iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TR 24772-1:2019

(Main)

Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance

Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series. It is applicable to the software developed, reviewed, or maintained for any application. This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

Langages de programmation — Conduite pour éviter les vulnérabilités dans les langages de programmation — Partie 1: Conduite indépendante du langage

General Information

Status
Published
Publication Date
09-Dec-2019
ICS
35.060 - Languages used in information technology
Technical Committee
ISO/IEC JTC 1/SC 22 - Programming languages, their environments and system software interfaces
Drafting Committee
ISO/IEC JTC 1/SC 22/WG 23 - Programming Language Vulnerabilities
Current Stage
9599 - Withdrawal of International Standard
Start Date
29-Oct-2024
Completion Date
30-Oct-2025
Ref Project

Relations

Revised
ISO/IEC 24772-1:2024 - Programming languages — Avoiding vulnerabilities in programming languages — Part 1: Language-independent catalogue of vulnerabilities
Effective Date
06-Jun-2022
Revises
ISO/IEC TR 24772:2013 - Information technology — Programming languages — Guidance to avoiding vulnerabilities in programming languages through language selection and use
Effective Date
09-Apr-2016

Overview

ISO/IEC TR 24772-1:2019 - Programming languages - Guidance to avoiding vulnerabilities in programming languages - Part 1: Language‑independent guidance - is a technical report from ISO that identifies programming‑language vulnerabilities that should be avoided when developing systems requiring assured behaviour (security, safety, mission‑critical, business‑critical). It provides language‑independent descriptions of common vulnerability patterns and avoidance mechanisms that are applicable across many programming languages. The document is focused on vulnerabilities themselves and explicitly does not address software engineering management, process improvement, or the specification of properties to be assured.

Key topics and technical coverage

The standard organizes guidance into practical, technical topics including:

  • Predictable execution and sources of unpredictability:
    • Incomplete or evolving language specifications
    • Undefined, unspecified, and implementation‑defined behaviour
    • Difficult language features and inadequate language support
  • Sources of unpredictability in language usage:
    • Porting and interoperation issues
    • Compiler selection and configuration
  • Top avoidance mechanisms for reducing vulnerability exposure
  • A catalogue of specific programming language vulnerabilities (described generically), for example:
    • Type system weaknesses
    • Bit representation ambiguities
    • Floating‑point arithmetic pitfalls
    • Enumerator and conversion errors
    • String termination and buffer boundary violations (buffer overflows)
    • Unchecked array indexing / copying
    • Pointer type conversions, pointer arithmetic, null pointer dereference
    • Dangling references (heap)

For each vulnerability the report describes the application vulnerability, mechanism of failure, applicable language characteristics, avoidance or mitigation techniques, and implications for language design and evolution.

Practical applications

ISO/IEC TR 24772-1:2019 is practical for organizations and practitioners aiming to reduce language‑level vulnerabilities and improve software assurance:

  • Integrate into secure coding guidelines and code review checklists
  • Inform static analysis and testing focus areas (e.g., buffer overflows, null dereferences)
  • Guide language selection, compiler configuration, and interoperability decisions for safety‑critical projects
  • Support language designers and standards bodies by identifying features that increase risk

Who should use this standard

  • Software developers and architects working on security or safety‑critical systems
  • Code reviewers, QA engineers, and security auditors
  • Language designers and tool vendors (compilers, static analyzers)
  • Systems integrators and maintainers responsible for cross‑platform portability

Related standards

  • This part is language‑independent; other parts of the ISO/IEC 24772 series provide language‑specific descriptions and mappings for particular programming languages. Use this report together with language‑specific parts to apply concrete mitigations.

Keywords: ISO/IEC TR 24772-1:2019, programming language vulnerabilities, language-independent guidance, secure coding, undefined behaviour, buffer overflow, safety-critical software.

