of array bound checking.

Extensive list of coding guideline documents.

Forthcoming events

July 2008 ISO Vulnerabilities working group meets at ANSI, Washington DC
29 September - 1 October ISO Vulnerabilities working groups meets Stuttgart, Germany
13-20 April 2009 (tentative), ISO Vulnerabilities working groups meets San Diego, CA, USA

Other material

The book "The New C Standard: An Economic and Cultural Commentary" along with pdfs of various subsections can be downloaded here.

A draft of C0x (in Google searchable html form) is available here.

A critique of the MISRA C guidelines is available here.

Feedback

Please send any feedback to vulnerabilities "at" knosof dot co dot uk

Last updated