Skip to content
Please enter a keyword to search

  • PD ISO/IEC TR 24772:2013

    View superseded by
    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
    View superseded by

    Information technology. Programming languages. Guidance to avoiding vulnerabilities in programming languages through language selection and use

    Available format(s):  Hardcopy, PDF

    Superseded date:  03-04-2020

    Language(s):  English

    Published date:  31-05-2013

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1. Scope
    2. Normative references
    3. Terms and definitions, symbols and conventions
    4. Basic concepts
    5. Vulnerability issues
    6. Programming Language Vulnerabilities
    7. Application Vulnerabilities
    8. New Vulnerabilities
    Annex A (informative) - Vulnerability Taxonomy and List
    Annex B (informative) - Language Specific Vulnerability
            Template
    Annex C (informative) - Vulnerability descriptions for
            the language Ada
    Annex D (informative) - Vulnerability descriptions for
            the language C
    Annex E (informative) - Vulnerability descriptions for
            the language Python
    Annex F (informative) - Vulnerability descriptions for
            the language Ruby
    Annex G (informative) - Vulnerability descriptions for
            the language SPARK
    Annex H (informative) - Vulnerability descriptions for
            the language PHP
    Bibliography
    Index

    Abstract - (Show below) - (Hide below)

    Defines software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software.

    General Product Information - (Show below) - (Hide below)

    Committee IST/5
    Document Type Standard
    Publisher British Standards Institution
    Status Superseded
    Superseded By

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC TR 10000-1:1998 Information technology Framework and taxonomy of International Standardized Profiles Part 1: General principles and documentation framework
    ISO/IEC 2382-1:1993 Information technology Vocabulary Part 1: Fundamental terms
    RTCA DO 178 : C2011 SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION
    ISO/IEC 30170:2012 Information technology Programming languages Ruby
    ISO/IEC 15291:1999 Information technology Programming languages Ada Semantic Interface Specification (ASIS)
    IEC 61508-5:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 5: Examples of methods for the determination of safety integrity levels (see Functional Safety and IEC 61508)
    IEC 61508-4:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (see Functional Safety and IEC 61508)
    IEC 61508-3:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements (see Functional Safety and IEC 61508)
    ISO/IEC/IEEE 60559:2011 Information technology Microprocessor Systems Floating-Point arithmetic
    ISO/IEC TR 15942:2000 Information technology Programming languages Guide for the use of the Ada programming language in high integrity systems
    ISO 80000-2:2009 Quantities and units Part 2: Mathematical signs and symbols to be used in the natural sciences and technology
    ISO/IEC 1539-1:2010 Information technology Programming languages Fortran Part 1: Base language
    ISO/IEC 9899:2011 Information technology Programming languages C
    IEC 61508-6:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (see Functional Safety and IEC 61508)
    ISO/IEC TR 24731-1:2007 Information technology Programming languages, their environments and system software interfaces Extensions to the C library Part 1: Bounds-checking interfaces
    ISO/IEC TR 24718:2005 Information technology — Programming languages — Guide for the use of the Ada Ravenscar Profile in high integrity systems
    IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements (see Functional Safety and IEC 61508)
    IEEE 754-2008 REDLINE IEEE Standard for Floating-Point Arithmetic
    ISO/IEC 8652:2012 Information technology — Programming languages — Ada
    IEC 61508-7:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures (see Functional Safety and IEC 61508)
    IEC 61508-2:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (see Functional Safety and IEC 61508)
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective