ISO/IEC JTC 1/SC 22/WG 23
Programming Language Vulnerabilities

Maintained by
Jim Moore,
James.W.Moore@ieee.org

If you don't see two frames, click here.
Formerly called the "OWGV" 

Disclaimer

Documents

This page provides access to all of the working group's official documents as well as some informal ones.

[ Standing Documents ] [ Document Log ] [ Informative Material ]

Standing Documents

[Standing documents are subject to revision at any time.]

Document Number:
22-WG 23-
Notes Title
S0001   Action Item Log [xls]
S0002   Schedule for Next Edition [xls]
S0003   Editorial history for revision 2 of TR 24772 [html]
S0004   WG23 Petty Cash Account, Custodian: John Benito [xls]
S0005   Reserved for standing document recording relationship between 24772 and CWE


Document Log

[Documents are listed in reverse chronological order]

Document Number:
22-WG 23-
Date Posted Relationship to Other Docs Title
(Unassigned)       
       
N0468 2013-10-10   Draft of 17960, Information Technology—Programming languages, their environments and system software interfaces—Code Signing for Source Code [pdf]
N0467 2013-09-23   Disposition of Comments on CD17960 [doc, pdf]
N0466 2013-09-23  

Meeting Record: Meeting #27, 19-20 September 2013 [html]

N0465 2013-08-14   Resolution of Japanese comments for 17969 CD ballot [pdf]
N0464  2013-08-14   Resolution of UK comments for 17969 CD ballot [pdf]
N0463  2013-08-14   Committee Working Draft of IS 17960 [pdf]
N0462  2013-08-14   Agenda: Meeting #27 on Programming Language Vulnerabilities, September 2013 [html]
N0461  2013-08-14   Working draft of third revision of TR 24772 August 2013 [pdf]
N0460 2013-07-21   Business Plan and Convener’s Report [for forthcoming SC 22 plenary], contributed by convener [pdf]
N0459 2013-06-28   Preliminary agenda, Meeting #27 [html]
N0458 2013-06-11   Recommendations from section 6.x.5, contributed by Larry Wagoner [doc, pdf]
N0457 2013-06-11   Comments on N0454, contributed by Clive Pygott [pdf]
N0456 2013-06-11   Draft minutes, Meeting #26 [html]
N0455 2013-06-03   Editor's report for 17960, Code Signing for Source Code [pdf]
N0454 2013-06-03   Committee draft of 17960, Code Signing for Source Code [pdf]
N0453 2013-06-03   Baseline working draft for preparation of Edition 3 of TR 24772 [pdf], contributed by the editor
N0452 2013-05-24   Revision of SC 22 N 4805 Logistical Information SC 22 Plenary 2013, contributed by WG23 convener [pdf]
N0451 2013-05-02   Preliminary Agenda, Meeting #25 of WG23, 13-15 June 2013, Berlin [html]
N0450 2013-05-02   Working draft, TR 24772, edition 3 [pdf]
N0449 2013-05-02 Also see N0447 Representation issues in file transfers, UK contribution [pdf]. See N0447
N0448 2013-04-10   JISC Comments on CD 17960 [pdf]
N0447 2013-04-10 Also see N0449 UK Comments on CD 17960 [pdf]. Also see N0449
N0446  2013-04-10   Ballot Results for CD 17960 [pdf]
N0445 2013-03-18   Updated guidelines for publicity, contributed by convener [pdf]
N0444 2013-03-18   Use of unchecked data from an uncontrolled or tainted source, contributed by convener [doc, pdf]
N0443 2013-03-18   Guidelines for publicity, contributed by convener [pdf]
N0442 2013-03-18   Fortran language annex [pdf]
N0441 2013-03-18   Draft minutes, Meeting #25, contributed by convener [html]
N0440 2013-03-04   Vulnerabilites Analysis by Matt Bishop, contributed by convener [pdf]
N0439 2013-03-04   Fundamental Vulnerabilities by Larry Wagoner, contributed by Larry Wagoner [pdf]
N0438 2013-03-04   Proposed new vulnerability on tainted sources, contributed by Clive Pygott [pdf]
N0437 2013-02-18   Logistics information for the WG23 meeting, 6/8-10/2013, Berlin [pdf]
N0436 2013-03-18   ISO/IEC TR 24772, Edition 2, as submitted to ITTF for publication [zip]. (This is an encrypted file. Contact the convener for the password if needed.) The published 24772, Edition 2 is freely available here.
N0435 2013-01-31   Preliminary Agenda: Meeting #25, 13-15 March 2013 [html]
N0434 2013-01-17   CD Ballot draft, 17960, Information Technology—Programming languages, their environments and system software interfaces—Code Signing for Source Code [pdf]
N0433 2012-12-17 Replaces [N0429] Revision of proposed new vulnerabilities [pdf]
N0432 2012-12-13   Draft Minutes, Meeting #24, 12-14 December 2012 [html]
N0431 2012-11-19   Revised working draft of 17960, Code Signing for Source Code, contributed by convener [pdf]
N0430 2012-10-18   Preliminary Agenda: Meeting #24,12-14 December 2012 [html]
N0429 2012-10-18 Replaced by [N0433] Proposed New Vulnerabilities [pdf]
N0428 2012-09-29   Balloting results of PDTR2 of 24772 2nd edition  [pdf]
N0427 2012-10-04   DTR ballot draft of 24772 2nd edition [pdf]
N0426 2012-09-29   Comments on TR24772, contributed by Tatsuaki Takebe [pdf]
N0425 2012-09-15   Resolutions of comments for [N0416] (informal UK comments) [xlsx]
N0424 2012-09-15   Comments on CA-02 of [N0418], Steve Michell [html]
N0423 2012-09-15   Correspondence with Kevin Coyne on UK comments on Python Annex [pdf]
N0422 2012-09-15   Comments on [N0417], Clive Pygott [pdf]
N0421 2012-09-15   Resolutions of comments for PDTR 24772.2 [pdf]
N0420 2012-09-15   Draft minutes for meeting #23 [html]
N0419 2012-09-15   CWE SANS 25 compared to PDTR 24772.2, Tatsuaki Takebe [pdf]
N0418 2012-09-12   Comments informally received from Canada on [N0410], [doc]
N0417 2012-09-12   Comments informally received from Japan on [N0410], [doc]
N0416 2012-08-27   Comments informally received from UK on [N0410], contributed by Pygott [xlsx]
N0415 2012-07-28   Agenda, Meeting #23, 12-14 September 2012, Geneva, Switzerland, contributed by convener [html]
N0414 2012-07-28   Business Plan and Convener’s Report [for forthcoming SC 22 plenary], contributed by convener [pdf]
N0413 2012-07-18   Logistics for WG 23 meeting #25, contributed by the convener [html]
N0412 2012-07-09 Replaces [N0403] Corrected disposition of comments on PDTR 24772, contributed by secretary [xlsx]
N0411 2012-07-09 Replaces [N0407] Proposed annex for PHP language, contributed by Kevin Coyne [docx, pdf]
N0410 2012-07-09 Replaces [N0389 PDTR-2 draft of 24772, Edition 2 (no change bars), contributed by editor [pdf
N0409 2012-07-09 Replaces [N0388] PDTR-2 draft of 24772, Edition 2 (with change bars), contributed by editor [pdf
N0408 2012-06-22   Proposal to merge XZI and FLC, contributed by Plum, Benito and Keaton [docx, pdf]
N0407 2012-06-21 Replaced by [N0411] Proposed Annex for PHP Language, marked up by Meeting #22, contributed by secretary [pdf]
N0406 2012-06-22   Reserved for Python Clarifications and Edits v03, contributed by Kevin Coyne [docx, pdf]
N0405 2012-06-21   Python Clarifications and Edits v00, contributed by Kevin Coyne [docx, pdf]
N0404 2012-06-22 . Cancelled
N0403 2012-06-22 Replaces [N0397]. Replaced by [N0412] Disposition of comments on PDTR 24772, contributed by secretary [xlsx]. Cancelled
N0402 2012-06-20   Comments on PDTR, contributed by Takabe-san [doc, pdf]
N0401 2012-06-22   Minutes, Meeting #22, 20-22 June 2012, Stuttgart, contributed by secretary [html]
N0400 2012-06-18 Replaces [N0375] Agenda, Meeting #22, 20-22 June 2012, Stuttgart, contributed by secretary [html]
N0399 2012-05-30 Replaces [N0394] Revised Working draft 17960, Code Signing for Source Code, contributed by editor [pdf, docx]
N0398 2012-05-20 Replaces [N0393] Draft of possible PHP annex, contributed by Kevin Coyne [pdf]
N0397 2012-04-28 Results of [N0389]. Replaced by [N0403] Results of Balloting on PDTR 24772: Collated comments [pdf, xlsx]
N0396 2012-04-26 Results of [N0389] Result of Voting on SC 22 N 4704, ISO/IEC PDTR 24772, contributed by secretary [pdf]
N0395 2012-04-04   Logistics, Meeting #23, 12-14 September 2012, Geneva, Switzerland, colocated with SC 22 plenary: all information [pdf]; general information [docx]; booking form for Hotel Manotel Royale [docx, pdf]; booking form for Hotel Warwick [docx, pdf]
N0394 2012-04-03 Replaces [N0390]. Replaced by [N0399] Meeting #21 Markup of Working draft 17960, Code Signing for Source Code, contributed by editor [pdf]
N0393 2012-03-28 Replaced by [N0398] Proposed Annex for PHP Language, contributed by Kevin Coyne [pdf, docx]
N0392 2012-04-03  

Minutes: Meeting #21, 28 - 30 March 2012, Ottawa, Canada [html]

N0391 2012-03-20 See [N0379] [Corrected] Results of Voting on SC 22 N 4968, New Work Item Proposal on ... Code Signing for Source Code (SC22 N4719), contributed by SC 22 Secretariat [pdf]
N0390 2012-03-19 See [N0379]. Replaced by [N0394] Working draft 17960, Code Signing for Source Code, contributed by editor [pdf, docx]
N0389 2012-01-20 Replaces [N0378]. Results are [N0396, N0397]. Replaced by [N0410] PDTR draft of 24772, Edition 2 (without change bars), contributed by editor [pdf
N0388 2012-01-20 Replaces [N0378]. Replaced by [N0409] PDTR draft of 24772, Edition 2 (with change bars), contributed by editor [pdf
N0387 2012-01-15 CANCELLED CANCELLED and replaced by [N0389]
N0386 2012-01-15 CANCELLED CANCELLED and replaced by [N0388]
N0385 2012-01-08   Proposed rewrite of Ruby.52, contributed by Jim Moore [docx, pdf]
N0384 2012-01-08 Replaces [N0382] Draft language-specific annex for SPARK [docx, pdf]
N0383 2011-12-17   Preliminary working draft, “Core Enterprise Security Application Programming Interface”, contributed by Larry Wagoner [docx, pdf]
N0382 2011-12-17 Replaces [N0281]. Replaced by [N0384] Most recent draft SPARK annex, contributed by SC22/WG9 [docx, pdf]
N0381 2011-12-17   Proposed conceptual clusters for definitions, contributed by Clive Pygott [xls]
N0380 2012-03-26  

Day of Meeting Agenda: Meeting #21, 28 - 30 March 2012, Ottawa, Canada [html]

N0379 2011-12-12 See [N0390] and [N0391]. Submitted New Work Item Proposal and Preliminary Working Draft for Code Signing, contributed by SC22 Secretariat [pdf]
N0378 2011-12-17 Replaces [N0376]. Replaced by [N0388] and [N0389]. Meeting #20 markup of N0376 [pdf]
N0377 2011-12-17   Minutes of Meeting #20 [html]
N0376 2011-12-02 Replaces [N0352]. Replaced by [N0378] Revised Baseline draft of 24772, Ed 2, contributed by editor [pdf]
N0375 2011-11-23 Replaced by [N0400] Preliminary Agenda, Meeting #22, 20-22 June 2012, Stuttgart, contributed by convener [html]
N0374 2011-11-05   Logistics, Meeting #22, 20-22 June 2012, Stuttgart, Germany, contributed by Erhard Ploedereder [html]
N0373 2011-11-01   Preliminary Agenda, Meeting #21, 28-30 March 2012, Ottawa, Canada [html]
N0372 2011-11-01 Replaces [N0362] Proposed Python annex, contributed by Kevin Coyne [pdf]
N0371 2011-11-01   Preliminary agenda, Meeting #20, 14-16 December, Washington DC, USA [html]
N0370 2011-11-23   Logistics, Meeting #21, 28-30 March 2012, Ottawa, Ontario, Canada, contributed by Steve Michell [html](with editorial corrections)
N0369 2011-10-05 Replaces [N0368] Final Meeting #19 markup of Further Revised Proposal for Concurrency Vulnerability Descriptions [dir, zip]
N0368 2011-10-04 Replaces [N0367]. Replaced by [N0369]. Meeting #19 markup of Further Revised Proposal for Concurrency Vulnerability Descriptions [dir, zip]
N0367 2011-10-03 Replaces [N0360]. Replaced by [N0368]. Further Revised Proposal for Concurrency Vulnerability Descriptions [dir, zip]
N0366 2011-10-03 Replaces [N0365] Meeting #19 markup of proposed revision to sub-clause 4.3 [docx, pdf].
N0365 2011-10-01 Replaced by [N0366] Proposed revision to Sub-clause 4.3 to describe language annexes, contributed by Jim Moore [docx]
N0364 2011-09-20   Meeting Notes, SC 22 Plenary Meeting, 19-20 September 2011, contributed by Jim Moore [docx, pdf]
N0363 2011-10-05   Minutes, Meeting #19, 3-5 October 2011 [html]
N0362 2011-09-26 Replaces [N0347]. Replaced by [N0372]. Revised Python Annex, contributed by Kevin Coyne [docx, pdf]
N0361 2011-09-30   Comments on C Annex, contributed by Joyce Tokar [pdf]
N0360 2011-09-30 Replaces [N0345]. Replaced by [N0367] Revised Proposal for Concurrency Vulnerability Descriptions [dir, zip]
N0359 2011-09-11 Replaces [N0357] Revised preliminary working draft for code signing, contributed by Larry Wagoner [docx, pdf]
N0358 2011-09-07   Presentation for SC22 plenary regarding code signing, contributed by Jim Moore [pptx, pdf]
N0357 2011-09-07 Replaces [N0318]. Replaced by [N0359] Revised preliminary working draft for code signing, contributed by Larry Wagoner [docx, pdf]
N0356 2011-09-01 Replaces [N0355] Revised: Preliminary Agenda, Meeting #19, contributed by convener [html]
N0355 2011-08-08 Replaced by [N0356] Preliminary Agenda, Meeting #19, contributed by convener [html]
N0354 2011-07-30   Preliminary Agenda, Meeting #23, contributed by convener [html]
N0353 2011-07-30   Business Plan and Convener's Report, prepared for SC 22 plenary meeting, by John Benito [pdf]
N0352 2011-07-19 Replaces [N0344]. Replaced by [N0376]. Revised Baseline draft of 24772, Ed 2, contributed by editor [pdf]
N0351 2011-07-09   Logistics for Meeting #20, contributed by Jim Moore [html]
N0350 2011-06-20 Replaces [N0349] Meeting #18 markup of Review of draft Ruby annex [xls]
N0349 2011-06-20 Replaced by [N0350] Review of draft Ruby annex [N0331], prepared by Michael Walsh, contributed by Jim Moore [xls]
N0348 2011-06-20   Draft SQL annex, prepared by Jim Johnson [docx, pdf]
N0347 2011-06-20 Replaced by [N0362] Draft Python annex, prepared by Kevin Coyne [docx, pdf]
N0346 2011-06-20   Presentation prepared for 2011 Ada Connections Conference, contributed by Larry Wagoner and revised by Meeting #18 [pptm]
N0345 2011-06-19 Replaces [N0337]. Replaced by [N0360]. Meeting #18 Markup of Concurrency Vulnerability Descriptions [dir, zip]
N0344 2011-06-19 Replaces [N0338]. Replaced by [N0352] Meeting #18 Markup of Baseline draft of 24772, Ed 2 [pdf]
N0343 2011-06-19 Replaces [N0336] Meeting #18 Markup of Proposed changes to Clause 6 introduction [docx]
N0342 2011-06-19 Replaces [N0340]. Meeting #18 Markup of Editor's Responses [N0340] to Comments from MISRA L on DTR 24772 [N0250] [xls]
N0341 2011-06-19 Replaces [N0333]. Cancelled and replaced by [S0002]. Revised schedule for the preparation of TR 24772, Edition 2, contributed by secretary [xlsx]
N0340 2011-06-04 Responds to [N0250]. Replaced by [N0342] Editor's proposed disposition of comments from MISRA [xls]
N0339 .   Minutes of Meeting #18 [html]
N0338 2011-06-02 Replaces [N0335]. Replaced by [N0344]. Revised Baseline draft of 24772, Ed 2, contributed by editor [pdf]
N0337 2011-06-01 Replaced by [N0345]. Concurrency vulnerability descriptions, contributed by Steve Michell [zip, dir]
N0336 2011-05-04 Replaced by [N0343] Proposed change to Clause 6 introduction, contributed by Jim Moore [docx, pdf]
N0335 2011-04-21 Replaces [N0303]. Replaced by [N0338]. Revised Baseline draft of 24772, Ed 2, contributed by editor [pdf]
N0334 2011-04-14  

