This draft is prepared using the form downloaded from the JTC1 web site on 17 May 2005.

Draft 1, prepared by Jim Moore, James.W.Moore@ieee.org

PROPOSAL FOR A NEW WORK ITEM

Date of presentation of proposal: YYYY-MM-DD	Proposer: ISO/IEC JTC 1/SC 22
Secretariat: ANSI (United States)	ISO/IEC JTC 1 N XXXX

A proposal for a new work item shall be submitted to the secretariat of the ISO/IEC joint technical committee concerned with a copy to the ISO Central Secretariat.

Presentation of the proposal - to be completed by the proposer Guidelines for proposing and justifying a new work item are given in ISO Guide 26.

Title Guidance for Avoiding Vulnerabilities in Programming Languages

Scope The guidance could be applicable to any software development project applying the programming languages considered in the TR. The advisability of applying the guidance would vary depending upon the criticality of properties such as safety, security or privacy. In addition to producing a Technical Report, it is possible that the working group might create recommendations for working groups that maintain the standards or specifications for the programming languages considered in the TR.

Purpose and justification - Any programming language contains constructs that are vague or difficult to use. Many language definitions include "implementation dependencies" that can affect their semantics in different execution environments. There is a set of "common mode" failures that occur across a variety of languages. Finally, there are weaknesses in language constructs that can be exploited by attackers, for example, the now-famous "buffer overrun" attacks. As a result, software programs sometimes execute differently than was intended by their developers. These problems can have serious consequences for systems that are intended to implement integrity properties such as safety, security or privacy. Although the consequences may be less severe, there is also the cost of dealing with electronic vandalism enabled by vulnerabilities in programs that are not themselves intended to have high integrity properties. The purpose of this project is to prepare comparative guidance spanning a large number of programming languages, so that application developers can see how language vulnerabilities are treated. The guidance will primarily focus on linguistic means of avoiding vulnerabilities. In some cases, though, the guidance may provide extra-linguistic means (e.g. targeted testing) to mitigate the risk of vulnerabilities that cannot be economically avoided.

Programme of work If the proposed new work item is approved , which of the following document(s) is (are) expected to be developed? ____ a single International Standard more than one International Standard (expected number: ........ ) ____ a multi-part International Standard consisting of .......... parts ____ an amendment or amendments to the following International Standard(s) .................................... __X__ a technical report , type ....3.......

Relevant documents to be considered The programming language standards of ISO/IEC JTC 1/SC 22. For market reasons, the specifications of popular languages that are not the subject of ISO standards. The software engineering standards of ISO/IEC JTC 1/SC 7, as a source of extra-linguistic mitigation methods. Existing documents providing usage guidance for individual languages, e.g. ISO/IEC TR 15942, MISRA C, NUREG/CR-6463. Standards dealing with functional safety, notably, IEC 61508. Existing work on safe programming approaches, e.g. the SPARK language, ISO/IEC draft TR 24731 (Specification for Secure C Library Functions) So far, the study group has assembled a list of 82 resources to be considered.

Cooperation and liaison The proposal recognizes that a normally constituted working group will not suffice to perform the necessary work. In addition, to the usual National Body participants, it is proposed to use experts appointed by each existing working group in JTC 1/SC 22, liaison experts appointed by other organizations maintaining programming language specifications, and liaison experts appointed by other standards committees maintaining related documents.

Preparatory work offered with target date(s) A web site provides a summary of progress to date: http://www.aitcnet.org/isai/. It is proposed to perform the work on the "normal" (36 month) schedule. However, it is recognized that the work may be performed in increments that subdivide the schedule or with refinements that would produce subsequent amendments or revisions.

Signature:

Will the service of a maintenance agency or registration authority be required? ......NO................ - If yes, have you identified a potential candidate? ................ - If yes, indicate name ............................................................. Are there any known requirements for coding? ......NO............... -If yes, please specify on a separate page Are there any known requirements for cultural and linguistic adaptability? .....None beyond those already implicit in the programming languages being treated....... - If yes, please specify on a separate page Does the proposed standard concern known patented items? ........NO........... - If yes, please provide full information in an annex

Comments and recommendations of the JTC 1 Secretariat - attach a separate page as an annex, if necessary

Comments with respect to the proposal in general, and recommendations thereon: It is proposed to assign this new item to JTC 1/SC 22

Voting on the proposal - Each P-member of the ISO/IEC joint technical committee has an obligation to vote within the time limits laid down (normally three months after the date of circulation).

Date of circulation: YYYY-MM-DD

Closing date for voting: YYY-MM-DD

Signature of JTC 1 Secretary: Lisa A. Rajchel

Notes to Proforma

A. Business Relevance. That which identifies market place relevance in terms of what problem is being solved and or need being addressed.

A.1. Market Requirement. When submitting a NP, the proposer shall identify the nature of the Market Requirement, assessing the extent to which it is essential, desirable or merely supportive of some other project.

A.2 Technical Regulation. If a Regulatory requirement is deemed to exist - e.g. for an area of public concern e.g. Information Security, Data protection, potentially leading to regulatory/public interest action based on the use of this voluntary international standard - the proposer shall identify this here.

B. Related Work. Aspects of the relationship of this NP to other areas of standardization work shall be identified in this section.

B.1 Competition/Maintenance. If this NP is concerned with completing or maintaining existing standards, those concerned shall be identified here.

B.2 External Commitment. Groups, bodies, or fora external to JTC1 to which a commitment has been made by JTC for cooperation and or collaboration on this NP shall be identified here.

B.3 External Std/Specification. If other activities creating standards or specifications in this topic area are known to exist or be planned, and which might be available to JTC1 as PAS, they shall be identified here.

C. Technical Status. The proposer shall indicate here an assessment of the extent to which the proposed standard is supported by current technology.

C.1 Mature Technology. Indicate here the extent to which the technology is reasonably stable and ripe for standardization.

C.2 Prospective Technology. If the NP is anticipatory in nature based on expected or forecasted need, this shall be indicated here.

C.3 Models/Tools. If the NP relates to the creation of supportive reference models or tools, this shall be indicated here.

D. Any other aspects of background information justifying this NP shall be indicated here.

D. Conformity Assessment and Interoperability

D.1 Indicate here if Conformity Assessment is relevant to your project. If so, indicate how it is addressed in your project plan.

D.2 Indicate here if Interoperability is relevant to your project. If so, indicate how it is addressed in your project plan.