OWG:Vulnerabilities
Maintained by
Jim Moore,
James.W.Moore@ieee.org
If you don't see two frames, click here.

Disclaimer

History

This page describes past work performed by the study group leading up to the establishment of OWG:Vulnerabilities and Project 27422.

The work of the study group was supported by an email distribution list:
SC22-HIGH-INTEGRITY-STUDY-GROUP-LIST@LISTS.MITRE.ORG.

It is possible that the mailer's archives might still be available. If so, appropriate commands to access the archives would include:

To get a list of available discussion archive files:
INDEX SC22-HIGH-INTEGRITY-STUDY-GROUP-LIST
To get a copy of one of the archive files:
GET SC22-HIGH-INTEGRITY-STUDY-GROUP-LIST LOGxxxx

Plan

This ad hoc group is part of a larger Ad Hoc Group on Future Directions which was created by ISO/IEC JTC 1/SC 22.

SC22 has the scope of "programming languages and their environments." As its name suggests, the "Ad Hoc Group on Future Directions" is considering possible new work for SC22. The High Integrity Ad Hoc Group is investigating the demands that the development of high integrity systems places on programming languages to determine if new standardization work in this area is justified. At the current time, we are in the process of developing a proposal for SC22.

Where we are in the Plan

Results

2004-08: SC22 announced the formation of an Ad Hoc Group on Future Standards Development to consider new work in SC22 [N3792]

I ask SC22 to consider work in this area. 2004-08-31: I submitted a suggestion for new work (pdf).

SC22 considers this idea (and other ideas) at its plenary meeting in September 2002.
2004-09: SC22 held its annual plenary meeting with the following results:

Meeting of Ad Hoc Group on Future Directions for SC22

N3808, Agenda
N3809, Presentation of Convener of Ad Hoc Group (cover, presentation)
N3810, Meeting Report of Convener (covered report)
N3811, Notes of Recording Secretary (covered notes)

N3813, Resolutions of SC22 Plenary (cover, resolutions). Note resolution 04-13.
My report of the meeting (pdf)

Shortly thereafter, I formed the email distribution list and began recruiting members.
My note to SC22 participants (pdf) was typical of the invitations I sent to several parties.

The study group was kicked off with this note (pdf).

The first key date is 15 January 2005, the deadline for input to the meeting of the Ad Hoc Group on Future Directions.

Note from Chairman of Ad Hoc stating the desired input (pdf)
The first version of my proposal to the Ad Hoc (pdf). As distributed, 22n3861 (pdf).

. The proposal continues to evolve: V2, V3.

Meet with the Ad Hoc Group to get their endorsement of our proposal to form a study group.
(2005-03-31/04-01: Meeting of the Ad Hoc Group in Philadelphia)

Moore's planned presentation (pdf)
Report of Ad Hoc Group (pdf)

Specific recommendation of Ad Hoc Group: "This group should develop an NP to initiate work on these topics, using an incremental approach to standards development. That is to start with a TR3, follow it with a TR2 and eventually a standard. The study group will prepare an NP and submit it for ballot. Ballot resolution would be performed at the plenary meeting [of SC22 in October 2005]."

Study group writes New Work Item Proposals (NP).
Draft 1 (html). Wichmann's comments (html).

Draft 2 (html) submitted to Secretariate on 12 June 2005.

Rationale proposed by Derek Jones: Draft 1 (pdf, web).

NP(s) are balloted by SC22 and JTC1.
SC 22 N 3913 - Proposal for a New Work Item: Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use [cover (html), document (html)].

SC 22 N 3990 - Summary of Balloting on N3913 [cover (html), document (pdf)].

Please note that this project has been assigned the ISO/IEC designation "24772". The OWG: Vulnerabilities is instructed to begin work on this project and prepare a disposition of comments for those National Body comments received on the SC 22 ballot.