Preliminary Agenda: Meeting #18, 19-20 June 2011, Edinburgh, UK [html]

N0333 2011-03-27 Replaces [N0302]. Replaced by [N0341]. Revised schedule for the preparation of TR 24772, Edition 2, contributed by secretary [xlsx]
N0332 2011-03-25 Replaces [N0321] Revised proposal for separation of XYY, contributed by Jim Moore [docx, pdf]
N0331 2011-03-25 Replaces [N0320]. Revised proposed annex for Ruby, contributed by James Johnson. [docx, pdf]
N0330 2011-03-25 Replaces [N0311] Meeting #17 markup of proposed revision of LAV in Ada annex, contributed by secretary [doc, pdf]
N0329 2011-03-25 Replaces [N0312]. Also see [N0328]. Revised proposed rewrite of NZN, contributed by Erhard Ploedereder [doc, pdf]
N0328 2011-03-25 Replaces [N0319]. Also see [N0329] Revised proposed rewrite of NZN, contributed by Bob Karlin [doc, pdf]
N0327 2011-03-25 Replaces [N0324] Additional meeting #17 markup of Proposed vulnerability descriptions YUK and SUK, contributed by secretary [doc, pdf]
N0326 2011-03-25 Replaces [N0325] Meeting #17 markup of proposed rewrite of WXQ and YZS, contributed by secretary [doc, pdf]
N0325 2011-03-24 Replaces [N0316]. Replaced by [N0326] Proposed rewrite of WXQ and YZS, contributed by Jim Moore [docx, pdf]
N0324 2011-03-24 Replaces [N0313]. Replaced by [N0327] Meeting #17 markup of Proposed vulnerability descriptions YUK and SUK, contributed by secretary [doc]
N0323 2011-03-24   Proposal for alignment of numbering between Clauses and Annexes, contributed by editor and secretary [docx, pdf]
N0322 2011-03-23 Replaces [N0310] Meeting #17 markup of Proposed vulnerability description on Inter-language calling, contributed by John Benito [docx, pdf]
N0321 2011-03-23 Replaces [N0305]. Replaced by [N0332] Meeting #17 markup of Proposed separation of XYY into two description (responds to action item #16-12), contributed by secretary [docx, pdf]
N0320 2011-03-23 Replaces [N0308]. Replaced by [N0331] Meeting #17 markup of Proposed Annex for Ruby Language, contributed by secretary (docx, pdf)
N0319 2011-03-23 Also see [N0312]. Replaced by [N0328]. Proposed rewrite of NZN, contributed by Bob Karlin (doc, pdf)
N0318 2011-03-23 Replaces [N0317]. Replaced by [N0357] Meeting #17 markup of Strawman draft, “Code Signing for Source Code”, contributed by secretary (doc, pdf)
N0317 2011-03-23 Replaced by [N0318] Strawman draft, “Code Signing for Source Code”, contributed by Larry Wagoner (doc, pdf)
N0316 2011-03-23 Replaced by [N0325] Proposed merger of WXQ and YZS, contributed by Beth Karlin [doc, pdf]. (Closes AI 16-04.)
N0315 2011-03-25   Minutes: Meeting #17, 23-25 March 2011, Madrid, Spain [html]
N0314 2011-03-11   Code signing proof of concept, contributed by Jim Johnson [zip]
N0313 2011-03-21 Replaced by [N0324] Proposed vulnerability descriptions YUK and SUK, contributed by Erhard Ploedereder [doc, pdf] (Closes AI 16-06)
N0312 2011-03-21 Also see [N0319]. Replaced by [N0329]. Proposed revision of NZN, contributed by Erhard Ploedereder [zip] (Closes AI 16-07).
N0311 2011-03-21 Replaced by [N0330] Proposed revision of LAV in Ada annex, contributed by Erhard Ploedereder [doc, pdf] (Closes AI 16-13).
N0310 2011-03-14 Replaces [N0309]. Replaced by [N0322] Proposed vulnerability description on Inter-language calling, contributed by John Benito [docx, pdf]
N0309 2011-03-11 Revised by [N0310] Proposed vulnerability description on Inter-language calling, contributed by John Benito [docx, pdf]
N0308 2011-03-11 Replaced by [N0320] Proposed Annex for Ruby Language, contributed by Jim Johnson [docx, pdf]
N0307 2011-02-18   Preliminary Agenda: Meeting #17, 23-25 March 2011, Madrid, Spain [html] Contains updated venue information!
N0306 2011-02-15 See [N0253] REVISED Result of Voting on SC 22 N 4575 - Information technology - Programming languages, their environments and system software interfaces - Software code signing, contributed by secretary [pdf]
N0305 2011-02-15 Replaced by [N0321] Proposed separation of XYY into two description (responds to action item #16-12), contributed by Jim Moore [docx, pdf]
N0304 2011-02-14 Replaces [N0295] Revised draft language-specific annex for the programming language C, contributed by editor [pdf]
N0303 2011-01-29 Replaces [N0301]. Replaced by [N0335] Revised baseline draft of TR Edition 2, contributed by editor [pdf]
N0302 2010-12-17 Replaced by [N0333] Schedule for the preparation of TR 24772, Edition 2, contributed by secretary [xlsx]
N0301 2010-12-16 Replaces [N0286]. Replaced by [N0303] Meeting #16 markup of baseline draft of TR Edition 2, contributed by secretary [pdf]
N0300  2010-12-14   Proposed changes to WXQ and YZS re "volatile", contributed by Tom Plum [pdf]
N0299 2010-12-15 Replaces [N0294] Further revised draft language-specific annex for Java, contributed by Ben Brosgol [pdf]
N0298 2010-12-15 Replaces [N0297]. Meeting #16 markup of proposed revision to XYQ, contributed by secretary [pdf]
N0297 2010-12-15 Replaces [N0293]. Replaced by [N0298]. Proposed revision of XYQ, contributed by David Keaton [pdf]
N0296 2010-12-15 Replaces [N0288] Meeting #16 markup of draft language-specific annex for Ada [docx]
N0295 2010-12-15 Replaces [N0287]. Replaced by [N0304] Meeting #16 markup of draft language-specific annex for programming language C, contributed by secretary [docx]
N0294 2010-12-15 Replaces [N0292]. Replaced by [N0299]. Revised draft language-specific annex for Java, contributed by Ben Brosgol [zip]
N0293 2010-12-14 Replaces [N0290]. Replaced by [N0297]. Meeting #16 markup of proposed revision to XYQ, contributed by secretary [pdf]
N0292 2010-12-14 Replaces [N0291]. Replaced by [N0294] Meeting #16 markup of draft annex for Java, contributed by secretary [pdf]
N0291 2010-12-14 Replaced by [N0292] Initial draft language-specific annex for Java, contributed by Ben Brosgol [pdf]
N0290 2010-12-13 Replaced by [N0293] Proposed revision of “6.26 Dead and Deactivated Code [XYQ]”, contributed by David Keaton [pdf]
N0289  2010-12-17   Minutes: Meeting #16, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 December 2010 [html]
N0288 2010-12-10 Replaces [N0258]. Replaced by [N0296]. Revised draft language-specific annex for Ada, contributed by John Benito [docx, pdf]
N0287 2010-12-10 Replaces [N0276] and [N0278]. Replaced by [N0295] Revised draft language-specific annex for the programming language C, contributed by John Benito [docx, pdf]
N0286 2010-10-11 Replaces [N0283] and [N0282]. Replaced by [N0301]. Baseline working draft for preparation of Edition 2 of TR 24772 [pdf], contributed by the editor based on the results of Meeting #15
N0285 2010-09-23 Supersedes [N0267] Publication proof of ISO/IEC TR 24772 [encrypted zip]
N0284 2010-09-17 Replaces [N0271] Revised format for language-specific annexes [html]
