Programming Language Vulnerabilities

This page lists proposals written by Derek Jones that were submitted to the SC22 working group OWG: Vulnerabilities (document TR 24772).


Forms of Language Specification
14 Feb 08 Added Java phrase count subsection and Fortran processor dependent information: draft
19 Mar 07 Minor corrections

Identifier character sequence reuse.
13 Feb 06 Initial release draft

Culture and formal education issues.
21 Aug 06 Minor updates draft
27 Feb 06 Minor corrections
19 Feb 06 Initial release

Loops and their control variables.
27 Feb 06 Minor corrections draft
20 Feb 06 Initial release

Jump statements.
2 May 06 Initial release draft

21 Aug 06 Initial release draft

May 05 Initial release draft

Useful references

Some relatively recent papers on implementations, for various languages, of array bound checking.

Extensive list of coding guideline documents.

Forthcoming events

July 2008 ISO Vulnerabilities working group meets at ANSI, Washington DC
29 September - 1 October ISO Vulnerabilities working groups meets Stuttgart, Germany
13-20 April 2009 (tentative), ISO Vulnerabilities working groups meets San Diego, CA, USA

Other material

The book "The New C Standard: An Economic and Cultural Commentary" along with pdfs of various subsections can be downloaded here.

A draft of C0x (in Google searchable html form) is available here.

A critique of the MISRA C guidelines is available here.


Please send any feedback to vulnerabilities "at" knosof dot co dot uk

Last updated