{"id":353551,"date":"2024-10-20T00:58:38","date_gmt":"2024-10-20T00:58:38","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bsi-pd-iso-iec-tr-24772-32020\/"},"modified":"2024-10-26T01:06:54","modified_gmt":"2024-10-26T01:06:54","slug":"bsi-pd-iso-iec-tr-24772-32020","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bsi-pd-iso-iec-tr-24772-32020\/","title":{"rendered":"BSI PD ISO\/IEC TR 24772-3:2020"},"content":{"rendered":"

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application.<\/p>\n

This document describes the way that the vulnerabilities listed in ISO\/IEC TR 24772-1<\/span><\/span> are manifested or avoided in the C language.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
9<\/td>\nForeword <\/td>\n<\/tr>\n
10<\/td>\nIntroduction <\/td>\n<\/tr>\n
11<\/td>\n1 Scope
2 Normative references
3 Terms and definitions <\/td>\n<\/tr>\n
12<\/td>\n4 Language concepts
5 Avoiding programming language vulnerabilities in C <\/td>\n<\/tr>\n
13<\/td>\n6 Specific guidance for C vulnerabilities
6.1 General <\/td>\n<\/tr>\n
14<\/td>\n6.2 Type system [IHN]
6.2.1 Applicability to language <\/td>\n<\/tr>\n
15<\/td>\n6.2.2 Guidance to language users
6.3 Bit representations [STR]
6.3.1 Applicability to language
6.3.2 Guidance to language users <\/td>\n<\/tr>\n
16<\/td>\n6.4 Floating-point arithmetic [PLF]
6.4.1 Applicability to language
6.4.2 Guidance to language users
6.5 Enumerator issues [CCB]
6.5.1 Applicability to language <\/td>\n<\/tr>\n
17<\/td>\n6.5.2 Guidance to language users <\/td>\n<\/tr>\n
18<\/td>\n6.6 Conversion errors [FLC]
6.6.1 Applicability to language <\/td>\n<\/tr>\n
19<\/td>\n6.6.2 Guidance to language users <\/td>\n<\/tr>\n
20<\/td>\n6.7 String termination [CJM]
6.7.1 Applicability to language
6.7.2 Guidance to language users
6.8 Buffer boundary violation (buffer overflow) [HCB]
6.8.1 Applicability to language <\/td>\n<\/tr>\n
21<\/td>\n6.8.2 Guidance to language users
6.9 Unchecked array indexing [XYZ]
6.9.1 Applicability to language <\/td>\n<\/tr>\n
22<\/td>\n6.9.2 Guidance to language users
6.10 Unchecked array copying [XYW]
6.10.1 Applicability to language
6.10.2 Guidance to language users <\/td>\n<\/tr>\n
23<\/td>\n6.11 Pointer type conversions [HFC]
6.11.1 Applicability to language
6.11.2 Guidance to language users
6.12 Pointer arithmetic [RVG]
6.12.1 Applicability to language <\/td>\n<\/tr>\n
24<\/td>\n6.12.2 Guidance to language users
6.13 Null pointer dereference [XYH]
6.13.1 Applicability to language
6.13.2 Guidance to language users <\/td>\n<\/tr>\n
25<\/td>\n6.14 Dangling reference to heap [XYK]
6.14.1 Applicability to language
6.14.2 Guidance to language users <\/td>\n<\/tr>\n
26<\/td>\n6.15 Arithmetic wrap-around error [FIF]
6.15.1 Applicability to language
6.15.2 Guidance to language users <\/td>\n<\/tr>\n
27<\/td>\n6.16 Using shift operations for multiplication and division [PIK]
6.16.1 Applicability to language
6.16.2 Guidance to language users
6.17 Choice of clear names [NAI]
6.17.1 Applicability to language
6.17.2 Guidance to language users <\/td>\n<\/tr>\n
28<\/td>\n6.18 Dead store [WXQ]
6.18.1 Applicability to language
6.18.2 Guidance to language users
6.19 Unused variable [YZS]
6.19.1 Applicability to language
6.19.2 Guidance to language users
6.20 Identifier name reuse [YOW]
6.20.1 Applicability to language <\/td>\n<\/tr>\n
29<\/td>\n6.20.2 Guidance to language users
6.21 Namespace issues [BJL]
6.21.1 Applicability to language
6.22 Initialization of variables [LAV]
6.22.1 Applicability to language
6.22.2 Guidance to language users
6.23 Operator precedence and associativity [JCW]
6.23.1 Applicability to language <\/td>\n<\/tr>\n
30<\/td>\n6.23.2 Guidance to language users
6.24 Side-effects and order of evaluation of operands [SAM]
6.24.1 Applicability to language
6.24.2 Guidance to language users <\/td>\n<\/tr>\n
31<\/td>\n6.25 Likely incorrect expression [KOA]
6.25.1 Applicability to language
6.25.2 Guidance to language users <\/td>\n<\/tr>\n
32<\/td>\n6.26 Dead and deactivated code [XYQ]
6.26.1 Applicability to language
6.26.2 Guidance to language users
6.27 Switch statements and static analysis [CLL]
6.27.1 Applicability to language <\/td>\n<\/tr>\n
33<\/td>\n6.27.2 Guidance to language users
6.28 Demarcation of control flow [EOJ]
6.28.1 Applicability to language
6.28.2 Guidance to language users <\/td>\n<\/tr>\n
34<\/td>\n6.29 Loop control variables [TEX]
