CSA ISO/IEC TR 24772 : 2015
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
INFORMATION TECHNOLOGY - PROGRAMMING LANGUAGES - GUIDANCE TO AVOIDING VULNERABILITIES IN PROGRAMMING LANGUAGES THROUGH LANGUAGE SELECTION AND USE
Hardcopy , PDF
07-02-2020
English
01-01-2015
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1. Scope
2. Normative references
3. Terms and definitions, symbols and conventions
4. Basic concepts
5. Vulnerability issues
6. Programming Language Vulnerabilities
7. Application Vulnerabilities
8. New Vulnerabilities
Annex A (informative) - Vulnerability Taxonomy and List
Annex B (informative) - Language Specific Vulnerability
Template
Annex C (informative) - Vulnerability descriptions for the
language Ada
Annex D (informative) - Vulnerability descriptions for the
language C
Annex E (informative) - Vulnerability descriptions for the
language Python
Annex F (informative) - Vulnerability descriptions for the
language Ruby
Annex G (informative) - Vulnerability descriptions for the
language SPARK
Annex H (informative) - Vulnerability descriptions for the
language PHP
Bibliography
Index
Defines software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software.
| DocumentType |
Standard
|
| Pages |
349
|
| PublisherName |
Canadian Standards Association
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes |
| Standards | Relationship |
| ISO/IEC TR 24772:2013 | Identical |
| ISO/IEC TR 10000-1:1998 | Information technology — Framework and taxonomy of International Standardized Profiles — Part 1: General principles and documentation framework |
| ISO/IEC 2382-1:1993 | Information technology Vocabulary Part 1: Fundamental terms |
| ISO/IEC 30170:2012 | Information technology Programming languages Ruby |
| ISO/IEC 15291:1999 | Information technology Programming languages Ada Semantic Interface Specification (ASIS) |
| ISO/IEC/IEEE 60559:2011 | Information technology — Microprocessor Systems — Floating-Point arithmetic |
| ISO/IEC TR 15942:2000 | Information technology — Programming languages — Guide for the use of the Ada programming language in high integrity systems |
| ISO 80000-2:2009 | Quantities and units Part 2: Mathematical signs and symbols to be used in the natural sciences and technology |
| ISO/IEC 1539-1:2010 | Information technology Programming languages Fortran Part 1: Base language |
| ISO/IEC 9899:2011 | Information technology Programming languages C |
| ISO/IEC TR 24731-1:2007 | Information technology Programming languages, their environments and system software interfaces Extensions to the C library Part 1: Bounds-checking interfaces |
| ISO/IEC TR 24718:2005 | Information technology — Programming languages — Guide for the use of the Ada Ravenscar Profile in high integrity systems |
| IEEE 754-2008 REDLINE | IEEE Standard for Floating-Point Arithmetic |
| ISO/IEC 8652:2012 | Information technology — Programming languages — Ada |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.