Skip to content
Please enter a keyword to search

  • CSA ISO/IEC TR 24772 : 2015

    View superseded by
    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
    View superseded by

    INFORMATION TECHNOLOGY - PROGRAMMING LANGUAGES - GUIDANCE TO AVOIDING VULNERABILITIES IN PROGRAMMING LANGUAGES THROUGH LANGUAGE SELECTION AND USE

    Available format(s):  Hardcopy, PDF

    Superseded date:  07-02-2020

    Language(s):  English

    Published date:  01-01-2015

    Publisher:  Canadian Standards Association

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1. Scope
    2. Normative references
    3. Terms and definitions, symbols and conventions
    4. Basic concepts
    5. Vulnerability issues
    6. Programming Language Vulnerabilities
    7. Application Vulnerabilities
    8. New Vulnerabilities
    Annex A (informative) - Vulnerability Taxonomy and List
    Annex B (informative) - Language Specific Vulnerability
            Template
    Annex C (informative) - Vulnerability descriptions for the
            language Ada
    Annex D (informative) - Vulnerability descriptions for the
            language C
    Annex E (informative) - Vulnerability descriptions for the
            language Python
    Annex F (informative) - Vulnerability descriptions for the
            language Ruby
    Annex G (informative) - Vulnerability descriptions for the
            language SPARK
    Annex H (informative) - Vulnerability descriptions for the
            language PHP
    Bibliography
    Index

    Abstract - (Show below) - (Hide below)

    Defines software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Publisher Canadian Standards Association
    Status Superseded
    Superseded By
    Supersedes

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC TR 10000-1:1998 Information technology Framework and taxonomy of International Standardized Profiles Part 1: General principles and documentation framework
    ISO/IEC 2382-1:1993 Information technology Vocabulary Part 1: Fundamental terms
    ISO/IEC 30170:2012 Information technology Programming languages Ruby
    ISO/IEC 15291:1999 Information technology Programming languages Ada Semantic Interface Specification (ASIS)
    ISO/IEC/IEEE 60559:2011 Information technology Microprocessor Systems Floating-Point arithmetic
    ISO/IEC TR 15942:2000 Information technology Programming languages Guide for the use of the Ada programming language in high integrity systems
    ISO 80000-2:2009 Quantities and units Part 2: Mathematical signs and symbols to be used in the natural sciences and technology
    ISO/IEC 1539-1:2010 Information technology Programming languages Fortran Part 1: Base language
    ISO/IEC 9899:2011 Information technology Programming languages C
    ISO/IEC TR 24731-1:2007 Information technology Programming languages, their environments and system software interfaces Extensions to the C library Part 1: Bounds-checking interfaces
    ISO/IEC TR 24718:2005 Information technology — Programming languages — Guide for the use of the Ada Ravenscar Profile in high integrity systems
    IEEE 754-2008 REDLINE IEEE Standard for Floating-Point Arithmetic
    ISO/IEC 8652:2012 Information technology — Programming languages — Ada
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective