iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TS 17961:2013

(Main)

Information technology — Programming languages, their environments and system software interfaces — C secure coding rules

Information technology — Programming languages, their environments and system software interfaces — C secure coding rules

ISO/IEC TS 17961:2013 specifies rules for secure coding in the C programming language, and code examples. ISO/IEC TS 17961:2013 does not specify the mechanism by which these rules are enforced, or any particular coding style to be enforced. Each rule in this Technical Specification is accompanied by code examples. Two distinct kinds of examples are provided: noncompliant examples demonstrating language constructs that have weaknesses with potentially exploitable security implications; such examples are expected to elicit a diagnostic from a conforming analyzer for the affected language construct; and compliant examples are expected not to elicit a diagnostic.

Technologies de l'information — Langages de programmation, leur environnement et interfaces des logiciels de systèmes — Règles de programmation sécurisée en C

General Information

Status
Published
Publication Date
14-Nov-2013
ICS
35.060 - Languages used in information technology
Technical Committee
ISO/IEC JTC 1/SC 22 - Programming languages, their environments and system software interfaces
Drafting Committee
ISO/IEC JTC 1/SC 22 - Programming languages, their environments and system software interfaces
Current Stage
9020 - International Standard under periodical review
Start Date
15-Apr-2024
Completion Date
15-Apr-2024
Ref Project

Buy Standard

ISO/IEC TS 17961:2013 - Information technology -- Programming languages, their environments and system software interfaces -- C secure coding rulesISO/IEC TS 17961:2013 - Information technology -- Programming languages, their environments and system software interfaces -- C secure coding rules
PreviousNext
Technical specification
ISO/IEC TS 17961:2013 - Information technology -- Programming languages, their environments and system software interfaces -- C secure coding rules
English language
80 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC
SPECIFICATION TS
17961
First edition
2013-11-15
Information technology —
Programming languages, their
environments and system software
interfaces — C secure coding rules
Technologies de l’information — Langages de programmation, leur
environnement et interfaces des logiciels de systèmes — Règles de
programmation sécurisée en C
Reference number
ISO/IEC TS 17961:2013(E)
©
ISO/IEC 2013

---------------------- Page: 1 ----------------------
ISO/IEC TS 17961:2013(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 17961:2013(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Conformance . 1
2.1 Portability assumptions . 2
3 Normative references . 2
4 Terms and definitions . 2
5 Rules . 5
5.1 Accessing an object through a pointer to an incompatible type  [ptrcomp] . 5
5.2 Accessing freed memory  [accfree] . 6
5.3 Accessing shared objects in signal handlers  [accsig] . 7
5.4 No assignment in conditional expressions  [boolasgn] . 8
5.5 Calling functions in the C Standard Library other than abort, _Exit, and signal
from within a signal handler  [asyncsig] . 9
5.6 Calling functions with incorrect arguments  [argcomp] .11
5.7 Calling signal from interruptible signal handlers  [sigcall] .12
5.8 Calling system  [syscall] .13
5.9 Comparison of padding data  [padcomp] .14
5.10 Converting a pointer to integer or integer to pointer  [intptrconv] .14
5.11 Converting pointer values to more strictly aligned pointer types  [alignconv] .15
5.12 Copying a FILE object  [filecpy] .16
5.13 Declaring the same function or object in incompatible ways  [funcd
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 1539-1:2023(Main)
Programming languages — Fortran — Part 1: Base language
  • Standard
    674 pages
    English language
    sale 15% off
ISO
ISO/IEC 8652:2023(Main)
Information technology — Programming languages — Ada
oSIST ISO/IEC DIS 8652:2021

This document specifies the form and meaning of programs written in Ada. Its purpose is to promote the portability of Ada programs to a variety of computing systems. This document specifies: — The form of a program written in Ada; — The effect of translating and executing such a program; — The manner in which program units can be combined to form Ada programs; — The language-defined library units that a conforming implementation is required to supply; — The permissible variations in conformance to the rules of this document, and the manner in which they are to be documented; — Those violations of the requirements of this document that a conforming implementation is required to detect, and the effect of attempting to translate or execute a program containing such violations; — Those violations of the requirements of this document that a conforming implementation is not required to detect. This document does not specify: — The means whereby a program written in Ada is transformed into object code executable by a processor; — The means whereby translation or execution of programs is invoked and the executing units are controlled; — The size or speed of the object code, or the relative execution speed of different language constructs; — The form or contents of any listings produced by implementations; in particular, the form or contents of error or warning messages; — The effect of unspecified execution; — The size of a program or program unit that will exceed the capacity of a particular conforming implementation.