ISO/IEC TR 24772-1:2019 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance Released:12/10/2019ISO/IEC TR 24772-1:2019 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance Released:12/10/2019
PreviousNext
Technical report
ISO/IEC TR 24772-1:2019 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance Released:12/10/2019
English language
166 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/IEC TR
REPORT 24772-1
First edition
2019-12
Programming languages — Guidance
to avoiding vulnerabilities in
programming languages —
Part 1:
Language-independent guidance
Langages de programmation — Conduite pour éviter les
vulnérabilités dans les langages de programmation —
Partie 1: Conduite indépendante du langage
Reference number
©
ISO/IEC 2019
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

Contents Page
Foreword . xv
Introduction .xvi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to communication . 1
3.2 Terms related to execution model . 2
3.3 Properties . 4
3.4 Safety . 4
3.5 Vulnerabilities . 4
4 Applying this document . 5
5 Vulnerability issues and general avoidance mechanisms . 7
5.1 Predictable execution . 7
5.2 Sources of unpredictability in language specification . 8
5.2.1 Incomplete or evolving specification . 8
5.2.2 Undefined behaviour . 8
5.2.3 Unspecified behaviour . 8
5.2.4 Implementation-defined behaviour . 8
5.2.5 Difficult features . 8
5.2.6 Inadequate language support . 8
5.3 Sources of unpredictability in language usage . 9
5.3.1 Porting and interoperation . 9
5.3.2 Compiler selection and usage . 9
5.4 Top avoidance mechanisms . 9
6 Programming language vulnerabilities .11
6.1 General .11
6.2 Type system [IHN] .11
6.2.1 Description of application vulnerability.11
6.2.2 Cross reference .11
6.2.3 Mechanism of failure .11
6.2.4 Applicable language characteristics .13
6.2.5 Avoiding the vulnerability or mitigating its effects .13
6.2.6 Implications for language design and evolution .14
6.3 Bit representations [STR] .14
6.3.1 Description of application vulnerability.14
6.3.2 Cross reference .14
6.3.3 Mechanism of failure .14
6.3.4 Applicable language characteristics .15
6.3.5 Avoiding the vulnerability or mitigating its effects .15
6.3.6 Implications for language design and evolution .15
6.4 Floating-point arithmetic [PLF] .15
6.4.1 Description of application vulnerability.15
6.4.2 Cross reference .16
6.4.3 Mechanism of failure .16
6.4.4 Applicable language characteristics .17
6.4.5 Avoiding the vulnerability or mitigating its effects .17
6.4.6 Implications for language design and evolution .17
6.5 Enumerator issues [CCB] .18
6.5.1 Description of application vulnerability.18
6.5.2 Cross reference .18
6.5.3 Mechanism of failure .18
6.5.4 Applicable language characteristics .19
© ISO/IEC 2019 – All rights reserved iii

6.5.5 Avoiding the vulnerability or mitigating its effects .19
6.5.6 Implications for language design and evolution .19
6.6 Conversion errors [FLC] .19
6.6.1 Description of application vulnerability.19
6.6.2 Cross reference .20
6.6.3 Mechanism of failure .20
6.6.4 Applicable language characteristics .20
6.6.5 Avoiding the vulnerability or mitigating its effects .21
6.6.6 Implications for language design and evolution .21
6.7 String termination [CJM] .21
6.7.1 Description of application vulnerability.21
6.7.2 Cross reference .21
6.7.3 Mechanism of failure .22
6.7.4 Applicable language characteristics .22
6.7.5 Avoiding the vulnerability or mitigating its effects .22
6.7.6 Implications for language design and evolution .22
6.8 Buffer boundary violation (buffer overflow) [HCB] .22
6.8.1 Description of application vulnerability.22
6.8.2 Cross reference .22
6.8.3 Mechanism of failure .23
6.8.4 Applicable language characteristics .23
6.8.5 Avoiding the vulnerability or mitigating its effects .24
6.8.6 Implications for language design and evolution .24
6.9 Unchecked array indexing [XYZ] .24
6.9.1 Description of application vulnerability.24
6.9.2 Cross reference .25
6.9.3 Mechanism of failure .25
6.9.4 Applicable language characteristics .25
6.9.5 Avoiding the vulnerability or mitigating its effects .26
6.9.6 Implications for language designers .26
6.10 Unchecked array copying [XYW] .26
6.10.1 Description of application vulnerability.26
6.10.2 Cross reference .26
6.10.3 Mechanism of failure .26
6.10.4 Applicable language characteristics .27
6.10.5 Avoiding the vulnerability or mitigating its effects .27
6.10.6 Implications for language design and evolution .27
6.11 Pointer type conversions [HFC] .27
6.11.1 Description of application vulnerability.27
6.11.2 Cross reference .28
6.11.3 Mechanism of failure .28
6.11.4 Applicable language characteristics .28
6.11.5 Avoiding the vulnerability or mitigating its effects .28
6.11.6 Implications for language design and evolution .29
6.12 Pointer arithmetic [RVG] .29
6.12.1 Description of application vulnerability.29
6.12.2 Cross reference .29
6.12.3 Mechanism of failure .29
6.12.4 Applicable language characteristics .29
6.12.5 Avoiding the vulnerability or mitigating its effects .29
6.12.6 Implications for language design and evolution .29
6.13 Null pointer dereference [XYH] .29
6.13.1 Description of application vulnerability.29
6.13.2 Cross reference .30
6.13.3 Mechanism of failure .30
6.13.4 Applicable language characteristics .30
6.13.5 Avoiding the vulnerability or mitigating its effects .30
6.13.6 Implications for language design and evolution .30
iv © ISO/IEC 2019 – All rights reserved

6.14 Dangling reference to heap [XYK] .30
6.14.1 Description of application vulnerability.30
6.14.2 Cross reference .31
6.14.3 Mechanism of failure .31
6.14.4 Applicable language characteristics .31
6.14.5 Avoiding the vulnerability or mitigating its effects .32
6.14.6 Implications for language design and evolution .32
6.15 Arithmetic wrap-around error [FIF] .32
6.15.1 Description of application vulnerability.32
6.15.2 Cross reference .32
6.15.3 Mechanism of failure .33
6.15.4 Applicable language characteristics .33
6.15.5 Avoiding the vulnerability or mitigating its effects .33
6.15.6 Implications for language design and evolution .33
6.16 Using shift operations for multiplication and division [PIK] .34
6.16.1 Description of application vulnerability.34
6.16.2 Cross reference .34
6.16.3 Mechanism of failure .34
6.16.4 Applicable language characteristics .34
6.16.5 Avoiding the vulnerability or mitigating its effects .34
6.16.6 Implications for language design and evolution .34
6.17 Choice of clear names [NAI].35
6.17.1 Description of application vulnerability.35
6.17.2 Cross reference .35
6.17.3 Mechanism of Failure .35
6.17.4 Applicable language characteristics .36
6.17.5 Avoiding the vulnerability or mitigating its effects .36
6.17.6 Implications for language design and evolution .36
6.18 Dead store [WXQ] .36
6.18.1 Description of application vulnerability.36
6.18.2 Cross reference .36
6.18.3 Mechanism of failure .37
6.18.4 Applicable language characteristics .37
6.18.5 Avoiding the vulnerability or mitigating its effects .37
6.18.6 Implications for language design and evolution .37
6.19 Unused variable [YZS] .38
6.19.1 Description of application vulnerability.38
6.19.2 Cross reference .38
6.19.3 Mechanism of failure .38
6.19.4 Applicable language characteristics .38
6.19.5 Avoiding the vulnerability or mitigating its effects .38
6.19.6 Implications for language design and evolution .38
6.20 Identifier name reuse [YOW] .38
6.20.1 Description of application vulnerability.38
6.20.2 Cross reference .39
6.20.3 Mechanism of failure .39
6.20.4 Applicable language characteristics .40
6.20.5 Avoiding the vulnerability or mitigating its effects .40
6.20.6 Implications for language design and evolution .40
6.21 Namespace issues [BJL].40
6.21.1 Description of application vulnerability.40
6.21.2 Cross-references . .41
6.21.3 Mechanism of failure .41
6.21.4 Applicable language characteristics .41
6.21.5 Avoiding the vulnerability or mitigating its effects .41
6.21.6 Implications for language design and evolution .42
6.22 Initialization of variables [LAV] .42
6.22.1 Description of application vulnerability.42
© ISO/IEC 2019 – All rights reserved v

