Document ISO/IEC/JTC 1/SC 22/WG 23 N0671

Draft Minutes Pre-Meeting #46
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
15 August 2016

Meeting Location :


Meeting Times:

15 August 2016: 2000-2200 UTC

Local Arrangements:


Local Contacts:




1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell
Erhard Ploedereder
Clive Pygott
Chris Tandy
Tullio Vardenega

1.3 Procedures for this Meeting

Minutes for this electronic meeting will become part of the meeting 46 agenda.

1.4 Approval of previous Minutes

N/A for electronic meetings

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0668]

1.7 Future Meeting Schedule




Teleconference (UTC 2000, 2 hr)



Teleconference (UTC 2000, 2 hr)


17-18 August 2017

BSI London (with SC 22 Plenary)


12-13 June 2017

Vienna, Austria with Ada Europe(2 day)



Teleconference (UTC 2000, 2 hr)


6-7 April 2017

IBM Markham, Canada (2 day)



Teleconference (UTC 2100, 2 hr)


23-24 January 2017

In-person (2 day)

Steve to poll WG 23 participants for planned attendance at meeting, decision to be made at meeting 46.




Teleconference (UTC 2000, 2 hr)




Teleconference (UTC 2000, 2 hr)


15-16 Sep 2016

Vienna, Austria (with SC 22 Plenary)

2. Liaison Activities

N/A for electronic meeting except by request.

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

    1. IEC SC 65A System Aspects for IEC 61508 Safety

      Stephen Michell has initiated unofficial liaison with IEC SC 65A. He has contacted Audrey Canning (UK) about revisions to IEC 61508. Stephen is now a member of the Canadian mirror group to this SC, but has not yet participated in a meeting of SC 65A. There is a meeting of the SC scheduled in early September, but no participation has been initiated yet. We should ask SC 22 to initiate a liaison request with IEC SC 65A.

2.16 Other Liaison Activities or National body reports

3. Document Review

AI – Steve – send email to reflector reminding all to submit any issues that they want addressed at the September (Vienna) or the January (Orlando) meeting by email to the reflector for posting by Steve to the N-numbered document list.

3.1 TR 24772-1 Vulnerabilities, language independent

Document N664,

AI 46-01– steve - Insert EP homework AI 41-04 from N0668 to 6.42.3 and to 6.42.5,

AI 46-02– steve – close AI’s.

6.37, rewrite by EP. Concern expressed that the responses to the vulnerability may be too domain specific. Discuss general direction and gave EP advice to focus on vulnerabilities only.

AI 46-03– steve, incorporate EP’s writeup into -1 for review.

3.2 TR 24772-2 Ada language specific part

Waiting for a proposal from SC 22/WG 9. The official plan is to have a document in our hands for the September meeting of WG 23. Joyce Tokar is consolidating comments on the Ada document, but may feel a need to discuss with WG 9 in October. This would push arrival in WG 23 before the January 2017 meeting.

WG 9 is proposing that Joyce Tokar become the editor of TR 24772-2. WG 23 is supportive and will support the motion at SC 22 plenary.

3.3 TR 24772-3 C language specific part

Document N0665 – nothing for this meeting.

3.4 TR 24772-4 Python language specific part

Document N0592.

3.5 TR 24772-8 Fortran

Document [N0560] needs review.

3.6 TR 24772-X C++

Consider document [N0582]

3.7 Bibliography for each TR24772 Part

3.8 Dirty Dozen Rules for C, generic, and other languages

Strategy on how to use and incorporate such rules.

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities

7. Resolutions and Action Items

8. Adjournment