6.29.1 Applicability to language
6.29.2 Guidance to language users <\/td>\n<\/tr>\n
35<\/td>\n6.30 Off-by-one error [XZH]
6.30.1 Applicability to language
6.30.2 Guidance to language users
6.31 Unstructured programming [EWD]
6.31.1 Applicability to language
6.31.2 Guidance to language users <\/td>\n<\/tr>\n
36<\/td>\n6.32 Passing parameters and return values [CSJ]
6.32.1 Applicability to language
6.32.2 Guidance to language users <\/td>\n<\/tr>\n
37<\/td>\n6.33 Dangling references to stack frames [DCM]
6.33.1 Applicability to language
6.33.2 Guidance to language users
6.34 Subprogram signature mismatch [OTR]
6.34.1 Applicability to language <\/td>\n<\/tr>\n
38<\/td>\n6.34.2 Guidance to language users
6.35 Recursion [GDL]
6.35.1 Applicability to language
6.35.2 Guidance to language users
6.36 Ignored error status and unhandled exceptions [OYB]
6.36.1 Applicability to language
6.36.2 Guidance to language users <\/td>\n<\/tr>\n
39<\/td>\n6.37 Type-breaking reinterpretation of data [AMV]
6.37.1 Applicability to language
6.37.2 Guidance to language users
6.38 Deep vs. shallow copying [YAN]
6.38.1 Applicability to language
6.38.2 Guidance to language users <\/td>\n<\/tr>\n
40<\/td>\n6.39 Memory leaks and heap fragmentation [XYL]
6.39.1 Applicability to language
6.39.2 Guidance to language users
6.40 Templates and generics [SYM]
6.41 Inheritance [RIP]
6.42 Violations of the Liskov substitution principle or the contract model [BLP]
6.43 Redispatching [PPH]
6.44 Polymorphic variables [BKK]
6.45 Extra intrinsics [LRM]
6.46 Argument passing to library functions [TRJ]
6.46.1 Applicability to language <\/td>\n<\/tr>\n
41<\/td>\n6.46.2 Guidance to language users
6.47 Inter-language calling [DJS]
6.47.1 Applicability to language
6.47.2 Guidance to language users
6.48 Dynamically linked code and self-modifying code [NYY]
6.48.1 Applicability to language <\/td>\n<\/tr>\n
42<\/td>\n6.48.2 Guidance to language users
6.49 Library signature [NSQ]
6.49.1 Applicability to language
6.49.2 Guidance to language users
6.50 Unanticipated exceptions from library routines [HJW]
6.51 Pre-processor directives [NMP]
6.51.1 Applicability to language <\/td>\n<\/tr>\n
43<\/td>\n6.51.2 Guidance to language users
6.52 Suppression of language-defined run-time checking [MXB]
6.53 Provision of inherently unsafe operations [SKL]
6.53.1 Applicability to language
6.53.2 Guidance to language users <\/td>\n<\/tr>\n
44<\/td>\n6.54 Obscure language features [BRS]
6.54.1 Applicability of language
6.54.2 Guidance to language users
6.55 Unspecified behaviour [BQF]
6.55.1 Applicability of language
6.55.2 Guidance to language users
6.56 Undefined behaviour [EWF]
6.56.1 Applicability to language <\/td>\n<\/tr>\n
45<\/td>\n6.56.2 Guidance to language users
6.57 Implementation\u2013defined behaviour [FAB]
6.57.1 Applicability to language
6.57.2 Guidance to language users <\/td>\n<\/tr>\n
46<\/td>\n6.58 Deprecated language features [MEM]
6.58.1 Applicability to language
6.58.2 Guidance to language users
6.59 Concurrency \u2014 Activation [CGA]
6.59.1 Applicability to language
6.59.2 Guidance to language users
6.60 Concurrency \u2014 Directed termination [CGT]
6.61 Concurrent data access [CGX]
6.61.1 Applicability to language <\/td>\n<\/tr>\n
47<\/td>\n6.61.2 Guidance to language users
6.62 Concurrency \u2014 Premature termination [CGS]
6.62.1 Applicability to language
6.62.2 Guidance to language users
6.63 Lock protocol errors [CGM]
6.63.1 Applicability to language
6.63.2 Guidance to language users
6.64 Reliance on external format strings
6.64.1 Applicability to language
6.64.2 Guidance to language users <\/td>\n<\/tr>\n
48<\/td>\nBibliography <\/td>\n<\/tr>\n
49<\/td>\nIndex <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Programming languages. Guidance to avoiding vulnerabilities in programming languages – C<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2020<\/td>\n54<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":353556,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-353551","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/353551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/353556"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=353551"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=353551"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=353551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}