6.22.2 Cross reference .42
6.22.3 Mechanism of failure .42
6.22.4 Applicable language characteristics .43
6.22.5 Avoiding the vulnerability or mitigating its effects .43
6.22.6 Implications for language design and evolution .44
6.23 Operator precedence and associativity [JCW] .44
6.23.1 Description of application vulnerability.44
6.23.2 Cross reference .44
6.23.3 Mechanism of failure .44
6.23.4 Applicable language characteristics .45
6.23.5 Avoiding the vulnerability or mitigating its effects .45
6.23.6 Implications for language design and evolution .45
6.24 Side-effects and order of evaluation of operands [SAM] .45
6.24.1 Description of application vulnerability.45
6.24.2 Cross reference .45
6.24.3 Mechanism of failure .46
6.24.4 Applicable language characteristics .46
6.24.5 Avoiding the vulnerability or mitigating its effects .46
6.24.6 Implications for language design and evolution .46
6.25 Likely incorrect expression [KOA] .47
6.25.1 Description of application vulnerability.47
6.25.2 Cross reference .47
6.25.3 Mechanism of failure .47
6.25.4 Applicable language characteristics .48
6.25.5 Avoiding the vulnerability or mitigating its effects .48
6.25.6 Implications for language design and evolution .48
6.26 Dead and deactivated code [XYQ] .48
6.26.1 Description of application vulnerability.48
6.26.2 Cross reference .48
6.26.3 Mechanism of failure .49
6.26.4 Applicable language characteristics .50
6.26.5 Avoiding the vulnerability or mitigating its effects .50
6.26.6 Implications for language design and evolution .50
6.27 Switch statements and static analysis [CLL] .50
6.27.1 Description of application vulnerability.50
6.27.2 Cross reference .50
6.27.3 Mechanism of failure .51
6.27.4 Applicable language characteristics .51
6.27.5 Avoiding the vulnerability or mitigating its effects .51
6.27.6 Implications for language design and evolution .51
6.28 Demarcation of control flow [EOJ] .52
6.28.1 Description of application vulnerability.52
6.28.2 Cross reference .52
6.28.3 Mechanism of failure .52
6.28.4 Applicable language characteristics .52
6.28.5 Avoiding the vulnerability or mitigating its effects .52
6.28.6 Implications for language design and evolution .53
6.29 Loop control variables [TEX] .53
6.29.1 Description of application vulnerability.53
6.29.2 Cross reference .53
6.29.3 Mechanism of failure .53
6.29.4 Applicable language characteristics .53
6.29.5 Avoiding the vulnerability or mitigating its effects .53
6.29.6 Implications for language design and evolution .54
6.30 Off-by-one error [XZH] .54
6.30.1 Description of application vulnerability.54
6.30.2 Cross reference .54
6.30.3 Mechanism of failure .54
vi © ISO/IEC 2019 – All rights reserved