N0283 2010-09-17 Revision of [N0268]. Replaced by [N0286] Proposed baseline for the second edition of TR 24772 [docx, pdf]
N0282 2010-09-16 Replaced by [N0286] Revised outline of vulnerabilities [docx, pdf]
N0281 2010-09-16 Related to [N0275]. Replaced by [N0382]. Markup of extract of N0275, draft language-specific annex for SPARK [doc, pdf]
N0280 2010-09-14   Prototype table summarizing vulnerabilities, contributed by Steve Michell, in response to Action Item 14-05 [xls]
N0279 2010-09-10   Prototype table summarizing vulnerabilities, contributed by Jim Moore, in response to Action Item 14-04 [docx, pdf]
N0278 2010-09-10 Related to [N0270]. Replaced by [N0287]. Revision of C annex portion of N0270 [pdf]
N0277 2010-09-08   Logistics: Meeting #17, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 23-25 March 2011, Madrid, Spain [pdf], forwarded by convener
N0276 2010-09-10 Replaces [N0259]. Replaced by [N0287]. Revised draft language-specific annex for C, contributed by John Benito, David Keaton and LarryWagoner [pdf]
N0275 2010-08-31 Also see [N0281] Draft language-specific annex for SPARK, contributed by SC 22/WG 9 [doc, pdf]
N0274 2010-09-16   Minutes: Meeting #15, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 15-17 September 2010 [html]
N0273 2010-08-31 See [N0379] Proposed draft NWIP for software security APIs, contributed by Larry Wagoner [doc, pdf]
N0272 2010-08-31   Possible new vulnerability descriptions from splitting XYR into two descriptions, contributed by Clive Pygott (Action item #14-09) [doc, pdf]
N0271 2010-08-31 Replaces [N0217]. Replaced by [N0284]. Revised format for language-specific annexes, from ISO/IEC TR 24772:2010 [html]
N0270 2010-08-31 Also see [N0278] Possible new vulnerability, Buffer overflow (HCB)--Language-independent and C versions, contributed by John Benito (Action Item #14-08) [pdf]
N0269 2010-08-31   Possible new vulnerability, Unrestricted file upload (CBF), contributed by John Benito [pdf]
N0268 2010-08-12 Replaced by [N0283] "Slimmer" version of 24772 proposed as the baseline for Edition 2, contributed by Jim Moore, responding to AI#14-10 [docx, pdf]
N0267 2010-07-23 Supersedes [N0257] Superseded by [N0285] Revised draft of 24772 submitted for publication [zip]. (The document is a PDF in an encrypted zip file in order to protect it from public view.)
N0266 2010-07-08   Business Plan and Convener’s Report [for the forthcoming SC 22 plenary meeting [pdf]
N0265 2010-06-30 Replaces [N0253] Draft New Work Item Proposal: Software Code Signing, marked up at meeting #14 [docx]
N0264 2010-06-30 Replaces [N0262] Request for approval of free availability for ISO/IEC TR 24772, Information Technology - Programming Languages - Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, marked up at meeting #14 [docx]
N0263 2010-06-30   P.M. Conmy, C. Pygott, I Bate, VHDL Guidance for Safe and Certifiable FPGA Design, Contributed by Clive Pygott [zip]. (Because the paper has been submitted for conference publication, it is in an encrypted zip file.).
N0262 2010-06-27 Replaced by [N0264] Request for approval of free availability for ISO/IEC TR 24772, Information Technology - Programming Languages - Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, Draft 1, contributed by James W. Moore [docx, pdf]
N0261 2010-06-28   Minutes: Meeting #14, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 28-30 June 2010 [html]
N0260 2010-06-25   ISO/IEC JTC 1/SC 27 N8780, 1st CD 29147, Information technology -- Security techniques – Vulnerability disclosure [pdf]
N0259 2010-06-25 Replaces [N0245]. Replaced by [N0276].  Revised draft language-specific annex for C, contributed by LarryWagoner [docx, pdf]
N0258 2010-06-22 Replaces [N0205]. Replaced by [N0288]. Draft language-specific annex for Ada, contributed by WG 9 [doc, pdf]
N0257 2010-06-03 Supersedes [N0238]. Superseded by [N0267] Draft of 24772 submitted for publication [zip]. (The document is a PDF in an encrypted zip file in order to protect it from public view.)
N0256 2010-05-13   Preliminary Agenda: Meeting #16, 14-16 December 2010, San Diego, CA, USA [html]
N0255 2010-05-13   Preliminary Agenda: Meeting #15, 15-17 September, 2010, Ottawa, Canada [html]
N0254 2010-05-11   Logistics: Meeting #15, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 15-17 September 2010, Ottawa, Ontario, Canada [html], contributed by Steve Michell
N0253 2010-05-06 Replaced by [N0265]. See [N0306]. Draft New Work Item Proposal: Software Code Signing [docx, pdf], contributed by Larry Wagoner
N0252 2010-04-21   Logistics: Meeting #16, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 December 2010, San Diego, CA, USA [pdf]
N0251 2010-04-15   JTC001-N-7269 Criteria for Free Availability [pdf]
N0250 2010-04-15 See [N0340] Comments from MISRA L, contributed by Clive Pygott [xls]
N0249 2010-04-14 Disposition of [N0243] Recommended disposition of comments from Balloting on DTR 24772 [xls]
N0248 2010-04-14   Minutes: Meeting #13, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 April 2010 [html]
N0247 2010-03-30   Liaison Request from MISRA L to JTC1 for Category C Liaison with JTC 1/SC 22/WG 23 [pdf]. (This request was approved by JTC 1.)
N0246 2010-03-27 . Preliminary Agenda: Meeting #14, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 28-30 June 2010 [html]
N0245 2010-03-23 Replaces [N0233]. Replaced by [N0259] Revised draft language-specific annex for C, contributed by LarryWagoner [docx, pdf]
N0244 2010-03-23   Venue information, Meeting #14, Kona, Hawaii, 28-30 June 2010 [html], contributed by John Benito and Tom Plum
N0243 2010-03-22 Disposition in [N0249] Results of Balloting on DTR 24772: Collated NB comments [xls]
N0242 2010-03-10   Hotel arrangements, Meeting #14, Kona, Hawaii, 28-30 June 2010 [pdf], contributed by Tom Plum
N0241 2010-03-09   US Delegation to Meeting #13 [pdf], contributed by ANSI
N0240 2009-11-24 . Preliminary Agenda: Meeting #13, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 14-16 April 2010 [html]
N0239 2009-11-24 Replaces [N0230] Completed disposition of all comments received in balloting of PDTR.2 24772 [pdf]
N0238 2009-11-24 Supersedes [N0191]. Superseded by [N0257] Draft of 24772 submitted to SC 22 for DTR ballot [pdf]. The document moved up the hierarchy as SC 22 N4505 and JTC 1 N9937 [pdf].
N0237 2009-10-26   Logistics for Meeting #13 of ISO/IEC JTC 1/SC 22/WG 23, Padua, Italy, 14-16 April 2010, contributed by Tullio Vardanega [pdf]
N0236 2009-10-22   Email from Tom Plum, 16 October 2009 [pdf]
N0235 2009-10-22   Proposed response to NL-11, contributed by Steve Michell and revised during Meeting #12 [doc, pdf]
N0234 2009-10-22   Proposed response to JP-8, contributed by Robert Karlin and revised during Meeting #12 [pdf]
