OWG:Vulnerabilities
Maintained by
Jim Moore,
James.W.Moore@ieee.org
If you don't see two frames, click here.

Disclaimer

References to Our Work

This is a list of publications and other external references that mention the work of SC 22/OWGV. Of course, inclusion in this list does not imply endorsement by OWGV or any participant of OWGV.

Author Publication Title Abstract

Kimberland, Kelly (SEI) news@SEI CERT Launches Secure Coding Standards Web Site "The Carnegie Mellon Software Engineering Institute (SEI) CERT® Program has deployed a secure-coding Web site at www.securecoding.cert.org as a forum in which software developers can codify a practical and effective set of secure coding practices for popular programming languages. These coding practices can then be used by software developers to eliminate vulnerabilities before software is operationally deployed."

Moore, James (MITRE) and Seacord, Robert (SEI) Crosstalk, The Journal of Defense Software Engineering Secure Coding Standards "Inherent weaknesses in programming languages contribute to software vulnerabilities. Increasingly, organizations are producing standards to improve software security. Current efforts to develop software security standards are surveyed, and two such efforts are described in detail. An international standards group is writing a document providing guidance to users of programming languages on how to avoid the vulnerabilities that exist in the programming language selected for a particular project. Carnegie Mellon University’s (CMU’s) Computer Emergency Response Team (CERT) is developing secure coding practices for the C and C++ programming languages."

Wall, Douglas (Sun) Douglas Walls' Weblog Avoiding Programming Language Vulnerabilities "This week I am in Berlin at a meeting of the ISO/SC22/WG14, the C programming language committee, in Berlin. One of the hottest topics are dealing with programming security issues and integrity systems. JTC 1/SC 22 has created a new project to deal with the subject of vulnerabilities in programming languages."

The MITRE Corporation Common Weakness Enumeration Related Efforts "Several additional efforts are currently ongoing targeted at resolving some of the other shortcomings in software assurance, including NIST's SAMATE project ... ; the U.S. Department of Defense (DOD)-sponsored Code Assessment Methodology Project (CAMP) ...; the Object Management Group (OMG) Software Assurance (SwA) Special Interest Group (SIG); and the work of the [ISO/IEC JTC 1/SC 22] Other Working Group (OWG): Vulnerabilities working group tasked with ISO project 22.24772; among others."

Disclaimer Most of the items contained in this web site and its associated files and directories are preliminary working material of ISO/IEC JTC 1/SC 22, subject to review and correction.

The web site is maintained for the convenience of the participants in SC 22/OWG:Vulnerabilities by:

James W. Moore, The MITRE Corporation, 7515 Colshire Drive, McLean, VA 22102, +1.703.983.7396, moorej@mitre.org, James.W.Moore@ieee.org.

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities	Maintained by Jim Moore, James.W.Moore@ieee.org	If you don't see two frames, click here.
	Maintained by Jim Moore, James.W.Moore@ieee.org

Author	Publication	Title	Abstract
Kimberland, Kelly (SEI)	news@SEI	CERT Launches Secure Coding Standards Web Site	"The Carnegie Mellon Software Engineering Institute (SEI) CERT® Program has deployed a secure-coding Web site at www.securecoding.cert.org as a forum in which software developers can codify a practical and effective set of secure coding practices for popular programming languages. These coding practices can then be used by software developers to eliminate vulnerabilities before software is operationally deployed."
Moore, James (MITRE) and Seacord, Robert (SEI)	Crosstalk, The Journal of Defense Software Engineering	Secure Coding Standards	"Inherent weaknesses in programming languages contribute to software vulnerabilities. Increasingly, organizations are producing standards to improve software security. Current efforts to develop software security standards are surveyed, and two such efforts are described in detail. An international standards group is writing a document providing guidance to users of programming languages on how to avoid the vulnerabilities that exist in the programming language selected for a particular project. Carnegie Mellon University’s (CMU’s) Computer Emergency Response Team (CERT) is developing secure coding practices for the C and C++ programming languages."
Wall, Douglas (Sun)	Douglas Walls' Weblog	Avoiding Programming Language Vulnerabilities	"This week I am in Berlin at a meeting of the ISO/SC22/WG14, the C programming language committee, in Berlin. One of the hottest topics are dealing with programming security issues and integrity systems. JTC 1/SC 22 has created a new project to deal with the subject of vulnerabilities in programming languages."
The MITRE Corporation	Common Weakness Enumeration	Related Efforts	"Several additional efforts are currently ongoing targeted at resolving some of the other shortcomings in software assurance, including NIST's SAMATE project ... ; the U.S. Department of Defense (DOD)-sponsored Code Assessment Methodology Project (CAMP) ...; the Object Management Group (OMG) Software Assurance (SwA) Special Interest Group (SIG); and the work of the [ISO/IEC JTC 1/SC 22] Other Working Group (OWG): Vulnerabilities working group tasked with ISO project 22.24772; among others."

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities Maintained by Jim Moore, James.W.Moore@ieee.org If you don't see two frames, click here.

Disclaimer

References to Our Work

ISO/IEC JTC 1/SC 22/OWG:Vulnerabilities
Maintained by
Jim Moore,
James.W.Moore@ieee.org
If you don't see two frames, click here.