6.30.4 Applicable language characteristics .55
6.30.5 Avoiding the vulnerability or mitigating its effects .55
6.30.6 Implications for language design and evolution .55
6.31 Unstructured programming [EWD] .55
6.31.1 Description of application vulnerability.55
6.31.2 Cross reference .55
6.31.3 Mechanism of failure .56
6.31.4 Applicable language characteristics .56
6.31.5 Avoiding the vulnerability or mitigating its effects .56
6.31.6 Implications for language design and evolution .56
6.32 Passing parameters and return values [CSJ] .56
6.32.1 Description of application vulnerability.56
6.32.2 Cross reference .57
6.32.3 Mechanism of failure .57
6.32.4 Applicable language characteristics .58
6.32.5 Avoiding the vulnerability or mitigating its effects .58
6.32.6 Implications for language design and evolution .58
6.33 Dangling references to stack frames [DCM] .58
6.33.1 Description of application vulnerability.58
6.33.2 Cross reference .59
6.33.3 Mechanism of failure .59
6.33.4 Applicable language characteristics .60
6.33.5 Avoiding the vulnerability or mitigating its effects .60
6.33.6 Implications for language design and evolution .60
6.34 Subprogram signature mismatch [OTR] .60
6.34.1 Description of application vulnerability.60
6.34.2 Cross reference .60
6.34.3 Mechanism of failure .61
6.34.4 Applicable language characteristics .61
6.34.5 Avoiding the vulnerability or mitigating its effects .61
6.34.6 Implications for language design and evolution .61
6.35 Recursion [GDL] .62
6.35.1 Description of application vulnerability.62
6.35.2 Cross reference .62
6.35.3 Mechanism of failure .62
6.35.4 Applicable language characteristics .62
6.35.5 Avoiding the vulnerability or mitigating its effects .62
6.35.6 Implications for language design and evolution .63
6.36 Ignored error status and unhandled exceptions [OYB] .63
6.36.1 Description of application vulnerability.63
6.36.2 Cross reference .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

ISO/IEC TR 24772-1:2019 is a technical report published by the International Organization for Standardization (ISO). Its full title is "Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance". This standard covers: This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series. It is applicable to the software developed, reviewed, or maintained for any application. This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series. It is applicable to the software developed, reviewed, or maintained for any application. This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

ISO/IEC TR 24772-1:2019 is classified under the following ICS (International Classification for Standards) categories: 35.060 - Languages used in information technology. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO/IEC TR 24772-1:2019 has the following relationships with other standards: It is inter standard links to ISO/IEC 24772-1:2024, ISO/IEC TR 24772:2013. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

You can purchase ISO/IEC TR 24772-1:2019 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.

This May Also Interest You

ISO
ISO/IEC TS 13211-3:2025(Main)
Programming languages — Prolog — Part 3: Definite clause grammar rules as an extension of ISO/IEC 13211-1

This document promotes the applicability and portability of Prolog grammar rules in data processing systems that support standard Prolog as defined in ISO/IEC 13211–1:1995/Cor 1:2007/Cor 2:2012/Cor 3:2017 and ISO/IEC 13211–2:2000. This document specifies: a) The representation, syntax, and constraints of Prolog grammar rules b) A logical expansion of grammar rules into Prolog clauses c) A set of built-in predicates for parsing with grammar rules

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 6010:2025(Main)
Programming languages — C — A provenance-aware memory object model for C

This document specifies the form and establishes the interpretation of programs written in the C programming language. It is not a complete specification of that language but builds upon ISO/IEC 9899:2018 by constraining and clarifying the Memory Object Model.

  • Technical specification
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 18661-5:2025(Main)
Programming languages, their environments, and system software interfaces — Floating-point extensions for C — Part 5: Supplementary attributes

This document specifies extensions to programming language C to include pragmas corresponding to attributes specified and recommended in ISO/IEC 60559 but not supported in ISO/IEC 9899:2024 (also referred to as C23).

  • Technical specification
    20 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 18661-4:2025(Main)
Programming languages, their environments, and system software interfaces — Floating-point extensions for C — Part 4: Supplementary functions

This document specifies extensions to programming language C to include functions corresponding to operations specified and recommended in ISO/IEC 60559, but not supported in ISO/IEC 9899:2024 (also referred to as C23).