N0233 2009-10-22 Replaces [N0221]. Replaced by [N0245] Revised draft language-specific annex for C, contributed by LarryWagoner [docx, pdf]
N0232 2009-10-22   Proposed response to NL-7, contributed by Robert Seacord and revised during meeting #12 [pdf]
N0231 2009-10-22   Proposed response to UK-23, contributed by Dan Nagle and revised during meeting #12 - [txt]
N0230 2009-10-22 Disposition of [N0224]. Replaced by [N0239]. Disposition of technical comments received on PDTR.2 24772 [xlsx, pdf]
N0229 2009-10-22 Replaces [N0197] Revised proposal for a vulnerability description on namespace issues, contributed by Erhard Ploedereder [doc, pdf]
N0228 2009-10-16   Olwen Morgan, "Programming languages – C – Designated constructs", contributed by Steve Michell (Canada) [pdf]
N0227 2009-10-22   Minutes: Meeting #12, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 21-23 October, 2009 [html]
N0226 2009-10-13   A. Burns and A.J. Wellings, "Language Vulnerabilities - Let’s not forget Concurrency", contributed by Stephen Michell (Canada) [pdf]
N0225 2009-09-30 . Preliminary Agenda: Meeting #12, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 21-23 October 2009 [html]
N0224 2009-09-27 Replaces [N0223]. Disposition in [N0230] Corrected results of balloting on PDTR.2 24772: Collated NB comments [xls]; a separate file of US editorial comments [pdf]
N0223 2009-09-24 Cancelled. Replaced by [N0224] Results of Balloting on PDTR.2 24772: Collated NB comments [xls]
N0222 2009-08-25   Telecon Notes, WG 23, 25 August 2009, contributed by Jim Moore [pdf]
N0221 2009-08-24 Replaces [N0215]. Replaced by [N0233] Draft C Annex, contributed by Larry Wagoner [docx, pdf]
N0220 2009-08-24 Replaces [N0216] Draft Fortran Annex, contributed by Dan Nagle [doc, pdf]
N0219 2009-08-15   Logistics for Meeting #12 of ISO/IEC JTC 1/SC 22/WG 23, Santa Cruz, CA, 21-23 October 2009, contributed by John Benito [pdf]
N0218 2009-08-15   On Removing Programming Language Bias from the Vulnerabilities Document, J-P Rosen, written for submission to Ada-User, contributed by Steve Michell (Canada) [pdf]
N0217 2009-07-15 Replaces [N0165] and [N0193]. Replaced by [N0271]. Revised format for language-specific annexes, contributed by Jim Moore, recording decisions of Meeting 11 [doc, pdf]
N0216 2009-07-15 Replaces [N0211]. Replaced by [N0220] Markup of revised draft language-specific annex for Fortran [doc, pdf]
N0215 2009-07-15 Replaces [N0210]. Replaced by [N0221] Markup of revised draft language-specific annex for C [doc, pdf]
N0214 2009-07-15 Replaces [N0209] Markup of proposed description of NMP for Ada annex [doc, pdf]
N0213 2009-07-15 Replaces [N0208] Markup of proposed description of MEM for Ada annex [doc, pdf]
N0212 2009-07-15   Possible design for a multi-part document, contributed by Jim Moore [ppt, pdf]
N0211 2009-07-15 Replaces [N0206]. Replaced by [N0216]. Revised draft language-specific annex for Fortran, contributed by Dan Nagle [doc, pdf]
N0210 2009-07-15 Replaces [N0204]. Replaced by [N0215]. Revised draft language-specific annex for C, contributed by Larry Wagoner [doc, pdf]
N0209 2009-07-15 Replaced by [N0214] Proposed description of vulnerability NMP for Ada Annex, contributed by Steve Michell [doc, pdf]
N0208 2009-07-15 Replaced by [N0213] Proposed description of MEM for Ada annex, contributed by Steve Michell, [doc, pdf]
N0207 2009-07-15   Proposed new vulnerability description, QVT, contributed by Dan Nagle [doc, pdf]
N0206 2009-07-15 Replaces [N0198]. Replaced by [N0211]. Meeting #11 markup of draft language-specific annex for Fortran [doc, pdf]
N0205 2009-07-15 Replaces [N0199]. Replaced by [N0258] Meeting #11 markup of draft language-specific annex for Ada resulting from workshop at 2009 Ada Europe conference [doc, pdf]
N0204 2009-07-15 Replaces [N0200]. Replaced by [N0210] Meeting #11 markup of draft language-specific annex for C [doc, pdf]
N0203 2009-07-15 Replaces [N0201] Meeting #11 markup of proposed new vulnerability description, Overloading and Overriding [doc, pdf]
N0202 2009-07-15 . Minutes: Meeting #11, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 13-15 July, 2009 [html]
N0201 2009-07-12 Replaced by [N0203] Proposed vulnerability description, Overloading and overriding, contributed by Erhard Ploedereder [doc, pdf]
N0200 2009-07-06 Replaced by [N0204] Draft language-specific annex for C, contributed by Larry Wagoner [doc, pdf]
N0199 2009-06-22 Replaced by [N0205] Draft language-specific annex for Ada resulting from workshop at 2009 Ada Europe conference, contributed by John Benito [doc, pdf]
N0198 2009-06-22 Replaces [N0145]. Replaced by [N0206] Draft language-specific annex for Fortran, contributed by Dan Nagle [doc, pdf]
N0197 2009-06-22 Replaced by [N0229] Proposed vulnerability on namespace issues, contributed by Erhard Ploedereder [doc, pdf]
N0196 2009-06-22   Business Plan and Convener’s Report [for the forthcoming SC22 plenary meeting], contributed by convener [pdf]
N0195 2009-06-10 . Preliminary Agenda: Meeting #11, ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities, 13-15 July, 2009 [html]
N0194 2009-06-10   SC22/WG23 Vulnerabilities Meeting #11 Logistics [html]
N0193 Mistaken posting corrected 2009-06-22 Cf [N0165]. Replaced by [N0217] Proposed changes to Annex F resulting from workshop at Ada-Europe Conference [doc, pdf]
N0192 2009-06-10   Presentation to workshop of Ada-Europe Conference, John Benito, June 2009 [pdf]
N0191 2009-06-02 Supersedes [N0170]. Superseded by [N0238] Draft of 24772 submitted to SC 22 for PDTR.2 ballot [pdf]
N0190 2009-05-05   Proposed rewrite of Sub-clause 6.26, contributed by Robert Karlin [doc, pdf]
N0189  2009-05-04   Proposed rewrite of Clause 5, contributed by Larry Wagoner [doc, pdf]
N0188 2009-04-19   Suggestion for introductory text outlining scope limitations of first edition, contributed by James Moore [doc]
N0187 2009-05-18 Revision of [N0181] Completed disposition of WG9 comments on PDTR 24772, contributed by John Benito [doc]
N0186 2009-04-17 Revision of [N0185] Replacement text for Subclause 5.2, as edited at Meeting #10 [doc]
N0185 2009-04-16 Revised as [N0186] Proposed revision of Subclause 5.2, contributed by Robert Karlin [pdf]
N0184 2009-05-18 Revision of [N0180] Completed disposition of NB comments on PDTR 24772, contributed by John Benito [xls]
N0183 2009-06-22 Revision of [N0167] Schedule, version 3 [xls, pdf]
N0182 2009-04-15 Revision of [N0177] Four vulnerability descriptions approved for inclusion in the next draft of 24772 by Meeting #10 [zip, dir]
N0181 2009-04-17 Disposition of [N0174]. Revised as [N0187] Disposition of WG9 comments in N0174 performed during the meeting [doc]
N0180 2009-04-17 Disposition of [N0176]. Revised as [N0184]. Disposition of NB technical comments on PDTR 24772 performed during Meeting #10 [xls]
N0179 2009-04-17  

