ISO/IEC/JTC 1/SC 22/WG 23 DOCUMENT REGISTER

ISO/IEC JTC1/SC22/WG23 standing documents:

Meeting Schedule
S0001 – SC22/WG23 Action Log
S0003 – Editorial history of TR 24772
S0005 – Advice to Language Specific Parts Editors (DRAFT)
S0006 - Comparison of TR 24772 guidance to Joint Strike Fighter Coding Guidelines

WG23 n-numbered documents in reversed document number order:

Document Number

Description

Date







N0674

Reserved for Minutes of Meeting 46 14-15 September 2016

15/09/16

N0673

TR 24772-1 reworked after pre-meeting 46 WebEx with clause 37 rework incorporated. This document has all previous change tracking removed.

PDF

15/09/16

N0672

Update of TR 24772-3 Programming Language C submitted by Clive Pygott

PDF

16/08/16

N0671

Draft Minutes of Pre-Meeting 46 16 August 2016

01/08/16

N0670

Rewrite of Clause 6.37 Fault Tolerance with group comments

PDF

16/08/16

N0669

Rewrite of Clause 6.37 Fault Tolerance submitted by Erhard Ploedereder>

PDF

14/08/16

N0668

Draft agenda pre-meeting 46 electronic meeting, 15 August 2016 2000-2200 UTC

01/08/16

N0667

Draft Agenda Meeting 46, with local arrangements documents (ZIP file) 15-16 September 2016, Austrian Standards, Vienna Austria

01/07/16

N0666

Cross Reference JSF Coding Rules and TR24772-1 after meeting 45

PDF

16/6/2016

N0665

TR 24772-3 Guidance document for language C after meeting 45

PDF

15/6/2016

N0664

TR 24772-1 Guidance (language independent) document after meeting 45

PDF

15/6/2016

N0663

Draft Minutes Meeting 45

14/6/2016

N0662

Clause seven reorganization proposal contributed by E Ploedereder

PDF

13/6/2016

N0661

Liaison report to SC 22/WG 9 contributed by E. Ploedereder

PDF

13/6/2016

N0660

Cross Index of JSF Rules and TR24772 contributedd by L Wagoner

PDF

20/5/2016

N0659

Convenor's report to SC 22 plenary 14-15 September 2016

PDF

17/5/2016

N0658

TR24772-1 after pre-meeting webex for meeting 45

PDF

17/5/2016

N0657

Time Vulnerabilities after pre-meeting 25 Telecom

PDF

16/5/2016

N0656

A Mapping from the New Vulnerabilities to CERT Secure Coding Rules

PDF

16/5/2016

N0655

Draft minutes of Meeting 45 16 April 2016

16/4/2016

N0654

Time Vulnerabilities updated by Erhard Ploedereder

PDF

16/5/2016

N0653

Webex information for Pre-meeting 45 telecon 16 May 2016 at 2000 UTC

16/4/2016

N0652

Draft Agenda and meeting support for Meeting 45, Pisa, Italy 14-15 June 2016

16/4/2016

N0651

Draft Convenor's Report for JTC 1/SC 22 Plenary 2016

PDF

16/4/2016

N0650

TR 24772-1 Programming Language Vulnerabilities Part 1 after meeting 44

PDF

16/4/2016

N0649

TR 24772-3 C Part after meeting 44

PDF

15/4/2016

N0648

Draft Minutes for meeting 44 - revised

16/4/2016

N0647

Draft Agenda for meeting 44 - revised

14/4/2016

N0646

Time Vulnerabilities after meeting with IRTAW 18 submitted by Stephen Michell

PDF

14/4/2016

N0645

TR24772-1 General Vulnerability Descriptions after ISO Training

PDF

15/3/2016

N0644

TR24772-1 General Vulnerability Descriptions after meeting 43

PDF

7/3/16

N0643

TR24772-3 C draft after meeting 43 and for submission to WG 14 for consideration

PDF

7/3/16

N0642

Draft minutes of meeting 43

7/3/16

N0641

TR24772-8 Fortran Draft before meeting 43

PDF

7/3/16

N0640

TR24772-3 before meeting 43 with CHP action items additions, submitted by Clive Pygott

PDF

15/02/16

N0639

TR24772-1 before meeting 43 with top 20 submitted by Stephen Michell

PDF

06/03/16

N0638

TR 24772-1 after meeting 42 with top 20 included

PDF

8 FEnruary 2016

N0637

Complete set of guidance to avoiding vulnerabilities after meeting 42

PDF

8 February 2016

N0636

Minutes of Meeting 42 (draft) - 8 February 2016

8 February 2016

N0635

Agenda Meeting 43 (draft) - 7 March 2016

8 February 2015

N0634

Time Vulnerability paper submitted to IRTAW 18 by Stephen Michell

4/02/16

N0633

Meeting agenda for Meeting 42 Teleconference

8 February 2016

N0632

Python guidance to avoiding programming language vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0631

Clause 5 top N avoidance guideline references to vulnerabilities, submitted by Clive Pygott

PDF

03/02/16

N0630

OO vulnerability references in MISRA contributed by Clive Pygott

PDF

19/01/16

N0629

Aggregated guidance rules to avoid vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0628

Spark guidance to avoiding programming language vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0627

Ruby guidance to avoiding programming language vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0626

PHP guidance to avoiding programming language vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0625

Fortran guidance to avoiding programming language vulnerabilities contributed by Larry Wagoner

PDF

19/01/16

N0624

C guidance to avoiding programming language vulnerabilities from N0604 contributed by Larry Wagoner

PDF

19/01/16

N0623

Top N Ada guidance to avoiding programming language vulnerabilities from N0621 contributed by Larry Wagoner

PDF

19/01/16

N0622

TR 24772-3 C language specific vulnerabilities, after meeting 41 with 4 new vulnerabilities, submitted by Stephen Michell

PDF

15/01/16

N0621

Ada top 10 guidance for TR 24772-2, edited version of N0620

PDF

13/01/16

N0620

Ada top 10 guidance for TR 24772-2, submitted by Larry Wagoner

PDF

<12/01/16

N0619

TR 24772-1 replacement for N0618 with Links in Top 10 avoidance mechanisms

PDF


N0618

TR 24772-1 Vulnerabilities main document after meeting 41

PDF

12/1/16

N0617

TR 24772-3 Programming Language C after meeting 41

PDF

12/1/16

N0616

ISO / IEC/JTC1/SC22/WG23 N0616 JSF AV Analysis from Erhard

PDF

10/1/16

N0615

Liskov substitution rule vulnerability submitted by Erhard Ploedereder

PDF

9/1/16

N0614

New OO vulnerabilities submitted by Erhard Ploedereder

PDF

9/1/16

N0613

Clause 3.39 rewrite submitted by Erhard Ploedereder

PDF

9/1/16

N0612

Draft of TR 24772-3 (N0609) before meeting 41 including top 10 avoidance mechanisms Contributed by Stephen Michell

PDF

9/1/16

N0611

Draft of TR 24772-1 before-meeting 41 including top 10 avoidance mechanisms contributed by Stephen Michell

PDF

9/1/16

N0610

Draft Meeting Minutes of Meeting 41 11-12 January 2016

12/1/16

N0609

TR 24772-3 Guidance to avoiding programming language vulnerabilities: Part 3 C submitted by David Keaton

PDF

7/1/16

N0608

IS 17960 Code Signing encrypted zip file

15/12/15

N0607

Draft agenda for meeting 44 15-16 April 2016
Local Arrangements
Visa request form
Teleconference Info

23/11/15

N0606

TR24772-1 Avoiding Programming Language Vulnerabilities after meeting 40

PDF

23/11/15

N0605

Section 6.39 Memory Leaks [REU] rewrite submitted by Erhard Ploedereder, incorporated in N0606
PDF

23/11/15

N0604

Possible Top ten vulnerability avoidance strategies in programming languages after mtg 40
PDF


N0603

Possible Top ten vulnerability avoidance strategies in programming languages after mtg 40
PDF

23/11/15

N0602

Draft minutes for meeting 40 23 November 2015

20/11/15

N0601

Draft agenda for meeting 41 11 January 2016
Teleconference Info

20/11/15

N0600

Possible Top n vulnerability avoidance strategies in C, contributed by Larry Wagner
PDF

19/11/15

N0599

Possible Top n vulnerability avoidance strategies, contributed by Larry Wagner
PDF

19/11/15

N0598

Possible Top n vulnerability avoidance strategies, contributed by Larry Wagner PDF

18/09/15

N0597

AI 38-09 contributed by Clive Pygott

21/10/15

N0596

AI 38-08 submitted by Clive Pygott

21/10/15

N0595

Top Dozen coding advice for C language contributed by Larry Wagoner PDF

21/10/15

N0594

Draft agenda for meeting 40 23 November 2015

21/10/15

N0593

C Language specific Part updates from David Keaton for meeting 39 PDF

21/10/15

N0592

Python Part updates submitted by Santiago for Meeting 39 PDF

21/10/15

N0591

Draft Minutes of Meeting 39

21/10/15

N0590

TR2477-1 Avoiding Programming Language Vulnerabilities after meeting 39

21/10/15

N0589

C Language-specific Part before meeting 39 PDF

21/10/15

N0588

Final Agenda Meeting 39 21 October 2015

21/10/15

N0587

New vulnerability proposal from Clive Pygott from JSF AV 138

18/10/15

N0586

TR24772-3 Python Language specific Annex after meeting 38 (update of N0558) PDF

18/09/15

N0585

Agenda for Meeting 39 21 October 2015

21/09/15

N0584

TR24772-3 C Language specific Annex after meeting 38 (update of N0566) PDF

19/09/15

N0583

TR24772-1 draft after Meeting 38 (update of N0578) PDF

18/09/15

N0582

Outline for C++ language specific vulnerability annex, as of 13 Aug 2015.