  • Standard
    1048 pages
    English language
    sale 15% off
ISO
ISO/IEC 1539-1:2018/Cor 2:2023(Corrigendum)
Information technology — Programming languages — Fortran — Part 1: Base language — Technical Corrigendum 2
  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    6 pages
    English language
    sale 15% off
ISO
ISO/IEC 1989:2023(Main)
Information technology — Programming languages, their environments and system software interfaces — Programming language COBOL

This document specifies the syntax and semantics of COBOL. Its purpose is to promote a high degree of machine independence to permit the use of COBOL on a variety of data processing systems. This document specifies: The form of a compilation group written in COBOL. The effect of compiling a compilation group. The effect of executing run units. The elements of the language for which a conforming implementation is required to supply a definition. The elements of the language for which meaning is explicitly undefined. The elements of the language that are dependent on the capabilities of the processor. This document does not specify: The means whereby a compilation group written in COBOL is compiled into code executable by a processor. The time at which method, function, or program runtime modules are linked or bound to an activating statement, except that runtime binding occurs of necessity when the identification of the appropriate program or method is not known at compile time. The time at which parameterized classes and interfaces are expanded. The mechanism by which locales are defined and made available on a processor. The form or content of error, flagging, or warning messages. The form and content of listings produced during compilation, if any. The form of documentation produced by an implementor of products conforming to this document. The sharing of objects and resources other than files among run units.

  • Standard
    1229 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23619:2021(Main)
Information technology — C++ extensions for reflection

This document describes extensions to the C++ Programming Language (Clause 2) that enable operations on source code. These extensions include new syntactic forms and modifications to existing language semantics, as well as changes and additions to the existing library facilities. Instructions to modify or add paragraphs are written as explicit instructions. Modifications made directly to existing text from ISO/IEC 14882:2020 use underlining to represent added text and strikethrough to represent deleted text.

  • Technical specification
    46 pages
    English language
    sale 15% off
ISO
ISO/IEC 14882:2020(Main)
Programming languages — C++

This document specifies requirements for implementations of the C++ programming language. The first such requirement is that they implement the language, so this document also defines C++. Other requirements and relaxations of the first requirement appear at various places within this document. C++ is a general purpose programming language based on the C programming language as described in ISO/IEC 9899:2018 Programming languages — C (hereinafter referred to as the C standard). C++ provides many facilities beyond those provided by C, including additional data types, classes, templates, exceptions, namespaces, operator overloading, function name overloading, references, free store management operators, and additional library facilities.

  • Standard
    1853 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24772-3:2020(Main)
Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 3: C

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application. This document describes the way that the vulnerabilities listed in ISO/IEC TR 24772-1 are manifested or avoided in the C language.

  • Technical report
    42 pages
    English language
    sale 15% off
  • Technical report
    42 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24772-2:2020(Main)
Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 2: Ada

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this document is applicable to the software developed, reviewed or maintained for any application. Vulnerabilities described in this document present the way that the vulnerability described in ISO/IEC TR 24772-1 are manifested in Ada.

  • Technical report
    45 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 24772-1:2019(Main)
Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series. It is applicable to the software developed, reviewed, or maintained for any application. This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

  • Technical report
    166 pages
    English language
    sale 15% off
ISO
ISO/IEC 23270:2018(Main)
Information technology — Programming languages — C#

This specification describes the form and establishes the interpretation of programs written in the C# programming language. It describes: — The representation of C# programs; — The syntax and constraints of the C# language; — The semantic rules for interpreting C# programs; — The restrictions and limits imposed by a conforming implementation of C#. This specification does not describe — The mechanism by which C# programs are transformed for use by a data-processing system; — The mechanism by which C# applications are invoked for use by a data-processing system; — The mechanism by which input data are transformed for use by a C# application; — The mechanism by which output data are transformed after being produced by a C# application; — The size or complexity of a program and its data that will exceed the capacity of any specific data-processing system or the capacity of a particular processor; — All minimal requirements of a data-processing system that is capable of supporting a conforming implementation.

  • Standard
    511 pages
    English language
    sale 15% off