Relevant resolutions from SC22 plenary meeting, Oct 2005.
Excerpts of SC 22 N 3989 (pdf)

Moore's report of the meeting and the balloting, "Moving Forward" (pdf)

Promotion of the Project:

2005-11: Moore's conference presentation regarding the project (ppt)

Disclaimer Most of the items contained in this web site and its associated files and directories are preliminary working material of ISO/IEC JTC 1/SC 22, subject to review and correction.

The web site is maintained for the convenience of the participants in SC 22/OWG:Vulnerabilities by:

James W. Moore, The MITRE Corporation, 7515 Colshire Drive, McLean, VA 22102, +1.703.983.7396, moorej@mitre.org, James.W.Moore@ieee.org.

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities	Maintained by Jim Moore, James.W.Moore@ieee.org	If you don't see two frames, click here.
	Maintained by Jim Moore, James.W.Moore@ieee.org

Where we are in the Plan	Results
	2004-08: SC22 announced the formation of an Ad Hoc Group on Future Standards Development to consider new work in SC22 [N3792]
I ask SC22 to consider work in this area.	2004-08-31: I submitted a suggestion for new work (pdf).
SC22 considers this idea (and other ideas) at its plenary meeting in September 2002.	2004-09: SC22 held its annual plenary meeting with the following results: Meeting of Ad Hoc Group on Future Directions for SC22 N3808, Agenda N3809, Presentation of Convener of Ad Hoc Group (cover, presentation) N3810, Meeting Report of Convener (covered report) N3811, Notes of Recording Secretary (covered notes) N3813, Resolutions of SC22 Plenary (cover, resolutions). Note resolution 04-13. My report of the meeting (pdf)
Shortly thereafter, I formed the email distribution list and began recruiting members.	My note to SC22 participants (pdf) was typical of the invitations I sent to several parties. The study group was kicked off with this note (pdf).
The first key date is 15 January 2005, the deadline for input to the meeting of the Ad Hoc Group on Future Directions.	Note from Chairman of Ad Hoc stating the desired input (pdf) The first version of my proposal to the Ad Hoc (pdf). As distributed, 22n3861 (pdf).
.	The proposal continues to evolve: V2, V3.
Meet with the Ad Hoc Group to get their endorsement of our proposal to form a study group.	(2005-03-31/04-01: Meeting of the Ad Hoc Group in Philadelphia) Moore's planned presentation (pdf) Report of Ad Hoc Group (pdf) Specific recommendation of Ad Hoc Group: "This group should develop an NP to initiate work on these topics, using an incremental approach to standards development. That is to start with a TR3, follow it with a TR2 and eventually a standard. The study group will prepare an NP and submit it for ballot. Ballot resolution would be performed at the plenary meeting [of SC22 in October 2005]."
Study group writes New Work Item Proposals (NP).	Draft 1 (html). Wichmann's comments (html). Draft 2 (html) submitted to Secretariate on 12 June 2005. Rationale proposed by Derek Jones: Draft 1 (pdf, web).
NP(s) are balloted by SC22 and JTC1.	SC 22 N 3913 - Proposal for a New Work Item: Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use [cover (html), document (html)]. SC 22 N 3990 - Summary of Balloting on N3913 [cover (html), document (pdf)]. Please note that this project has been assigned the ISO/IEC designation "24772". The OWG: Vulnerabilities is instructed to begin work on this project and prepare a disposition of comments for those National Body comments received on the SC 22 ballot.
Relevant resolutions from SC22 plenary meeting, Oct 2005.	Excerpts of SC 22 N 3989 (pdf) Moore's report of the meeting and the balloting, "Moving Forward" (pdf)

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities Maintained by Jim Moore, James.W.Moore@ieee.org If you don't see two frames, click here.

Disclaimer

History

Plan

Where we are in the Plan

Results

Promotion of the Project:

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities
Maintained by
Jim Moore,
James.W.Moore@ieee.org
If you don't see two frames, click here.