17/09/15

N0581

Minutes of Meeting 38 17-18 September 2015

18/09/15

N0580

TR24772-3 draft before meeting 38 (update of N0566)

15/09/16

N0579

Updated agenda (V3) for meeting 38.

15/09/15

N0578

TR24772-1 draft before meeting 38 with edits for JSF and harmonizing with TR24772-3.

13/09/15

N0577

Disposition of comments on FDIS 17960

03/08/15

N0576

Response to SC 27 WG 3 re comments on FDIS 17960

03/08/15

N0575

Draft IS 17960 after FDIS ballot and corrections

03/08/15

N0574

Meeting Minutes of Meeting 37

03/08/15

N0573

Results of voting for FDIS 17960

03/08/15

N0572

SC 27 N15245 WG 3 recommendation to SC 27

30/07/15

N0571

SC 27 WG 3 N1191 Liaison Statement to WG 23

30/07/15

N0570

NIL

30/07/15

N0569

Draft agenda for meeting 38, 17-18 September 2015, Washington, DC

19/07/15

N0568

Draft agenda for meeting 37, teleconference

19/07/15

N0567

Local arrangements for Meeting 38, 17-18 September 2015, Washington, DC

19/07/15

N0566

TR24772-3 Language Guidance for C initial draft submitted by Clive Pygott

03/07/17

N0565

TR24772-1 draft after meeting 36 with edits for JSF

28/06/15

N0564

TR24772 cross reference JSF rules after meeting 36

28/06/15

N0563

Outline for C++ language specific vulnerability annex, as edited at meeting 36.

28/06/15

N0562

Advice to editors following Meeting 36 now posted as SD 0005

28/06/15

N0561

Draft of TR 24772-1 after meeting 36

28/06/15

N0560

Draft of TR 24772-8 Fortran following meeting 36

28/06/15

N0559

Minutes of meeting 36 held 26-27 June 2015

28/06/15

N0558

Draft 2 of TR 24772-4 Python

25/06/15

N0557

Updated draft minutes of meeting 35

27/06/15

N0556

Draft of TR 24772-8 Fortran before meeting

25/06/15

N0555

Advice to editors for consideration at Meeting 36

19/06/15

N0554

Draft of TR 24772-3 C before meeting 36

06/06/15

N0553

Convenors report sent to JTC 1/SC 22 for September plenary

09/06/15

N0552

Outline for C++ language specific vulnerability annex, contributed by Clive Pygott

03/06/15

N0551

Cross Reference JSF rules to TR 24772-1, with comments from Stephen MIchell

30/05/15

N0550

Agenda for Meeting 36

30/05/15

N0549

Draft of TR 24772-2 after meeting 35

26/05/15

N0548

Draft of TR 24772-1 after meeting 35

26/05/15

N0547

Draft Convenors report 2015 after meeting 35

26/05/15

N0546

JTC 1/SC 22/WG 23 Meeting 35 Minutes 26 May 2015

26/05/15

N0545

Invitation from NB India to SC 27 and liaisons to 51st meeting of SC 27 at Jaipur, India 26-30 Oct 2015

26/05/15

N0544

Comments from SC 27/WG 3 on ISO IEC FDIS N17960 for consideration at next revision

26/05/15

N0543

Liaison Statement from SC 27/WG 3 to SC 22/WG 23, SC 27/WG 3 document N1191

26/05/15

N0542

Resolutions from the SC 27/WG 3 meeting in Kuching, Malasia May 4-6 2015 SC27 N15245

26/05/15

N0541

First draft of TR 24772-4 Python language specific vulnerabilities contributed by Santiago Urueña Pascual

26/05/15

N0540

Cross reference TR24772-1 with JSF coding rules, updated by Stephen Michell

25/05/15

N0539

Final Agenda for Meeting 35, 26 May 2015

25/05/15

N0538

Draft TR24772-2 Ada for review at meeting 35

22/05/15

N0537

Draft TR24772-1 for review at meeting 35

22/05/15

N0536

Advice to Editors of Annexes, submitted by Erhard Ploedereder for Meeting 35

22/05/15

N0535

Draft 3 Convenors Report with changes from Erhard Ploedereder

20/05/15

N0534

Draft of Convenors report for Meeting 35

17/05/15

N0533

Draft Agenda Meeting 36, 26-27 June 2015

Apr 30, 15

N0532

Draft Agenda Meeting 35 25 May 2015

Apr 30, 15

N0531

Draft Agenda Meeting 34 (Cancelled)

Apr 2, 15

N0530

Draft Minutes of Meeting 33

Apr 1, 15

N0529

Draft Convenors report, with updates from Erhard Ploedereder

Mar 30, 15

N0528

Cross reference TR24772-1 with JSF coding rules

30 March 2015

N0527

Draft of TR24772-1 with all comments included and proposed numbering change

21 March 2015

N0526

Draft of TR24772-2 Ada for meeting 33

15 March 2015

N0525

Draft Agenda Mtg 33 30 Mar 2015

15 Mar 2015

N0524

TR 24772-1 with all section updates submitted for meeting 33

13 Mar 2015

N0523

TR 24772 Rework spreadsheet following Meeting 32

23 Feb 2015

N0522

Draft edits on TR 24772 V3 from David Keaton

23 Feb 2015

N0521

Draft edits on TR 24772 V3 made at meeting 32

23 Feb 2015

N0520

Meeting Minutes (Draft) mtg 32

23 Feb 2015

N0519

TR 24772 Rework spreadsheet before Meeting 32

22 Feb 2015

N0518

TR 24772-1 Draft document with edits by EP, SM, SU and CP

22 Feb 2015

N0517

Meeting minutes mtg 31 - 27 January 2015 - updated 22 February 2015

22 Feb 2015

N0516

Draft edits on TR 24772 V3 submitted by Clive Pygott

22 Feb 2015

N0515

Draft edits on TR 24772 V3 submitted by Santiago Uruena Pascual

20 Feb 2015

N0514

Draft edits on TR 24772 V3 submitted by Stephen Michell

17 Feb 2015

N0513

Draft edits on TR 24772 V3 submitted by Erhard Ploedereder

15 Feb 2015

N0512

Draft convenors report to SC 22 plenary September 2015

17 February 2015

N0511

Draft Agenda Meeting 32, 23 February 2015

26 January 2015

N0510

Proposal for TR24772 as a multipart document.doc

17 Feb 2015

N0509

TR 24772 V3 rework spreadsheet as reviewed and modified in meeting 31 2015-01-27

27 Jan 2015

N0508

Ada 2012 changes for TR24772 annex C from taft 2015-01

26 Jan 2015

N0507

Removed on request of submitter

26 Jan 2015

N0506

Meeting Minutes Meeting 31 26-27 January 2015

27 Jan 2015

N0505

FDIS 17960 submitted to secretary

26 Jan 2015

N0504

Disposition of comments for DIS 17960 Code Signing

26 Jan 2015

N0503

Comparison of TR24772 V3 and Ada annex for TR V2 from Erhard Ploedereder

25 Jan 2015

N0502

TR 24772 V3 rework Spreadsheet from S. Michell 22 Jan 2015

22Jan2015

N0501

Draft agenda for meeting 31, Houston, Texas 26-27 Jan 2015

9 Jan 2015

N0500

Disposition of comments on DIS 17960

10 Nov 2014

N0499

Minutes of Meeting 30 held 10 November 2014.

10 Nov 2014

N0498

Draft agenda for meeting 30 (teleconference) 10 November 2014.

1 Nov 2014

N0497

Consolidated Comments on DIS 17960 Source Code Signing in Excel format.

24 Oct 2014

N0496

Presentation to SC 27/WG 3 and 4 on WG 23 activities Given by Stephen Michell and Tatsuaki Takebe as part of liaison activity

21/10/14

N0495

Collated comments on DIS 17960 Source Code Signing

21/10/14

N0494

Summary of voting on DIS 17960 Source Code Signing

21/10/14

N0493

Minutes of Meeting 29 (Draft)

21/10/14


N0492

Updated Action Item Log

21/10/14

N0491

Draft agenda for meeting 29 on 10 October 2014 contributed by convenor.

21/09/14

N0490

Draft revised convenors report for comment at meeting 29 submitted by convenor.

21/09/14

N0489

Log of all action items kept as standing document on old web site as of September 2014.

21/09/14

N0488

SC 22 plenary meeting report including resolutions submitted by SC 22 secretary

03/10/14

N0487

US letter relinquishing convenorship of WG 23

15/09/14

N0486

Convenors proposed report v7 submitted by Tom Plum

08/08/14

N0485

Spreadsheet capturing work needed for the revision of TR24772 for version 3 - 21 Aug 2014 version

21/08/14

N0484

Draft Minutes of meeting 28

07/08/14

N0483

Convenors proposed report v5 submitted by Tom Plum

07/08/14

N0482

Convenors proposed report v3 submitted by Tom Plum

07/08/14

N0481

Spreadsheet capturing work needed for the revision of TR24772 for version 3 - 23 July 2014 version

23/07/14

N0480

Spreadsheet capturing work needed for the revision of TR24772 for version 3 - 20 July 2014 version

20/07/14

N0479

Spreadsheet capturing work needed for the revision of TR24772 for version 3 18 July 2014 version

18/07/14

N0478

Preliminary agenda for Meeting 28 (teleconferences)

07/08/14

N0477

Canadian contributions to SC 22 plenary on SC 22 processes and nominating S Michell as convenor of WG 23

07/08/14

N0476

Draft Agenda for SC 22 Plenary in Madrid Spain 8-9 Sep 2014

04/06/14

N0475

Withdrawal of ballot on the disbandment of WG 23.