  • Technical specification
    13 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 24718:2025(Main)
Information technology — Programming languages — Guidance for the use of the Ada Ravenscar Profile in high integrity systems

This document provides guidance on the use of the Ravenscar profile for concurrent Ada software intended for verification up to, and including, the very highest levels of integrity. To this end, this document provides a complete description of the motivations behind the Ravenscar profile, to show how conformant programs can be analysed, and to give examples of usage. This document is aimed at a broad audience, including application programmers, implementers of run-time systems, those responsible for defining company or project guidelines, and academics. Familiarity with the Ada language is assumed.

  • Technical specification
    52 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 9922:2024(Main)
Programming Languages — Technical specification for C++ extensions for concurrency 2

This document builds upon ISO/IEC 14882 by describing requirements for implementations of an interface that computer programs written in the C++ programming language could use to invoke algorithms with concurrent execution. The algorithms described by this document are realizable across a broad class of computer architectures. This document is written as a set of differences from the base standard. Some of the functionality described by this document might be considered for standardization in a future version of C++, but it is not currently part of ISO/IEC 14882:2020. Some of the functionality in this document might never be standardized, and other functionality might be standardized in a substantially different form. The goal of this document is to build widespread existing practice for concurrency in the ISO/IEC 14882:2020 algorithms library. It gives advice on extensions to those vendors who wish to provide them.

  • Technical specification
    19 pages
    English language
    sale 15% off
ISO
ISO/IEC 9899:2024(Main)
Information technology — Programming languages — C

This document specifies the form and establishes the interpretation of programs written in the C programming language. It is designed to promote the portability of C programs among a variety of data-processing systems. It is intended for use by implementers and programmers. It specifies: — the representation of C programs; — the syntax and constraints of the C language; — the semantic rules for interpreting C programs; — the representation of input data to be processed by C programs; — the representation of output data produced by C programs; — the restrictions and limits imposed by a conforming implementation of C. This document does not specify: — the mechanism by which C programs are transformed for use by a data-processing system; — the mechanism by which C programs are invoked for use by a data-processing system; — the mechanism by which input data are transformed for use by a C program; — the mechanism by which output data are transformed after being produced by a C program; — the size or complexity of a program and its data that will exceed the capacity of any specific data-processing system or the capacity of a particular processor; — all minimal requirements of a data-processing system that is capable of supporting a conforming implementation. Annex J gives an overview of portability issues that a C program can encounter.

  • Standard
    758 pages
    English language
    sale 15% off
ISO
ISO/IEC 24772-1:2024(Main)
Programming languages — Avoiding vulnerabilities in programming languages — Part 1: Language-independent catalogue of vulnerabilities

This document enumerates approaches and techniques to avoid software programming language vulnerabilities in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, the description of the vulnerabilities and description of avoidance mechanisms are applicable to the software developed, reviewed, or maintained for any application. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

  • Standard
    153 pages
    English language
    sale 15% off
ISO
ISO/IEC 14882:2024(Main)
Programming languages — C++

This document specifies requirements for implementations of the C++ programming language. The first such requirement is that they implement the language, so this document also defines C++. Other requirements and relaxations of the first requirement appear at various places within this document. C++ is a general purpose programming language based on the C programming language as described in ISO/IEC 9899:2018 Programming languages — C (hereinafter referred to as the C standard). C++ provides many facilities beyond those provided by C, including additional data types, classes, templates, exceptions, namespaces, operator overloading, function name overloading, references, free store management operators, and additional library facilities.

  • Standard
    2104 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 19568:2024(Main)
Programming Languages — C++ Extensions for Library Fundamentals

This document describes extensions to the C++ Standard Library (2). These extensions are classes and functions that are likely to be used widely within a program and/or on the interface boundaries between libraries written by different organizations. It is intended that some of the library components be considered for standardization in a future version of C++. At present, they are not part of any C++ standard. The goal of this document is to build more widespread existing practice for an expanded C++ standard library. It gives advice on extensions to those vendors who wish to provide them.

  • Technical specification
    54 pages
    English language
    sale 15% off