Programming Language Vulnerabilities
This page lists proposals written by Derek Jones that were submitted
to the SC22 working group
OWG: Vulnerabilities (document TR 24772).
Forms of Language Specification
14 Feb 08 Added Java phrase count subsection and Fortran processor
dependent information: draft
19 Mar 07 Minor corrections
Identifier character sequence reuse.
13 Feb 06 Initial release draft
Culture and formal education issues.
21 Aug 06 Minor updates draft
27 Feb 06 Minor corrections
19 Feb 06 Initial release
Loops and their control variables.
27 Feb 06 Minor corrections draft
20 Feb 06 Initial release
2 May 06 Initial release draft
21 Aug 06 Initial release draft
May 05 Initial release draft
Some relatively recent papers on implementations, for various
languages, of array bound checking.
Extensive list of coding guideline
July 2008 ISO Vulnerabilities working group meets at ANSI, Washington DC
29 September - 1 October ISO Vulnerabilities working groups meets Stuttgart, Germany
13-20 April 2009 (tentative), ISO Vulnerabilities working groups meets San Diego, CA, USA
The book "The New C Standard: An Economic and Cultural Commentary"
along with pdfs of various subsections can be downloaded
A draft of C0x (in Google searchable html form) is available here.
A critique of the MISRA C guidelines is available here.
Please send any feedback to
vulnerabilities "at" knosof dot co dot uk