21/04/14

N0474

Communication from the JTC 1 Chair and Secretariat on requirement for WG's to operate exclusively with technical experts.

21/04/14

N0473

US Request for ballot to disband WG 23, and SC 22 ballot on same.

31/03/14

N0472

Appointment of Tom Plum as Acting Convenor of ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities

19/02/14

N0471

US Endorsement of Tom Plum for Convenor of ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities

11/02/14

N0470

DIS Ballot document for IS 17960

18/04/14

N0469

Summary of voting for CD 2 of 17960, [pdf]

2013-10-10

N0468

Postponement of SC 22/WG 23 Teleconference

2013-09-23

N0467

Disposition of Comments on CD17960 [doc, pdf]

2013-09-23

N0466

Meeting Record: Meeting #27, 19-20 September 2013 [html]

2013-08-14

N0465

Resolution of Japanese comments for 17969 CD ballot [pdf]

2013-08-14

N0464

Resolution of UK comments for 17969 CD ballot [pdf]

2013-08-14

N0463

Committee Working Draft of IS 17960 [pdf]

2013-08-14

N0462

Agenda: Meeting #27 on Programming Language Vulnerabilities, September 2013 [html]

2013-08-14

N0461

Working draft of third revision of TR 24772 August 2013 [pdf]

2013-07-21

N0460

Business Plan and Convener's Report [for forthcoming SC 22 plenary], contributed by convener [pdf]

2013-06-28

N0459

Preliminary agenda, Meeting #27 [html]

2013-06-11

N0458

Recommendations from section 6.x.5, contributed by Larry Wagoner [doc, pdf]

2013-06-11

N0457

Comments on N0454, contributed by Clive Pygott [pdf]

2013-06-11

N0456

Draft minutes, Meeting #26 [html]

2013-06-03

N0455

Editor's report for 17960, Code Signing for Source Code [pdf]

2013-06-03

N0454

Committee draft of 17960, Code Signing for Source Code [pdf]

2013-06-03

N0453

Baseline working draft for preparation of Edition 3 of TR 24772 [pdf], contributed by the editor

2013-05-24

N0452

Revision of SC 22 N 4805 Logistical Information SC 22 Plenary 2013, contributed by WG23 convener [pdf]

2013-05-02

N0451

Preliminary Agenda, Meeting #25 of WG23, 13-15 June 2013, Berlin [html]

2013-05-02

N0450

Working draft, TR 24772, edition 3 [pdf]

2013-05-02

N0449

Representation issues in file transfers, UK contribution [pdf]. See N0447

2013-04-10

N0448

JISC Comments on CD 17960 [pdf]

2013-04-10

N0447

UK Comments on CD 17960 [pdf]. Also see N0449

2013-04-10

N0446

Ballot Results for CD 17960 [pdf]

2013-03-18

N0445

Updated guidelines for publicity, contributed by convener [pdf]

2013-03-18

N0444

Use of unchecked data from an uncontrolled or tainted source, contributed by convener [doc, pdf]

2013-03-18

N0443

Guidelines for publicity, contributed by convener [pdf]

2013-03-18

N0442

Fortran language annex [pdf]

2013-03-18

N0441

Draft minutes, Meeting #25, contributed by convener [html]

2013-03-04

N0440

Vulnerabilites Analysis by Matt Bishop, contributed by convener [pdf]

2013-03-04

N0439

Fundamental Vulnerabilities by Larry Wagoner, contributed by Larry Wagoner [pdf]

2013-03-04

N0438

Proposed new vulnerability on tainted sources, contributed by Clive Pygott [pdf]

2013-02-18

N0437

Logistics information for the WG23 meeting, 6/8-10/2013, Berlin [pdf]

2013-03-18

N0436

ISO/IEC TR 24772, Edition 2, as submitted to ITTF for publication [zip]. (This is an encrypted file. Contact the convener for the password if needed.) The published 24772, Edition 2 is freely available here.

2013-01-31

N0435

Preliminary Agenda: Meeting #25, 13-15 March 2013 [html]

2013-01-17

N0434

CD Ballot draft, 17960, Information Technology-Programming languages, their environments and system software interfaces-Code Signing for Source Code [pdf]

2012-12-17

N0433

Revision of proposed new vulnerabilities, Replaces N0429

2012-12-13

N0432

Draft Minutes, Meeting #24, 12-14 December 2012 [html]

2012-11-19

N0431

Revised working draft of 17960, Code Signing for Source Code, contributed by convener [pdf]

2012-10-18

N0430

Preliminary Agenda: Meeting #24,12-14 December 2012 [html]

2012-10-18

N0429

Proposed New Vulnerabilities, replaced by N0433

2012-09-29

N0428

Balloting results of PDTR2 of 24772 2nd edition [pdf]

2012-10-04

N0427

DTR ballot draft of 24772 2nd edition [pdf]

2012-09-29

N0426

Comments on TR24772, contributed by Tatsuaki Takebe [pdf]

2012-09-15

N0425

Resolutions of comments for [N0416] (informal UK comments) [xlsx]

2012-09-15

N0424

Comments on CA-02 of [N0418], Steve Michell [html]

2012-09-15

N0423

Correspondence with Kevin Coyne on UK comments on Python Annex [pdf]

2012-09-15

N0422

Comments on [N0417], Clive Pygott [pdf]

2012-09-15

N0421

Resolutions of comments for PDTR 24772.2 [pdf]

2012-09-15

N0420

Draft minutes for meeting #23 [html]

2012-09-15

N0419

CWE SANS 25 compared to PDTR 24772.2, Tatsuaki Takebe [pdf]

2012-09-12

N0418

Comments informally received from Canada on [N0410], [doc]

2012-09-12

N0417

Comments informally received from Japan on [N0410], [doc]

2012-08-27

N0416

Comments informally received from UK on [N0410], contributed by Pygott [xlsx]

2012-07-28

N0415

Agenda, Meeting #23, 12-14 September 2012, Geneva, Switzerland, contributed by convener [html]

2012-07-28

N0414

Business Plan and Convener's Report [for forthcoming SC 22 plenary], contributed by convener [pdf]

2012-07-18

N0413

Logistics for WG 23 meeting #25, contributed by the convener [html]

2012-07-09

N0412

Corrected disposition of comments on PDTR 24772, contributed by secretary replaces N0403

2012-07-09

N0411

Proposed annex for PHP language, contributed by Kevin Coyne, replaces N0407

2012-07-09

N0410

PDTR-2 draft of 24772, Edition 2, replaces N0389

2012-07-09

N0409

PDTR-2 draft of 24772, Edition 2 with change bars, replaces N0388

2012-06-22

N0408

Proposal to merge XZI and FLC, contributed by Plum, Benito and Keaton [docx, pdf]

2012-06-21

N0407

Proposed Annex for PHP Language, marked up by Meeting 22, replaced by N0411

2012-06-22

N0406

Reserved for Python Clarifications and Edits v03, contributed by Kevin Coyne [docx, pdf]

2012-06-21

N0405

Python Clarifications and Edits v00, contributed by Kevin Coyne [docx, pdf]

2012-06-22

N0404

Cancelled

2012-06-22

N0403

Disposition of comments on PDTR 24772, replaces N0397, replaced by N0412, Cancelled

2012-06-20

N0402

Comments on PDTR, contributed by Takabe-san [doc, pdf]

2012-06-22

N0401

Minutes, Meeting 22, 20-22 June 2012, Stuttgart,]

2012-06-18

N0400

Agenda, Meeting 22, 20-22 June 2012, Stuttgart, replaces N0375

2012-05-30

N0399

Revised Working draft 17960, Code Signing for Source Code,rerplaces N0394

2012-05-20

N0398

Draft of possible PHP annex, replaces N0393

2012-04-28

N0397

Results of Balloting on PDTR 24772 (N0389): Collated comments, replaced by N0403

2012-04-26

N0396

Result of Voting on SC 22 N 4704 (see N0389), ISO/IEC PDTR 24772

2012-04-04

N0395

Logistics, Meeting 23, 12-14 September 2012, Geneva, Switzerland, colocated with SC 22 plenary: all information [pdf]; general information [docx]; booking form for Hotel Manotel Royale [docx, pdf]; booking form for Hotel Warwic

2012-04-03

N0394

Meeting 21 Markup of Working draft 17960, Code Signing for Source Code, replaces N0390, replaced by N0399

2012-03-28

N0393

Proposed Annex for PHP Language, replaced by N0398

2012-04-03

N0392

Minutes: Meeting 21, 28 - 30 March 2012, Ottawa, Canada [html]

2012-03-20

N0391

[Corrected] Results of Voting on SC 22 N 4968 (WG23 N0379), New Work Item Proposal on ... Code Signing for Source Code (SC22 N4719), contributed by SC 22 Secretariat [pdf]

2012-03-19

N0390

Working draft 17960, Code Signing for Source Code, see N0379, replaced by N0394

2012-01-20

N0389

PDTR draft of 24772, Edition 2, without change bars, replaces N0378, results in N0396 and N0397, replaced by N0410

2012-01-20

N0388

PDTR draft of 24772, Edition 2, with change bars, replaces N0378, results in N0396 and N0397, replaced by N0410

2012-01-12

N0387

CANCELLED and replaced by [N0389]

2012-01-15

N0386

CANCELLED and replaced by [N0388]

2012-01-15

N0385

Proposed rewrite of Ruby.52, contributed by Jim Moore [docx, pdf]

2012-01-08

N0384

Draft language-specific annex for SPARK, replaces N0382

2012-01-08

N0383

Preliminary working draft, "Core Enterprise Security Application Programming Interface", contributed by Larry Wagoner [docx, pdf]

2011-12-17

N0382

SPARK annex, contributed by SC22/WG9, replaces N0281, replaced by N0384

2011-12-17

N0381

Proposed conceptual clusters for definitions, contributed by Clive Pygott [xls]

2011-12-17

N0380

Day of Meeting Agenda: Meeting number 21, 28 - 30 March 2012, Ottawa, Canada

2012-03-26

N0379

Submitted New Work Item Proposal and Preliminary Working Draft for Code Signing, see N0390 and N0391

2011-12-12

N0378

markup of N0376 in meeting number 20, replaces N0376, replaced by N0388 and N0389

2011-12-17

N0377

Minutes of Meeting #20 [html]

2011-12-17

N0376

Revised Baseline draft of 24772, Ed 2, contributed by editor, replaces N0352, replaced by N0378

2011-12-02

N0375

Preliminary Agenda, Meeting 22, 20-22 June 2012, Stuttgart, replaced by N0400

2011-11-23

N0374

Logistics, Meeting 22, 20-22 June 2012, Stuttgart, Germany, contributed by Erhard Ploedereder [html]

2011-11-05

N0373

Preliminary Agenda, Meeting 21, 28-30 March 2012, Ottawa, Canada [html]

2011-11-01

N0372

Proposed Python annex, contributed by Kevin Coyne, replaces N0362

2011-11-01

N0371

Preliminary agenda, Meeting #20, 14-16 December, Washington DC, USA [html]

2011-11-01

N0370

Logistics, Meeting #21, 28-30 March 2012, Ottawa, Ontario, Canada, contributed by Steve Michell [html](with editorial corrections)

2011-11-23

N0369

Final Meeting number 19 markup of Further Revised Proposal for Concurrency Vulnerability Descriptions, replaces N0368

2011-10-05

N0368

Meeting 19 markup of Further Revised Proposal for Concurrency Vulnerability Descriptions, replaces N0367, replaced by N0369

2011-10-04

N0367

Further Revised Proposal for Concurrency Vulnerability Descriptions, replaces N0360, replaces N0368

2011-10-03

N0366

Meeting 19 markup of proposed revision to sub-clause 4.3, replaces N0365

2011-10-03

N0365

Proposed revision to Sub-clause 4.3 to describe language annexes, contributed by Jim Moore, replaced by N0366

2011-10-01

N0364

Meeting Notes, SC 22 Plenary Meeting, 19-20 September 2011, contributed by Jim Moore [docx, pdf]

2011-09-20

N0363

Minutes, Meeting 19, 3-5 October 2011

2011-10-05

N0362

Revised Python Annex, contributed by Kevin Coyne, replaces N0347, replaced by N0372

2011-09-26

N0361

Comments on C Annex, contributed by Joyce Tokar

2011-09-30

N0360

Revised Proposal for Concurrency Vulnerability Descriptions, replaces N0345, replaced by N0367

2011-09-30

N0359

Revised preliminary working draft for code signing, contributed by Larry Wagoner, replaces by N0357

2011-09-11

N0358

Presentation for SC22 plenary regarding code signing, contributed by Jim Moore [pptx, pdf]

2011-09-07

N0357

Revised preliminary working draft for code signing, contributed by Larry Wagoner, replaces N0318, replaced by N0359

2011-09-07

N0356

Revised: Preliminary Agenda, Meeting 19, contributed by convene, Replaces N0355

2011-09-01

N0355

Preliminary Agenda, Meeting 19, contributed by convener [html]

2011-08-08

N0354

Preliminary Agenda, Meeting 23, contributed by convener [html]

2011-07-30

N0353

Business Plan and Convener's Report, prepared for SC 22 plenary meeting, by John Benito [pdf]

2011-07-30

N0352

Revised Baseline draft of 24772, Ed 2, contributed by editor [

2011-07-19

N0351

Logistics for Meeting 20, contributed by Jim Moore

2011-07-09

N0350

Meeting #18 markup of Review of draft Ruby annex , Replaces N0349

2011-06-20

N0349

Review of draft Ruby annex [N0331], prepared by Michael Walsh, contributed by Jim Moore, replaced by N0350

2011-06-20

N0348

Draft SQL annex, prepared by Jim Johnson [docx, pdf]

2011-06-20

N0347

Draft Python annex, prepared by Kevin Coyne, replaced by N0362

2011-06-20

N0346

Presentation prepared for 2011 Ada Connections Conference, contributed by Larry Wagoner and revised by Meeting #18 [pptm]

2011-06-20

N0345

Meeting 18 Markup of Concurrency Vulnerability Descriptions, replaces N0377, replaced by N0360

2011-06-19

N0344

Meeting 18 Markup of Baseline draft of 24772, Ed 2, replaces N0338, replaced by N0352

2011-06-19

N0343

Meeting 18 Markup of Proposed changes to Clause 6 introduction, replaces N0336

2011-06-19

N0342

Meeting #18 Markup of Editor's Responses [N0340] to Comments from MISRA L on DTR 24772 (N0250), replaces N0340

2011-06-19

N0341

Revised schedule for the preparation of TR 24772, Edition 2, contributed by secretary, cancelled - see S0002

2011-06-19

N0340

Editor's proposed disposition of comments from MISRA in response to N0250, replaced by N0342

2011-06-04

N0339

Minutes of Meeting #18 [html]

03/06/2011

N0338

Revised Baseline draft of 24772, Ed 2, contributed by editor replacing N0335, replaced by N0344

2011-06-02

N0337

Concurrency vulnerability descriptions, contributed by Steve Michell, replaced by N0345

2011-06-01

N0336

Proposed change to Clause 6 introduction, contributed by Jim Moore replaced by N0343

2011-05-04

N0335

Revised Baseline draft of 24772, Ed 2, contributed by editor, replacing N0303, replaced by N0338

2011-04-21

N0334

Preliminary Agenda: Meeting 18, 19-20 June 2011, Edinburgh, UK

2011-04-14

N0333

Revised schedule for the preparation of TR 24772, Edition 2, replacing N0302, replaced by N0341

2011-03-27

N0332

Revised proposal for separation of XYYreplacing N0321

2011-03-25

N0331

Revised proposed annex for Ruby, contributed by James Johnson, replacing N0320

2011-03-25

N0330

Meeting 17 markup of proposed revision of LAV in Ada annex, replacing N0311

2011-03-25

N0329

Revised proposed rewrite of NZN, contributed by Erhard Ploedereder , replacing N0312, see also N0328

2011-03-25

N0328

Revised proposed rewrite of NZN, contributed by Bob Karlin, replacing N0319, see also N0329

2011-03-25

N0327

Additional meeting 17 markup of Proposed vulnerability descriptions YUK and SUK, replacing N0324

2011-03-25

N0326

Meeting 17 markup of proposed rewrite of WXQ and YZS, replacing N0325

2011-03-25

N0325

Proposed rewrite of WXQ and YZS, contributed by Jim Moore, replacing N0316, replaced by N326

2011-03-24

N0324

Meeting 17 markup of Proposed vulnerability descriptions YUK and SUK, contributed by secretary, replacing N0313, replaced by N0326

2011-03-24

N0323

Proposal for alignment of numbering between Clauses and Annexes, contributed by editor and secretary

2011-03-24

N0322

Meeting #17 markup of Proposed vulnerability description on Inter-language calling, replacing N0310

2011-03-23

N0321

Meeting 17 markup of Proposed separation of XYY into two description (responds to action item #16-12), contributed by secretary, replacing N0305, replaced by N0332

2011-03-23

N0320

Meeting 17 markup of Proposed Annex for Ruby Language, replacing N0308, replaed by N0331

2011-03-23

N0319

Proposed rewrite of NZN, contributed by Bob Karlin (doc, pdf)

2011-03-23

N0318

Meeting 17 markup of Strawman draft, "Code Signing for Source Code", contributed by secretary, replacing N0317, replaced by N0357

2011-03-23

N0317

Strawman draft, "Code Signing for Source Code", contributed by Larry Wagoner, replaced by N0318

2011-03-23

N0316

Proposed merger of WXQ and YZS, contributed by Beth Karlin, closes AI 16-04, replaced by N0325

2011-03-23

N0315

Minutes: Meeting 17, 23-25 March 2011, Madrid, Spain

2011-03-25

N0314

Code signing proof of concept, contributed by Jim Johnson [zip]

2011-03-11

N0313

Proposed vulnerability descriptions YUK and SUK, contributed by Erhard Ploedereder (Closes AI 16-06), replaced by N0324

2011-03-21

N0312

Proposed revision of NZN, contributed by Erhard Ploedereder,closes AI 16-07, replaced by N0329, see also N0319

2011-03-21

N0311

Proposed revision of LAV in Ada annex, contributed by Erhard Ploedereder, closes AI 16-13, replaced by N0330

2011-03-21

N0310

Proposed vulnerability description on Inter-language calling, contributed by John Benito, replacing N0309, replaced by N0322

2011-03-14

N0309

Proposed vulnerability description on Inter-language calling, contributed by John Benito, revised by N0310

2011-03-11

N0308

Proposed Annex for Ruby Language, contributed by Jim Johnson, replaced by N0320

2011-03-11

N0307

Preliminary Agenda: Meeting 17, 23-25 March 2011, Madrid, Spain

2011-02-18

N0306

REVISED Result of Voting on SC 22 N 4575 - Information technology - Programming languages, their environments and system software interfaces - Software code signing, contributed by secretary, see N0253

2011-02-15

N0305

Proposed separation of XYY into two description (responds to action item #16-12), contributed by Jim Moore, replaced by N0321

2011-02-15

N0304

Revised draft language-specific annex for the programming language C, contributed by editor, replaces N0295

2011-02-14

N0303

Revised baseline draft of TR Edition 2, contributed by editor, replacing N0301, replaced by N0335

2011-01-29

N0302

Schedule for the preparation of TR 24772, Edition 2, contributed by secretary, replaced by N0333

2010-12-17

N0301

Meeting 16 markup of baseline draft of TR Edition 2, contributed by secretary, replacing N0286, replaced by N0303

2010-12-16

N0300

Proposed changes to WXQ and YZS re volatile, contributed by Tom Plum [pdf]

2010-12-14

N0299

Further revised draft language-specific annex for Java, contributed by Ben Brosgol, replaces N0294

2010-12-15

N0298

Meeting 16 markup of proposed revision to XYQ, contributed by secretary, replacing N0297

2010-12-15

N0297

Proposed revision of XYQ, contributed by David Keaton, replaces N0293, replaced by N0298

2010-12-15

N0296

Meeting 16 markup of draft language-specific annex for Ada, replacing N0288

2010-12-15

N0295

Meeting 16 markup of draft language-specific annex for programming language C, replacing N0287, replaced by N0304

2010-12-15

N0294

Revised draft language-specific annex for Java, contributed by Ben Brosgol, replacing N0287, replaced by N0304

2010-12-15

N0293

Meeting 16 markup of proposed revision to XYQ (N0290), replaced by N0297

2010-12-14

N0292

Meeting 16 markup of draft annex for Java (N0291), replaced by N0294

2010-12-14

N0291

Initial draft language-specific annex for Java, contributed by Ben Brosgol, replaced by N0292

2010-12-14

N0290

Proposed revision of 6.26 Dead and Deactivated Code [XYQ], contributed by David Keaton, replaced by N0293

2010-12-13

N0289

Minutes: Meeting 16, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 December 2010

2010-12-17

N0288

Revised draft language-specific annex for Ada, contributed by John Benito [docx, pdf]

2010-12-10

N0287

Revised draft language-specific annex for the programming language C, contributed by John Benito, replacing N0276 and N278, replaced by N0295

2010-12-10

N0286

Baseline working draft for preparation of Edition 2 of TR 24772, contributed by the editor based on the results of Meeting 15, replacing N0283 and N0282, replaced by N0301

2010-10-11

N0285

Publication proof of ISO/IEC TR 24772 [encrypted zip]

2010-09-23

N0284

Revised format for language-specific annexes, replacing N0271

2010-09-17

N0283

Proposed baseline for the second edition of TR 24772 , revision of N0268, replaced by N0286

2010-09-17

N0282

Revised outline of vulnerabilities, incorporated into N0286

2010-09-16

N0281

Markup of extract of N0275, draft language-specific annex for SPARK, replaced by N0382

2010-09-16

N0280

Prototype table summarizing vulnerabilities, contributed by Steve Michell, in response to Action Item 14-05

2010-09-14

N0279

Prototype table summarizing vulnerabilities, contributed by Jim Moore, in response to Action Item 14-04

2010-09-10

N0278

Revision of C annex portion of N0270, replaced by N0287

2010-09-10

N0277

Logistics: Meeting #17, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 23-25 March 2011, Madrid, Spain [pdf], forwarded by convener

2010-09-08

N0276

Revised draft language-specific annex for C, contributed by John Benito, David Keaton and LarryWagoner, replacing N0259, replaced by N0287

2010-09-10

N0275

Draft language-specific annex for SPARK, contributed by SC 22/WG 9, see also N0281

2010-08-31

N0274

Minutes: Meeting 15, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 15-17 September 2010

2010-09-16

N0273

Proposed draft NWIP for software security APIs, contributed by Larry Wagoner

2010-08-31

N0272

Possible new vulnerability descriptions from splitting XYR into two descriptions, contributed by Clive Pygott (Action item 14-09)

2010-08-31

N0271

Revised format for language-specific annexes, from ISO/IEC TR 24772:2010, replaces N0217, replaced by N0284

2010-08-31

N0270

Possible new vulnerability, Buffer overflow (HCB)--Language-independent and C versions, contributed by John Benito (Action Item 14-08), see also N0278

2010-08-31

N0269

Possible new vulnerability, Unrestricted file upload (CBF), contributed by John Benito

2010-08-31

N0268

Slimmer version of 24772 proposed as the baseline for Edition 2, contributed by Jim Moore, responding to AI 14-10, replaced by N0283

2010-08-12

N0267

Revised draft of 24772 submitted for publication [zip] (encrypted))

2010-07-23

N0266

Business Plan and Convener's Report for the 2010 SC 22 plenary

2010-07-08

N0265

Draft New Work Item Proposal: Software Code Signing, marked up at meeting 14, replacing N0253

2010-06-30

N0264

Request for approval of free availability for ISO/IEC TR 24772, marked up at meeting 14, replacing N0262

2010-06-30

N0263

P.M. Conmy, C. Pygott, I Bate, VHDL Guidance for Safe and Certifiable FPGA Design, Contributed by Clive Pygott [zip]. (Because the paper has been submitted for conference publication, it is in an encrypted zip file.).

2010-06-30

N0262

Request for approval of free availability for ISO/IEC TR 24772, contributed by James W. Moore, replaced by N0264

2010-06-27

N0261

Minutes: Meeting #14, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 28-30 June 2010 [html]

2010-06-28

N0260

ISO/IEC JTC 1/SC 27 N8780, 1st CD 29147, Information technology -- Security techniques - Vulnerability disclosure [pdf]

2010-06-25

N0259

Revised draft language-specific annex for C, contributed by LarryWagoner, replacing N0245, replaced by N0276

2010-06-25

N0258

Draft language-specific annex for Ada, contributed by WG 9, replacing N0205, replaced by N0288

2010-06-22

N0257

Draft of 24772 submitted for publication (encrypted), supercedes N0238, replaced by N0267

2010-06-03

N0256

Preliminary Agenda: Meeting 16, 14-16 December 2010, San Diego, CA, USA

2010-05-13

N0255

Preliminary Agenda: Meeting #15, 15-17 September, 2010, Ottawa, Canada [html]

2010-05-13

N0254

Logistics: Meeting 15, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 15-17 September 2010, Ottawa, Ontario, Canada, contributed by Steve Michell

2010-05-11

N0253

Draft New Work Item Proposal: Software Code Signing, contributed by Larry Wagoner, replacing N0265, see N0306

2010-05-06

N0252

Logistics: Meeting 16, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 December 2010, San Diego, CA, USA

2010-04-21

N0251

JTC001-N-7269 Criteria for Free Availability [pdf]

2010-04-15

N0250

Comments from MISRA L (see N0340), contributed by Clive Pygott

2010-04-15

N0249

Recommended disposition of comments from Balloting on DTR 24772 (N0243)

2010-04-14

N0248

Minutes: Meeting 13, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 April 2010

2010-04-14

N0247

Liaison Request from MISRA L to JTC1 for Category C Liaison with JTC 1/SC 22/WG 23 [pdf]. (This request was approved by JTC 1.)

2010-03-30

N0246

Preliminary Agenda: Meeting 14, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 28-30 June 2010

2010-03-27

N0245

Revised draft language-specific annex for C, contributed by LarryWagoner, replaces N0233, replaced by N0259

2010-03-23

N0244

Venue information, Meeting 14, Kona, Hawaii, 28-30 June 2010, contributed by John Benito and Tom Plum

2010-03-23

N0243

Results of Balloting on DTR 24772: Collated NB comments, see N0249 for disposition

2010-03-22

N0242

Hotel arrangements, Meeting 14, Kona, Hawaii, 28-30 June 2010, contributed by Tom Plum

2010-03-10

N0241

US Delegation to Meeting 13, contributed by ANSI

2010-03-09

N0240

Preliminary Agenda: Meeting 13, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 April 2010

2009-11-24

N0239

Completed disposition of all comments received in balloting of PDTR.2 24772, replaces N0230

2009-11-24

N0238

Draft of 24772 submitted to SC 22 for DTR ballot, superceding N0191, becoming SC 22 N4505 and JTC 1 N9937].

2009-11-24

N0237

Logistics for Meeting 13 of ISO/IEC JTC 1/SC 22/WG 23, Padua, Italy, 14-16 April 2010, contributed by Tullio Vardanega

2009-10-26

N0236

Email from Tom Plum, 16 October 2009

2009-10-22

N0235

Proposed response to NL-11, contributed by Steve Michell and revised during Meeting 12

2009-10-22

N0234

Proposed response to JP-8, contributed by Robert Karlin and revised during Meeting 12

2009-10-22

N0233

Revised draft language-specific annex for C, contributed by LarryWagoner, replacing N0221, replaced by N0245

2009-10-22

N0232

Proposed response to NL-7, contributed by Robert Seacord and revised during meeting #12 [pdf]

2009-10-22

N0231

Proposed response to UK-23, contributed by Dan Nagle and revised during meeting #12 - [txt]

2009-10-22

N0230

Disposition of technical comments received on PDTR.2 24772 (N0224), replaced by N0239

2009-10-22

N0229

Revised proposal for a vulnerability description on namespace issues, contributed by Erhard Ploedereder , replaces N0197

2009-10-22

N0228

Olwen Morgan, Programming languages - C - Designated constructs, contributed by Steve Michell with permission of author.

2009-10-16

N0227

Minutes: Meeting 12, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 21-23 October, 2009

2009-10-22

N0226

A. Burns and A.J. Wellings, Language Vulnerabilities - Let's not forget Concurrency, contributed by Stephen Michell with permission of authors

2009-10-13

N0225

Preliminary Agenda: Meeting 12, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 21-23 October 2009

2009-09-30

N0224

Corrected results of balloting on PDTR.2 24772: Collated NB comments, replacing N0223, disposition in N0230

2009-09-27

N0223

Results of Balloting on PDTR.2 24772: Collated NB comments, cancelled and replaced by N0224

2009-09-24

N0222

Telecon Notes, WG 23, 25 August 2009, contributed by Jim Moore [pdf]

2009-08-25

N0221

Draft C Annex, contributed by Larry Wagoner, replaced by N0215, replaced by N0233

2009-08-24

N0220

Draft Fortran Annex, contributed by Dan Nagle replacing N0216

2009-08-24

N0219

Logistics for Meeting #12 of ISO/IEC JTC 1/SC 22/WG 23, Santa Cruz, CA, 21-23 October 2009, contributed by John Benito [pdf]

2009-08-15

N0218

On Removing Programming Language Bias from the Vulnerabilities Document, J-P Rosen, written for submission to Ada-User, contributed by Steve Michell (Canada) [pdf]

2009-08-15

N0217

Revised format for language-specific annexes, contributed by Jim Moore, recording decisions of Meeting 11, replacing N0165 and N0193, replaced by N0271

2009-07-15

N0216

Markup of revised draft language-specific annex for Fortran replacing N0211, replaced by N0220

2009-07-15

N0215

Markup of revised draft language-specific annex for C, replacing N0210, replaced by N0221

2009-07-15

N0214

Markup of proposed description of NMP for Ada annex, replacing N0209

2009-07-15

N0213

Markup of proposed description of MEM for Ada annex, replacing N0208

2009-07-15

N0212

Possible design for a multi-part document, contributed by Jim Moore

2009-07-15

N0211

Revised draft language-specific annex for Fortran, contributed by Dan Nagle, replacing N0206, replaced by N0216

2009-07-15

N0210

Revised draft language-specific annex for C, contributed by Larry Wagoner replacing N0204, replaced by N0215

2009-07-15

N0209

Proposed description of vulnerability NMP for Ada Annex, contributed by Steve Michell, replaced by N0214

2009-07-15

N0208

Proposed description of MEM for Ada annex, contributed by Steve Michell, replaced by N0213

2009-07-15

N0207

Proposed new vulnerability description, QVT, contributed by Dan Nagle

2009-07-15

N0206

Meeting 11 markup of draft language-specific annex for Fortran replacing N0198, replaced by N0211

2009-07-15

N0205

Meeting 11 markup of draft language-specific annex for Ada resulting from workshop at 2009 Ada Europe conference, replacing N0199, replaced by N0258

2009-07-15

N0204

Meeting 11 markup of draft language-specific annex for C replacing N0200, replaced by N0210

2009-07-15

N0203

Meeting 11 markup of proposed new vulnerability description, Overloading and Overriding replacing N0201

2009-07-15

N0202

Minutes: Meeting 11, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 13-15 July, 2009]

2009-07-15

N0201

Proposed vulnerability description, Overloading and overriding, contributed by Erhard Ploedereder , replaced by N0203

2009-07-12

N0200

Draft language-specific annex for C, contributed by Larry Wagoner replaced by N0204

2009-07-06

N0199

Draft language-specific annex for Ada resulting from workshop at 2009 Ada Europe conference, contributed by John Benito replaced by N0205

2009-06-22

N0198

Draft language-specific annex for Fortran, contributed by Dan Nagle replacing N0145, replaced by N0206

2009-06-22

N0197

Proposed vulnerability on namespace issues, contributed by Erhard Ploedereder replaced by N0229

2009-06-22

N0196

Business Plan and Convener's Report [for the 2009 SC22 plenary meeting], contributed by convener

2009-06-22

N0195

Preliminary Agenda: Meeting 11, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 13-15 July, 2009

2009-06-10

N0194

SC22/WG23 Vulnerablities Meeting 11 Logistics

2009-06-10

N0193

Proposed changes to Annex F resulting from workshop at Ada-Europe Conference , see N0165, replaced by N0217

2009-06-22

N0192

Presentation to workshop of Ada-Europe Conference, John Benito, June 2009

2009-06-10

N0191

Draft of 24772 submitted to SC 22 for PDTR.2 ballot superceding N0170, replaced by N0238

2009-06-02

N0190

Proposed rewrite of Sub-clause 6.26, contributed by Robert Karlin

2009-05-05

N0189

Proposed rewrite of Clause 5, contributed by Larry Wagoner

2009-05-04

N0188

Suggestion for introductory text outlining scope limitations of first edition, contributed by James Moore

2009-04-19

N0187

Completed disposition of WG9 comments on PDTR 24772, contributed by John Benito, revision of N0181

2009-05-18

N0186

Replacement text for Subclause 5.2, as edited at Meeting #10 for N0185

2009-04-17

N0185

Proposed revision of Subclause 5.2, contributed by Robert Karlin for N0185

2009-04-16

N0184

Completed disposition of NB comments on PDTR 24772, contributed by John Benito revision of N0180

18/05/2009

N0183

Schedule, version 3 revision of N0167

2009-06-22

N0182

Four vulnerability descriptions approved for inclusion in the next draft of 24772 by Meeting 10, revision of N0177

2009-04-15

N0181

Disposition of WG9 comments in N0174 performed during the meeting revised as N0174

2009-04-17

N0180

Disposition of NB technical comments on PDTR 24772 (N0176) performed during Meeting 10 revised as N0184

2009-04-17

N0179

Draft Minutes: Meeting 10 of ISO/IEC JTC 1/SC 22/WG 23, 15-17 April 2009, San Diego, CA

2009-04-17

N0178

2nd Preliminary Agenda, Meeting 10, San Diego, CA, 15-17 April 2008, contributed by convenerreplaces N0169

2009-04-13

N0177

Four vulnerabilities recommended for inclusion in 24772 by the editorial team revised as N0182

2009-04-04

N0176

Results of Balloting on PDTR 24772: Summary of voting [pdf]; collated NB comments disposed in N0180

2009-02-20

N0175

Report of Editors' Meeting, 18 February 2009, contributed by Jim Moore: Report [pdf]. Supplementary documents [zip]

2009-02-18

N0174

Liaison comments from SC 22/WG 9 on PDTR 24774, contributed by Joyce Tokar, Convener, SC 22/WG 9 [doc].

2009-02-14

N0173

Report of Editors' Meeting, 28 January 2009, contributed by Jim Moore: Report [pdf]. Supplementary documents [zip].

2009-02-14

N0172

Report of Editors' Meeting, 12 December 2008, contributed by Jim Moore [pdf]

2008-12-13

N0171

Presentation to DHS Software Assurance Working Group, December 2008, contributed by Jim Moore [pdf]. Narrative version, submitted to Ada User as an article.

2008-12-09

N0170

Draft of 24772 submitted to SC 22 for PDTR ballot replaced by N0181

2008-12-09

N0169

Preliminary Agenda, Meeting 10, San Diego, CA, 15-17 April 2008, contributed by convener, replaced by N0178

2008-12-09

N0168

Meeting Logistics: Meeting #10, San Diego, CA, contributed by James.W.Moore [pdf]

2009-04-09

N0167

Schedule, version 2 replacing N0130, replaced by N0183

2008-10-22

N0166

Revised commenting template replacing N0115

2008-10-06

N0165

Meeting #9 revision of [N0144] Proposed template for language specific annexes

2008-10-06

N0164

Meeting#9 revision of [N0143] New Vulnerability Descriptions Proposed by J3 (Fortran)"" [doc]

2008-10-06

N0163

Meeting #9 revision of [N0152] Proposed rewrite of 7.13 of Editor's draft of PDTR 24772 [N0138]

2008-10-06

N0162

Meeting 9 revision of [N0151] Proposed rewrite of 7.10 of Editor's draft of PDTR 24772 [N0138]

2008-10-06

N0161

Meeting 9 revision of [N0156], 6.20 Buffer Overflow [XZB]

2008-10-06

N0160

Meeting 9 revision of [N0157] 6.17 Unchecked Pointer Arithmetic in Buffer Access (XYX)

2008-10-06

N0159

Meeting 9 disposition of comments contained in [N0148]

2008-10-06

N0158

Proposed rewrite of 6.18 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner [doc]

2008-10-06

N0157

Proposed revision of 6.17 Unchecked Pointer Arithmetic in Buffer Access (XYX), contributed by Erhard Ploedereder (see N0138)

2008-10-06

N0156

Proposed revision of 6.20 Buffer Overflow [XZB], contributed by Erhard Ploedereder (see N0138), replaced by N161

2008-10-06

N0155

Proposed Vulnerability Description on Concurrency, contributed by Steve Michell, see N0138

2008-10-06

N0154

Resolutions Approved at the 22-24 September 2008 JTC 1/SC 22 Plenary in Milan, Italy

2008-10-06

N0153

Minutes: Meeting #9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 29 September to 01 October, 2008 [html]

2008-12-09

N0152

Proposed rewrite of 7.13 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner replaced by N0163

2008-09-26

N0151

Proposed rewrite of 7.10 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner replaced by N0162

2008-09-26

N0150

Proposed rewrite of 6.18 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner (see N0138)

2008-09-26

N0149

Comments on the Draft of the Fortran Annex of the OWG-V TR [N0145] contributed by Nick Mclaren (see N0145)

2008-09-26

N0148

2nd version of Consolidated comments on [N0138], including comments received as of the date issued. Replacing N0148

2008-09-26

N0147

2nd Preliminary Agenda, Meeting 9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, Stuttgart, Germany, 29 September 2008 / 01 October 2008, replacing N0141

2008-09-10

N0146

Consolidated comments on [N0138], as of the date issued. It includes comments from Jones and Pygott., replaced by N0146

2008-09-10

N0145

Draft of language-specific annex for Fortran, contributed by Dan Nagle replaced by N0198

2008-09-05

N0144

Proposed template for language specific annexes, contributed by Larry Wagoner replaced by N0165

2008-09-05

N0143

New Vulnerability Descriptions Proposed by J3 (Fortran), contributed by Dan Nagle replaced by N0165

2008-08-26

N0142

Logistics, OWGV Meeting #9, Stuttgart, Germany, 2008-09-29/10-01, contributed by Erhard Ploedereder

2008-08-27

N0141

Preliminary Agenda, Meeting 9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, Stuttgart, Germany, 29 September 2008 / 01 October 2008, contributed by convener [html]

2008-08-26

N0140

Presentation made by Jim Moore to ISO/IEC JTC 1/SC 22/WG 9 with slide added to record discussion

2008-07-29

N0139

Presentation made by John Benito to Military & Aerospace Electronics Forum [pdf], 2008-04

2008-07-29

N0138

Editor's draft of PDTR 24772, prepared by John Benito With Spreadsheet for providing comments

2008-08-20

N0137

Business Plan and Convener's Report, ISO/IEC JTC 1/SC 22/OWG:Vulnerability, for 2008 SC 22 plenary,

2008-07-29

N0136

Results of OWGV Editorial Meeting, 30 June to 02 July 2008, submitted by secretary:

2008-07-07

N0135

Preliminary agenda, Editorial Meeting, 30 June - 02 July 2008, submitted by convener [pdf]

2008-06-10

N0134

Editor's draft of PDTR 24772, prepared by John Benito replacing N0125, replaced by N0138

2008-06-03

N0133

Template for Language-Independent Descriptions of Vulnerabilities, Version 7 revision of N0092

2008-04-16

N0132

Suggested editorial corrections to PDTR, Larry Wagoner [doc]

2008-04-10

N0131

Superseded directory of vulnerabilities, as of 13 March 2008 (Posted only for archival purposes.)

2008-04-10

N0130

Schedule moving forward toward PDTR version 1 replaced by N0167

2008-04-10

N0129

Disposition of consolidated comments on vulnerability descriptions, (N0127) prepared by Secretary

2008-04-09

N0128

Minutes: Meeting 8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands

2008-04-09

N0127

Consolidated comments on vulnerability descriptions (N0129)

2008-03-31

N0126

2nd Preliminary Agenda: Meeting 8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands replacing N0118

30/03/2008

N0125

Editor's draft of PDTR 24772, prepared by John Benito replacing N0118, replaced by N0134

2008-03-26

N0124

Mapping between OWGV language vulnerabilities and the JSF, MISRA C, CERT C, and CERT C++, Version 2, Robert Seacord replacing N0120

2008-03-26

N0123

Editor's Report for Meeting #8, TR 24772 [pdf]

2008-03-26

N0122

Array bounds checking bibliography, Derek Jones

2008-02-14

N0121

(Revised) Forms of language specification: Examples from commonly used computer languages Derek Jones replacing N0078

2008-02-14

N0120

Mapping between OWGV language vulnerabilities and the JSF, MISRA, CERT C, and CERT C++ rule sets, Robert Seacord, replaced by N0124

2008-02-14

N0119

A new type of Working Group used for a new SC22 Working Group: OWG Vulnerability"", John Benito, convener

2008-02-14

N0118

Preliminary Agenda: Meeting 8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands, replaced by N0126

2008-02-14

N0117

Outline of Vulnerability Descriptions, 24 December 2007 (with assignments for update), contributed by John Benito, replacing N0112

2007-12-24

N0116

Safety considerations in programming systems, contributed by Steve Michell [pdf]

2007-12-16

N0115

Commenting spreadsheet to be used in making comments on vulnerability descriptions, replaced by N0166

2007-12-15

N0114

Automatically Generated Code, contributed by Robert Seacord

2007-12-15

N0113

List of Coding Guideline Documents, contributed by Derek Jones [pdf]

2007-12-14

N0112

Proposed organization of vulnerability descriptions (with annotations from OWGV Meeting #7) , annotation of N0109, replaced by N0117

2007-12-14

N0111

Minutes: Meeting 7 of ISO/JTC1/SC22/OWG: Vulnerability 12-14 December 2007, Pittsburgh, Pennsylvania, USA

2007-12-15

N0110

Final Resolutions of the 20th Plenary meeting of ISO/IEC JTC 1/SC 22, 24-28 September 2007, Singapore

2007-12-11

N0109

Proposed organization of vulnerability descriptions, contributed by Larry Wagoner, annotated as N0112

2007-12-13

N0108

Proposed additions to ISO/IEC PDTR 24772, contributed by C H Pygott [pdf]

2007-11-28

N0107

Editor's report, project 24772, contributed by John Benito

2007-11-28

N0106

Editor's draft of PDTR 24772, prepared by John Benito replacing N0095, replaced by N0125

2007-11-28

N0105

Examples of Mapping MISRA-C Rules to COBOL, contributed by Barry Tauber [pdf]

2007-11-24

N0104

Distinguishing Criticality of Undefined Behavior, contributed by Tom Plum [html]

2007-11-24

N0103

Preliminary Agenda: Meeting #7 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 12-14 December 2007, Pittsburgh, Pennsylvania, USA [html], prepared by convener

2007-11-15

N0102

Annotations to N0099 made during Meeting 6 of OWGV annotates N0099

2007-10-25

N0101

John Benito, OWG: Vulnerability,"" [pdf] presentation to conference associated with meeting of ISO/IEC JTC 1/SC 22, 28 September 2007.

2007-10-15

N0100

Minutes: Meeting #6 of ISO/JTC1/SC22/OWG: Vulnerability 1-3 October 2007, Kona, Hawaii, USA

2007-10-25

N0099

Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use, contributed by Larry Wagoner [pdf]. (All of the papers's references can be located using this website's list of [References].)

2007-09-29

N0098

Logistics information for OWGV Meeting 8, Amsterdam, Netherlands [html]

2007-09-12

N0097

Preliminary Agenda: Meeting 6 of ISO/JTC1/SC22/OWG: Vulnerability 1-3 October 2007, Kona, Hawaii, USA

2007-09-04

N0096

Logistics information for OWGV Meeting #6, Kona, Hawaii, USA, see also N0058.

2007-08-06

N0095

Editor's draft of PDTR 24772, prepared by John Benito, submitted for PDTR registration revising N0079, replaced by N0106

2007-08-06

N0094

Business Plan and Convener's Report, ISO/IEC JTC 1/SC 22/OWG:Vulnerability 2007-07-31, contributed by John Benito [pdf]

2007-08-03

N0093

Proposed vulnerabilities as of the close of Meeting #5. [This is posted only as a snapshot of the results. For the most recent status use the current directory of vulnerability proposals.]

2007-07-24

N0092

Template for Language-Independent Descriptions of Vulnerabilities, Version 6 replacing N0072, replaced by N0133

2007-07-24

N0091

Definitions agreed at Meeting 5 for use in the TR, replacing N0085

2007-07-24

N0090

Text for sub-clause 1.4, as agreed at Meeting 5 replacing N0087

2007-07-24

N0089

Approved Minutes of 19-20 July 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #5), Ottawa, Canada [html].

2007-08-20

N0088

Liaison Report: JSR-282 (Real-Time Specification for Java) and JSR-302 (Safety-Critical Java Technologies), Ben Brosgol

2007-07-16

N0087

Possible text for sub-clause 1.4, contributed by Jim Moore, replaced by N0090

2007-07-13

N0086

The Physics of a Vulnerability, [pdf] by Bob Martin. Contributed by Jim Moore with the permission of The MITRE Corporation.

2007-07-13

N0085

Definition of Vulnerability [pdf] contribution by Ben Brosgol, replaced by N0091

2007-07-12

N0084

(2nd Revision) Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use; directory of proposed vulnerability descriptions ; and cover note -- contribution by Larry Wagoner, replacing N0073

2007-07-12

N0083

Comments on "Software for Dependable Systems", contribution by Tom Plum [html]

2007-07-02

N0082

James W. Moore and Robert Seacord, Secure Coding becomes Standard [pdf] presentation to Systems and Software Technology Conference (SSTC), June 19, 2007. Also see related article.

2007-07-02

N0081

Pre-Meeting Package, Meeting 5 -- VOIDED

2007-07-01

N0080

Agenda: Meeting 5 of ISO / IEC / JTC1 / SC22/OWG: Vulnerability 18th - 20th July 2007, Ottawa, Canada

2007-06-30

N0079

Editor's draft 070629 of PDTR 24772, prepared by John Benito replacing N0074.

2007-06-30

N0078

(Revised) Forms of language specification: Examples from commonly used computer languages and directory of proposed vulnerability descriptions from Derek M. Jones, replaces N0060

2007-06-30

N0077

Post-Meeting Package, Meeting 4 [zip] -- VOIDED

2007-06-04

N0076

Logistics information for OWGV Meeting 5, Ottawa, Canada

2007-06-01

N0075

Response of ISO/IEC JTC 1/SC 22/OWGV to: ISO/IEC JTC 1/SC 27 N5494, JTC 1/SC 27/WG 4 Liaison Statement to JTC 1/SC 22 on Collaborative work on Application Security""; and to ISO/IEC JTC 1/SC 27 N5482, ""Report of the Application Security meeting, held in Glenburn Lodge (South Africa), Nov. 17th 2006"" response to N0070 and N0071

2007-05-10

N0074

Editor's draft 3 of intended PDTR 24772, prepared by John Benito [pdf]

30/06/2007

N0073

(Revised) Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use"" [pdf] and directory of proposed vulnerability descriptions [dir, zip], personal contribution by Larry Wagoner

21 June 2007

N0072

Template for Language-Independent Descriptions of Vulnerabilities, Version 5 [html]

2007-05-05

N0071

ISO/IEC JTC 1/SC 27 N5494 - JTC 1/SC 27/WG 4 Liaison Statement to JTC 1/SC 22 on Collaborative work on Application Security [pdf]

2007-04-30

N0070

ISO/IEC JTC 1/SC 27 N5482, Report of the Application Security meeting, held in Glenburn Lodge (South Africa), Nov. 17th 2006"" [pdf]

2007-04-30

N0069

Approved Minutes of 30 April-2 May 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #4), Padua, Italy [html].

2007-04-30

N0068

Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use: Vulnerabilities to Address in CWE - Part 3"" [pdf], personal contribution by Larry Wagoner.

2007-04-23

N0067

Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use: Vulnerabilities to Address in CWE,"" Part 2 [pdf], personal contribution by Larry Wagoner

2007-04-18

N0066

Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use [pdf], personal contribution by Larry Wagoner

2007-04-11

N0065

Pre-Meeting Package, Meeting #4 - VOID

2007-04-05

N0064

Ben Brosgol and Andy Wellings, A Comparison of Ada and Real-time Java for Safety-Critical Applications,"" contributed by Ben Brosgol [pdf]. Posted by permission [txt].

2007-04-04

N0063

Agenda for 30 April-2 May 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #4), Padua, Italy [html]

2007-04-04

N0062

Vulnerability, Safety, Security, and Quality, [html] personal contribution by Tom Plum

2007-04-04

N0061

Editor's draft 2 of intended PDTR 24772, prepared by John Benito [pdf]

2007-04-04

N0060

Forms of language specification: Examples from commonly used computer languages, [pdf] contributed by Derek Jones. Permission [txt].

2007-04-04

N0059

Preliminary draft of the CERT C Programming Language Secure Coding Standard [pdf], contributed by Robert Seacord. Permission [txt]

2007-04-04

N0058

Hotel registration form for Meeting #6, Kona, Hawaii [pdf].

2006-12-29

N0057r

Announcement and logistics information for OWGV Meeting #4, Padua, Italy [pdf].

2006-12-31

N0056

Various Versions of a Template for Language-Independent Descriptions of Vulnerabilities [html]

2006-12-14

N0055

Approved Minutes of 11-13 December 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #3), Washington, DC [html]

2006-12-14

N0054

Stephen Michell, Revisions of Vulnerabilities Issues from TR15942 [pdf]

2006-12-12

N0053

Pre-Meeting Package, Meeting 3 VOID

2006-11-22

N0052

Agenda for 11-13 December 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #3), Washington, DC [html]

2006-11-22

N0051

Derek Jones, Some proposed language vulnerability guidelines, 20 November 2006 [pdf]

2006-11-22

N0050

Derek Jones, Expertise: Discussion of guideline related issues, 28 August 2006 [pdf]

2006-11-22

N0049

Brian Wichmann, Tool assurance for predictable execution, 3 November 2006 [pdf]

2006-11-22

N0048

Stephen Michell, Vulnerabilities Issues from TR15942 [pdf]. (Revised)

2006-12-11

N0047

Post-Meeting Package, Meeting 2 VOID

2006-10-17

N0046

Meeting information, OWG:V Meeting #3, Washington DC, 11-13 December 2006 [html]

2006-09-28

N0045

Jim Moore, Meeting Report of SC22 Plenary, September 2006 [pdf] (Corrected version)

2006-12-15

N0044

Vulnerability classifications used in QinetiQ report [N0043], submitted by Clive Pygott following Meeting #2 [pdf]

2006-09-19

N0043

Adam Schofield & Clive Pygott, "A Tabulation of the unpredictable features of the C++ language" September 2006, QINETIQ/SDU/TIM/CR060019, submitted by Clive Pygott following Meeting #2 [pdf]. Posted by permission [pdf]

2006-09-19

N0042

Corrected and Approved Minutes of 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html] (These minutes were approved with corrections at Meeting #3.)

2006-12-14

N0041

Paul Caseley, "Dependable software dependent systems?", presentation at Meeting #2 [pdf]. Permission to post [htm]

2007-04-04

N0040

Working draft 61106 of intended PDTR 24772 [pdf], prepared by John Benito.

2006-11-06

N0039

Clive Pygott, Summary of the Discussion at the HIRTS DARP C/C++ workshop 25/4/2006, personal submission to Meeting #2 [doc]

2006-09-15

N0038

Clive Pygott - Summary of DARP Workshop personal submission to Meeting #2

2006-09-15

N0037

Derek Jones, Culture and Education,"" personal submission to Meeting #2 [pdf]

2006-09-15

N0036

Derek Jones, Developer beliefs about binary operator precedence,"" personal submission to Meeting #2 [pdf]

2006-09-15

N0035

Pre-Meeting Package, Meeting 2 - VOID

2006-08-28

N0034

UK Contribution, Proposed Base Document for OWGV [html], revised

2006-08-28

N0033

Derek Jones, Culture and Formal Education Issues: Discussion and Proposed Guidelines, personal submission [pdf]

2006-08-28

N0032

Brian Wichmann, "What is Predictable Execution?", personal submission [pdf]

2006-08-24

N0031

Robert Seacord, Email dated 2006-08-22, outlining planned CERT approach to levels, first draft of response to Action Item 01-09 [txt, jpg]

2006-08-22

N0030

O-IECJTC1-SC22-WG23_N0030-Proposed-Vulnerability-Description.htm"> Jim Moore, "Proposal for Vulnerability Descriptions", Draft 1, prepared in response to Action Item 01-10 [html]

2006-08-08

N0029

O-IECJTC1-SC22-WG23_N0029-agenda-owg-mtg2-2006-09-14.htm"> Agenda for 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html]

2006-08-28

N0028

Preliminary Agenda for 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html]

2006-08-14

N0027

Post-Meeting Package, Meeting 1 - VOID

2006-07-24

N0026

Annual Business Plan and Convener's Report, ISO/IEC JTC 1/SC22 OWG:Vulnerability [pdf]. (This document was published by SC22 as N4078.)

2006-07-06

N0025

Minutes of 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]

2006-06-29

N0024

James W. Moore, Terms of Reference: ISO/IEC Project 22.24772, "Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" (Revision resulting from Meeting #1.) [pdf]

2006-06-28

N0023

Robert C. Seacord, CERT, "CERT Secure Coding Standards" (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]

2006-06-26

N0022

Derek Jones, UK, Base Document Proposal (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]

2006-06-26

N0021

Stephen Michell, Canada, "Ada's approach to Software Vulnerabilities" (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]

2006-06-26

N0020

Derek Jones, UK, Information regarding Meeting #2 of OWGV, 14-15 Sep 2006, London (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]

2006-06-26

N0019

Robert A. Martin, The MITRE Corporation, "The Common Weakness Enumeration Initiative," (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]

2006-06-23

N0018

Joe Jarzombek, US Department of Homeland Security, Considerations in Advancing the National Strategy to Secure Cyberspace for presentation to Meeting #1 of OWGV, 27 June 2006 [pdf]

27 June 2006

N0017

Robert Seacord, Carnegie-Mellon University CERT, 'Secure Coding Standards' (permission to post) [pdf]

2006-06-22

N0016

Revised Agenda for 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]

2006-06-22

N0015

James W. Moore, Terms of Reference: ISO/IEC Project 22.24772, "Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" [pdf]

2006-06-21

N0014

James W. Moore, Convener's Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V [pdf]

2006-06-21

N0013

ISO/IEC TR 15942:2000, Information technology -- Programming languages -- Guide for the use of the Ada programming language in high integrity systems [web, pdf]

2006-06-20

N0012

UK Contribution, Proposed Base Document for OWGV [html]

2006-06-14

N0011

John Benito, OWG: Vulnerability -- A new type of Working Group used for a new SC22 Working Group, SC 22/WG 9 Meeting, Porto, Portugal [pdf]

2006-05-15

N0010

Meeting Announcement and Logistics for the 19-22 September 2006 JTC 1/SC 22 Plenary in London, England (cover [html], document [pdf])

2006-04-17

N0009

Meeting information, OWG:V Meeting #1, Washington DC, 26-27 June 2006 [html]

2006-04-11

N0008

Preliminary Agenda for 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]

2006-04-13

N0007

Disposition of Comments for SC22 N3913, "New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" [html]. (This document was published by SC22 as N4027.)

2006-03-13

N0006

James W. Moore, A New Standards Project on "Avoiding Programming Language Vulnerabilities", SC 22/WG 14 Meeting, Berlin, Germany [pdf]

1 March 2003

N0005

James W. Moore, A New Standards Project on "Avoiding Programming Language Vulnerabilities", SIGAda Conference and SC 22/WG 9 Meeting, Atlanta, GA [pdf]

2005-11-17

N0004

James W. Moore, "Moving Forward" - -report to the SC22 High Integrity Study Group Mailer [pdf],

2005-10-06

N0003

Excerpts of SC 22 N 3989, "Resolutions Prepared at the Eighteenth Plenary Meeting of ISO/IEC JTC 1/SC 22, 30 September-2 October 2005, Mont Tremblant, Canada" [pdf]

2 October 2005

N0002

SC22 N3990 Summary of Voting for SC 22 N 3913, New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use

5 October 2005

N0001

SC 3913 New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use

2005-06-28