Draft Minutes: Meeting #10 of ISO/IEC JTC 1/SC 22/WG 23, 15-17 April 2009, San Diego, CA [html]

N0178 2009-04-13 Replaces [N0169] 2nd Preliminary Agenda, Meeting #10, San Diego, CA, 15-17 April 2008, contributed by convener [html, pdf]
N0177 2009-04-04 Revised as [N0182] Four vulnerabilities recommended for inclusion in 24772 by the editorial team [zip, dir]
N0176 2009-02-20 Disposed in [N0180] Results of Balloting on PDTR 24772: Summary of voting [pdf]; collated NB comments [doc, xls]
N0175 2009-02-18   Report of Editors' Meeting, 18 February 2009, contributed by Jim Moore: Report [pdf]. Supplementary documents [zip]
N0174 2009-02-14   Liaison comments from SC 22/WG 9 on PDTR 24774, contributed by Joyce Tokar, Convener, SC 22/WG 9 [doc].
N0173 2009-02-14   Report of Editors' Meeting, 28 January 2009, contributed by Jim Moore: Report [pdf]. Supplementary documents [zip].
N0172 2008-12-13   Report of Editors' Meeting, 12 December 2008, contributed by Jim Moore [pdf]
N0171 2008-12-09   Presentation to DHS Software Assurance Working Group, December 2008, contributed by Jim Moore [pdf]. Narrative version [pdf], submitted to Ada User as an article.
N0170 2008-12-09 Superseded by [N0191] Draft of 24772 submitted to SC 22 for PDTR ballot [pdf]
N0169 2008-12-09 Replaced by [N0178] Preliminary Agenda, Meeting #10, San Diego, CA, 15-17 April 2008, contributed by convener [html, pdf]
N0168 2008-12-09. Revised 2009-04-09 . Meeting Logistics: Meeting #10, San Diego, CA, contributed by James.W.Moore [pdf]
N0167 2008-10-22 Replaces [N0130]. Replaced by [N0183] Schedule, version 2 [xls]
N0166 2008-10-06 Replaces [N0115] Revised commenting template [xls]
N0165 2008-10-06 Replaces [N0144]. Cf [N0193]. Replaced by [N0217]. Meeting #9 revision of [N0144] "Proposed template for language specific annexes" [doc]
N0164 2008-10-06 Replaces [N0143] Meeting #9 revision of [N0143] "New Vulnerability Descriptions Proposed by J3 (Fortran)" [doc]
N0163 2008-10-06 Replaces [N0152] Meeting #9 revision of [N0152] "Proposed rewrite of 7.13 of Editor's draft of PDTR 24772 [N0138]" [doc]
N0162 2008-10-06 Replaces [N0151] Meeting #9 revision of [N0151] "Proposed rewrite of 7.10 of Editor's draft of PDTR 24772 [N0138]" [doc]
N0161 2008-10-06 Replaces [N0156] Meeting #9 revision of [N0156], "6.20 Buffer Overflow [XZB]" [doc]
N0160 2008-10-06 Replace [N0157] Meeting #9 revision of [N0157] "6.17 Unchecked Pointer Arithmetic in Buffer Access (XYX)" [doc]
N0159 2008-10-06 References [N0148]. Meeting #9 disposition of comments contained in [N0148] [xls]
N0158 2008-10-06 References [N0138]. Proposed rewrite of 6.18 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner [doc]
N0157 2008-10-06 References [N0138]. Replaced by [N0160]. Proposed revision of "6.17 Unchecked Pointer Arithmetic in Buffer Access (XYX)", contributed by Erhard Ploedereder [doc]
N0156 2008-10-06 References [N0138]. Replaced by [N0161]. Proposed revision of "6.20 Buffer Overflow [XZB]," contributed by Erhard Ploedereder [doc]
N0155 2008-10-06 References [N0138]. Proposed Vulnerability Description on Concurrency, contributed by Steve Michell [html]
N0154 2008-10-06   Resolutions Approved at the 22-24 September 2008 JTC 1/SC 22 Plenary in
Milan, Italy [pdf]
N0153 2008-10-06, revised 12-09  

Minutes: Meeting #9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 29 September to 01 October, 2008 [html]

N0152 2008-09-26 Referenced by [N0148]. References [N0138]. Replaced by [N0163]. Proposed rewrite of 7.13 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner [doc]
N0151 2008-09-26 Referenced by [N0148]. References [N0138]. Replaced by [N0162]. Proposed rewrite of 7.10 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner [doc]
N0150 2008-09-26 Referenced by [N0148]. References [N0138]. Proposed rewrite of 6.18 of Editor's draft of PDTR 24772 [N0138], contributed by Larry Wagoner [doc]
N0149 2008-09-26 References [N0145]. Comments on the "Draft of the Fortran Annex of the OWG-V TR" [N0145] contributed by Nick Mclaren [pdf]
N0148 2008-09-26 Replaces [N0146]. References [N0138]. 2nd version of Consolidated comments on [N0138], including comments received as of the date issued. [xls]
N0147 2008-09-10 Replaces [N0141] 2nd Preliminary Agenda, Meeting #9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, Stuttgart, Germany, 29 September 2008 / 01 October 2008, contributed by convener, and revised by secretary [html]
N0146 2008-09-10 Replaced by [N0148]. References [N0138] Consolidated comments on [N0138], as of the date issued. It includes comments from Jones and Pygott. [xls]
N0145 2008-09-05 Replaced by [N0198] Draft of language-specific annex for Fortran, contributed by Dan Nagle [txt]
N0144 2008-09-05 Replaced by [N0165] Proposed template for language specific annexes, contributed by Larry Wagoner [doc]
N0143 2008-08-26 Replaced by [N0164] New Vulnerability Descriptions Proposed by J3 (Fortran), contributed by Dan Nagle [doc, pdf]
N0142 2008-08-26  Revised in place on 08-27. Logistics, OWGV Meeting #9, Stuttgart, Germany, 2008-09-29/10-01, contributed by Erhard Ploedereder [pdf
N0141 2008-08-26 Replaced by [N0147] Preliminary Agenda, Meeting #9 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, Stuttgart, Germany, 29 September 2008 / 01 October 2008, contributed by convener [html]
N0140 2008-07-29   Presentation made by Jim Moore to ISO/IEC JTC 1/SC 22/WG 9 with slide added to record discussion [pdf], 2006-08
N0139 2008-07-29   Presentation made by John Benito to Military & Aerospace Electronics Forum [pdf], 2008-04 
N0138 2008-08-20 Replaces [N0134] Editor's draft of PDTR 24772, prepared by John Benito [pdf]. Spreadsheet for providing comments [xls].
N0137 2008-07-29   Business Plan and Convener's Report, ISO/IEC JTC 1/SC 22/OWG:Vulnerability, 2008-07-11, contributed by John Benito [pdf]
N0136 2008-07-07   Results of OWGV Editorial Meeting, 30 June to 02 July 2008, submitted by secretary: [dir] [zip]
N0135 2008-06-10   Preliminary agenda, Editorial Meeting, 30 June - 02 July 2008, submitted by convener [pdf]
N0134 2008-06-03 Replaces [N0125]. Replaced by [N0138]. Editor's draft of PDTR 24772, prepared by John Benito [pdf]
N0133 2008-04-16 Revision of [N0092] Template for Language-Independent Descriptions of Vulnerabilities, Version 7 [doc]
N0132 2008-04-10   Suggested editorial corrections to PDTR, Larry Wagoner [doc]
N0131  2008-04-10   Superseded directory of vulnerabilities, as of 13 March 2008 [zip]. (Posted only for archival purposes.)
N0130 2008-04-10 Replaced by [N0167] Schedule moving forward toward PDTR [xls], version 1
N0129 2008-04-09 Disposition of [N0127] and other comments Disposition of consolidated comments on vulnerability descriptions, prepared by Secretary [xls]
N0128 2008-04-09   Minutes: Meeting #8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands [html], prepared by secretary
N0127 2008-03-31 Disposition of comments [N0129] Consolidated comments on vulnerability descriptions, prepared by Secretary [xls]
N0126   Replaces [N0118]. 2nd Preliminary Agenda: Meeting #8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands [html], prepared by convener
N0125 2008-03-26 Replaces [N0106]. Replaced by [N0134]. Editor's draft of PDTR 24772, prepared by John Benito [pdf]
N0124 2008-03-26 Replaces [N0120]. Mapping between OWGV language vulnerabilities and the JSF, MISRA C, CERT C, and CERT C++, Version 2, Robert Seacord [xlsx, pdf]
N0123 2008-03-26   Editor's Report for Meeting #8, TR 24772 [pdf]
N0122 2008-02-14   Array bounds checking bibliography, Derek Jones [html]
N0121 2008-02-14 Replaces [N0078] (Revised) "Forms of language specification: Examples from commonly used computer languages" [pdf], Derek Jones
N0120 2008-02-14 Replaced by [N0124] Mapping between OWGV language vulnerabilities and the JSF, MISRA, CERT C, and CERT C++ rule sets, Robert Seacord [xls]
N0119 2008-02-14   "A new type of Working Group used for a new SC22 Working Group: OWG Vulnerability", John Benito, convener [pdf]
N0118 2008-02-14 Replaced by [N0126] Preliminary Agenda: Meeting #8 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 9-11 April 2008, Amsterdam, Netherlands [html], prepared by convener
N0117 2007-12-24 Replaces [N0112] Outline of Vulnerability Descriptions, 24 December 2007 (with assignments for update), contributed by John Benito, editor [pdf]
N0116 2007-12-16   Safety considerations in programming systems, contributed by Steve Michell [pdf]
N0115 2007-12-15 Replaced by [N0166] Commenting spreadsheet to be used in making comments on vulnerability descriptions [xls]
N0114 2007-12-15   Automatically Generated Code, contributed by Robert Seacord [pdf]
N0113 2007-12-14   List of Coding Guideline Documents, contributed by Derek Jones [pdf]
N0112 2007-12-14 Annotation of [N0109]. Replaced by [N0117]. Proposed organization of vulnerability descriptions (with annotations from OWGV Meeting #7) [pdf]
N0111 2007-12-15   Minutes: Meeting #7 of ISO/JTC1/SC22/OWG: Vulnerability
12-14 December 2007, Pittsburgh, Pennsylvania, USA [html], prepared by Secretary
N0110 2007-12-11   Final Resolutions of the 20th Plenary meeting of ISO/IEC JTC 1/SC 22, 24-28 September 2007, Singapore [pdf]
N0109 2007-12-13 Annotated as [N0112] Proposed organization of vulnerability descriptions, contributed by Larry Wagoner [pdf]
N0108 2007-11-28   Proposed additions to ISO/IEC PDTR 24772, contributed by C H Pygott [pdf]
N0107 2007-11-28   Editor's report, project 24772, contributed by John Benito [html]
N0106 2007-11-28 Replaces [N0095]. Replaced by [N0125]. Editor's draft of PDTR 24772, prepared by John Benito [pdf]
N0105 2007-11-24   Examples of Mapping MISRA-C Rules to COBOL, contributed by Barry Tauber [pdf]
N0104 2007-11-24   Distinguishing Criticality of Undefined Behavior, contributed by Tom Plum [html]
N0103 2007-11-15   Preliminary Agenda: Meeting #7 of ISO/IEC JTC 1/SC 22/OWG: Vulnerability, 12-14 December 2007, Pittsburgh, Pennsylvania, USA [html], prepared by convener
N0102 2007-10-03, corrected 10-25 Annotates [N0099] Annotations to N0099 made during Meeting #6 of OWGV [pdf]
N0101 2007-10-15   John Benito, "OWG: Vulnerability," [pdf] presentation to conference associated with meeting of ISO/IEC JTC 1/SC 22, 28 September 2007.
N0100 2007-10-04, corrected 10-25   Minutes: Meeting #6 of ISO/JTC1/SC22/OWG: Vulnerability
1-3 October 2007, Kona, Hawaii, USA [html], prepared by Secretary
N0099 2007-09-29   Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use, contributed by Larry Wagoner [pdf]. (All of the papers's references can be located using this website's list of [References].)
N0098 2007-09-12   Logistics information for OWGV Meeting #8, Amsterdam, Netherlands [html]
N0097 2007-08-20; revised 09-04   Preliminary Agenda: Meeting #6 of ISO/JTC1/SC22/OWG: Vulnerability
1-3 October 2007, Kona, Hawaii, USA [html], prepared by convener
N0096 2007-08-06 See also [N0058] Logistics information for OWGV Meeting #6, Kona, Hawaii, USA [html].
N0095 2007-08-06 Revises and replaces [N0079]. Replaced by [N0106]. Editor's draft 070806 of PDTR 24772, prepared by John Benito, submitted for PDTR registration [pdf].
N0094 2007-08-03   Business Plan and Convener's Report, ISO/IEC JTC 1/SC 22/OWG:Vulnerability, 2007-07-31, contributed by John Benito [pdf]
N0093 2007-07-24   Proposed vulnerabilities as of the close of Meeting #5 [dir]. [This is posted only as a snapshot of the results. For the most recent status use the current directory of vulnerability proposals.]
N0092 2007-07-24; revised 2007-11-26 Revises and replaces [N0072]. Revised as [N0133]. Template for Language-Independent Descriptions of Vulnerabilities, Version 6 [doc]
N0091 2007-07-24 Revises and replaces [N0085] Definitions agreed at Meeting #5 for use in the TR [doc]
N0090 2007-07-24 Revises and replaces [N0087] Text for sub-clause 1.4 [doc], as agreed at Meeting #5.
N0089 2007-07-20; revised 08-20   Approved Minutes of 19-20 July 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #5), Ottawa, Canada [html].
N0088 2007-07-16 . Liaison Report: JSR-282 (Real-Time Specification for Java) and JSR-302 (Safety-Critical Java Technologies), Ben Brosgol (pdf)
N0087 2007-07-13 Replaced by [N0090] "Possible text for sub-clause 1.4" [doc], contributed by Jim Moore.
N0086 2007-07-13   "The Physics of a Vulnerability," [pdf] by Bob Martin. Contributed by Jim Moore with the permission of The MITRE Corporation.
N0085 2007-07-12 [Replaced by N0091] "Definition of Vulnerability" [pdf], contribution by Ben Brosgol, 12 July 2007.
N0084 2007-07-12 Replaces [N0073]. (2nd Revision) "Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use" [pdf]; directory of proposed vulnerability descriptions [dir, zip]; and cover note [pdf] -- personal contribution by Larry Wagoner, 11 July 2007
N0083 2007-07-02   Comments on “Software for Dependable Systems”, contribution by Tom Plum [html]
N0082 2007-07-02   James W. Moore and Robert Seacord, "Secure Coding becomes Standard," [pdf] presentation to Systems and Software Technology Conference (SSTC), June 19, 2007. Also see related article.
N0081 2007-07-01 VOIDED Pre-Meeting Package, Meeting #5 [zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0080 2007-06-30   Agenda: Meeting #5 of ISO/JTC1/SC22/OWG: Vulnerability
18th - 20th July 2007, Ottawa, Canada [html], prepared by convener
N0079 2007-06-30 Revises and replaces [N0074]. Editor's draft 070629 of PDTR 24772, prepared by John Benito [pdf].
N0078 2007-06-30 Revises and replaces [N0060]. Replaced by [N0121] (Revised) "Forms of language specification: Examples from commonly used computer languages" [pdf] and directory of proposed vulnerability descriptions [dir, zip], personal contribution from Derek M. Jones
N0077 2007-06-04 VOIDED Post-Meeting Package, Meeting #4 [zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0076 2007-06-01   Logistics information for OWGV Meeting #5, Ottawa, Canada [html].
N0075 2007-05-10 Responds to [N0070] and [N0071]. Response of ISO/IEC JTC 1/SC 22/OWGV to: ISO/IEC JTC 1/SC 27 N5494, "JTC 1/SC 27/WG 4 Liaison Statement to JTC 1/SC 22 on Collaborative work on Application Security"; and to ISO/IEC JTC 1/SC 27 N5482, "Report of the Application Security meeting, held in Glenburn Lodge (South Africa), Nov. 17th 2006" [pdf]
N0074   Revises and replaces [N0061]. Replaced by [N0079]. Editor's draft 3 of intended PDTR 24772, prepared by John Benito [pdf]
N0073 2007-06-30

Replaces [N0066], [N0067], and [N0068].

Replaced by [N0084].

(Revised) "Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use" [pdf] and directory of proposed vulnerability descriptions [dir, zip], personal contribution by Larry Wagoner, 21 June 2007
N0072 2007-05-05 Replaces [N0056]. Replaced by [N0092]. Template for Language-Independent Descriptions of Vulnerabilities, Version 5 [html]
N0071 2007-04-30 Refers to [N0070] ISO/IEC JTC 1/SC 27 N5494, "JTC 1/SC 27/WG 4 Liaison Statement to JTC 1/SC 22 on Collaborative work on Application Security" [pdf]
N0070 2007-04-30 Referenced by [N0071] ISO/IEC JTC 1/SC 27 N5482, "Report of the Application Security meeting, held in Glenburn Lodge (South Africa), Nov. 17th 2006" [pdf]
N0069 2007-04-30   Approved Minutes of 30 April-2 May 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #4), Padua, Italy [html].
N0068 2007-04-23 Part 3 of [N0066], [N0067], and [N0068]. Superceded by [N0073]. "Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use: Vulnerabilities to Address in CWE - Part 3" [pdf], personal contribution by Larry Wagoner.
N0067 2007-04-18 Part 2 of [N0066], [N0067], and [N0068] Superceded by [N0073]. "Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use: Vulnerabilities to Address in CWE," Part 2 [pdf], personal contribution by Larry Wagoner
N0066 2007-04-11 Part 1 of [N0066], [N0067], and [N0068] Superceded by [N0073]. "Proposal to the ISO/IEC Project 22.24772: Guidance for Avoiding Vulnerabilities through Language Selection and Use" [pdf], personal contribution by Larry Wagoner
N0065 2007-04-05 VOIDED Pre-Meeting Package, Meeting #4 [zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0064 2007-04-04   Ben Brosgol and Andy Wellings, "A Comparison of Ada and Real-time Java for Safety-Critical Applications," contributed by Ben Brosgol [pdf]. Posted by permission [txt].
N0063 2007-04-04   Agenda for 30 April-2 May 2007 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #4), Padua, Italy [html
N0062 2007-04-04   "Vulnerability, Safety, Security, and Quality," [html] personal contribution by Tom Plum
N0061 2007-04-04 Revises and replaces [N0040]. Replace by [N0074]. Editor's draft 2 of intended PDTR 24772, prepared by John Benito [pdf]
N0060 2007-04-04 Replaced by [N0078]. "Forms of language specification: Examples from commonly used computer languages," [pdf] contributed by Derek Jones. Permission [txt].
N0059 2007-04-04   Preliminary draft of the CERT C Programming Language Secure Coding Standard [pdf], contributed by Robert Seacord. Permission [txt]
N0058 2006-12-29 See also [N0096] Hotel registration form for Meeting #6, Kona, Hawaii [pdf].
N0057r 2006-12-31   Announcement and logistics information for OWGV Meeting #4, Padua, Italy [pdf].
N0056 2006-12-14 Related to [N0054] and [N0048]. Superseded by [N0072]. Various Versions of a Template for Language-Independent Descriptions of Vulnerabilities [html]
N0055 2006-12-14   Approved Minutes of 11-13 December 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #3), Washington, DC [html]
N0054 2006-12-12 Revisions to [N0048] Stephen Michell, Revisions of "Vulnerabilities Issues from TR15942" [pdf]
N0053 2006-11-22 VOIDED Pre-Meeting Package, Meeting #3 [zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0052 2006-11-22   Agenda for 11-13 December 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #3), Washington, DC [html
N0051 2006-11-22   Derek Jones, Some proposed language vulnerability guidelines, 20 November 2006 [pdf]
N0050 2006-11-22   Derek Jones, Expertise: Discussion of guideline related issues, 28 August 2006 [pdf]
N0049 2006-11-22   Brian Wichmann, Tool assurance for predictable execution, 3 November 2006 [pdf]
N0048r 2006-12-11 Compilation of items from [N0013]. Stephen Michell, Vulnerabilities Issues from TR15942 [pdf]. (Revised)
N0047 2006-10-17 VOIDED Post-Meeting Package, Meeting #2[zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0046 2006-09-28   Meeting information, OWG:V Meeting #3, Washington DC, 11-13 December 2006 [html]
N0045r 2006-12-15   Jim Moore, Meeting Report of SC22 Plenary, September 2006 [pdf] (Corrected version)
N0044 2006-09-19 Also see [N0043] Vulnerability classifications used in QinetiQ report [N0043], submitted by Clive Pygott following Meeting #2 [pdf]
N0043 2006-09-19   Adam Schofield & Clive Pygott, "A Tabulation of the unpredictable features
of the C++ language," September 2006, QINETIQ/S&DU/TIM/CR060019, submitted by Clive Pygott following Meeting #2 [pdf]. Posted by permission [pdf].
N0042r 2006-12-14   Corrected and Approved Minutes of 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html] (These minutes were approved with corrections at Meeting #3.)
N0041 2007-04-04   Paul Caseley, "Dependable software dependent systems?," presentation at Meeting #2 [pdf]. Permission to post [htm]
N0040 2006-11-06 Replaced by [N0061] Working draft 61106 of intended PDTR 24772 [pdf], prepared by John Benito.
N0039 2006-09-15 Also see [N0038] Clive Pygott, "Summary of the Discussion at the HIRTS DARP C/C++ workshop 25/4/2006", personal submission to Meeting #2 [doc]
N0038 2006-09-15 Also see [N0039] Clive Pygott and Chris Tapp, "Objectives of Coding Standards & MISRA C++", personal submission to Meeting #2 [ppt]
N0037 2006-09-15 Also see [N0033] Derek Jones, "Culture and Education," personal submission to Meeting #2 [pdf]
N0036 2006-09-15   Derek Jones, "Developer beliefs about binary operator precedence," personal submission to Meeting #2 [pdf]
N0035 2006-08-28 VOIDED Pre-Meeting Package, Meeting #2 [zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0034 2006-08-28  Replaces [N0012]    UK Contribution, Proposed Base Document for OWGV [html], revised
N0033 2006-08-28  Also see [N0037] Derek Jones, "Culture and Formal Education Issues: Discussion and Proposed Guidelines," personal submission [pdf]
N0032 2006-08-24    Brian Wichmann, "What is Predictable Execution?", personal submission [pdf]
N0031 2006-08-22    Robert Seacord, Email dated 2006-08-22, outlining planned CERT approach to levels, first draft of response to Action Item 01-09 [txt, jpg]
N0030   2006-08-08    Jim Moore, "Proposal for Vulnerability Descriptions", Draft 1, prepared in response to Action Item 01-10 [html]
N0029  2006-08-28  Replaces [N0028] Agenda for 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html
N0028 2006-08-14 Superseded by [N0029] Preliminary Agenda for 14-15 September 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #2), London, UK [html]
N0027 2006-07-24 VOIDED Post-Meeting Package, Meeting #1[zip] -- Instructions: Unzip the file into a folder on your machine; open the folder; double-click on "index"; a small local web site will come up in your web browser.
N0026 2006-07-06   Annual Business Plan and Convener’s Report, ISO/IEC JTC 1/SC22 OWG:Vulnerability [pdf]. (This document was published by SC22 as N4078.)
N0025r 2006-09-15 Replaces [N0025] Corrected and Approved Minutes of 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]
N0025 2006-06-29 Also see [N0016]. Replaced by [N0025r]. Minutes of 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]
N0024 2006-06-28 Replaces [N0015]   James W. Moore, Terms of Reference: ISO/IEC Project 22.24772, “Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use” (Revision resulting from Meeting #1.) [pdf]
N0023 2006-06-26 Also see [N0017] Robert C. Seacord, CERT, "CERT Secure Coding Standards" (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]
N0022 2006-06-26 Also see [N0012] Derek Jones, UK, "Base Document Proposal" (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]
N0021 2006-06-26 Also see [N0013] Stephen Michell, Canada, "Ada's approach to Software Vulnerabilities" (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]
N0020 2006-06-26   Derek Jones, UK, Information regarding Meeting #2 of OWGV, 14-15 Sep 2006, London (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]
N0019 2006-06-23   Robert A. Martin, The MITRE Corporation, "The Common Weakness Enumeration Initiative," (Presented at Meeting #1 of OWGV, 27 June 2006) [pdf]
N0018 2006-06-27   Joe Jarzombek, US Department of Homeland Security, "Considerations in Advancing the National Strategy to Secure Cyberspace," for presentation to Meeting #1 of OWGV, 27 June 2006 [pdf]
N0017 2006-06-22 Also see [N0023] Robert Seacord, Carnegie-Mellon University CERT, "Secure Coding Standards" (permission to post) [pdf]
N0016 2006-06-22 Replaces [N0008] Revised Agenda for 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]
N0015 2006-06-21 Superseded by [N0024].   James W. Moore, Terms of Reference: ISO/IEC Project 22.24772, “Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use” [pdf]
N0014 2006-06-21   James W. Moore, Convener’s Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V [pdf]
N0013 2006-06-20 Also see [N0021] ISO/IEC TR 15942:2000, "Information technology -- Programming languages -- Guide for the use of the Ada programming language in high integrity systems" [web, pdf]
N0012 2006-06-14 Also see [N0022]; Superseded by [N0034]    UK Contribution, Proposed Base Document for OWGV [html]
N0011 2006-05-15   John Benito, OWG: Vulnerability -- A new type of Working Group used for a new SC22 Working Group, SC 22/WG 9 Meeting, Porto, Portugal [pdf]
N0010 2006-04-17   Meeting Announcement and Logistics for the 19-22 September 2006 JTC 1/SC 22 Plenary in London, England (cover [html], document [pdf])
N0009 2006-04-11   Meeting information, OWG:V Meeting #1, Washington DC, 26-27 June 2006 [html]
N0008 2006-04-13 Superseded by [N0016] Preliminary Agenda for 26-27 June 2006 Meeting of ISO/IEC JTC 1/SC 22/OWG:Vulnerability (OWG:V Meeting #1), Washington, DC [html]
N0007  2006-03-13 Responds to [N0002] Disposition of Comments for SC22 N3913, "New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" [html]. (This document was published by SC22 as N4027.)
N0006  2006-03-01   James W. Moore, A New Standards Project on "Avoiding Programming Language Vulnerabilities", SC 22/WG 14 Meeting, Berlin, Germany [pdf]
N0005  2005-11-17   James W. Moore, A New Standards Project on "Avoiding Programming Language Vulnerabilities", SIGAda Conference and SC 22/WG 9 Meeting, Atlanta, GA [pdf]
N0004  2005-10-06   James W. Moore, "Moving Forward," report to the SC22 High Integrity Study Group Mailer [pdf]
N0003  2005-10-02   Excerpts of SC 22 N 3989, "Resolutions Prepared at the Eighteenth Plenary Meeting of ISO/IEC JTC 1/SC 22, 30 September-2 October 2005, Mont Tremblant, Canada" [pdf]
N0002 2005-10-05 Responds to [N0001] SC22 N3990, "Summary of Voting for SC 22 N 3913, New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" (cover [htm], document [pdf])
N0001 2005-06-28  

SC22 N3913, "New Work Item Proposal for Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use" (cover [htm], document [htm])

Informative Material regarding the Project:

2011-06: Presentation prepared by Larry Wagoner, revised at Meeting #18, and presented by Jim Johnson at Ada Connection conference [N0346]

2009-06: Presentation made by John Benito to workshop of Ada Europe conference [N0192].

2008-12: Presentation made by Jim Moore to DHS Software Assurance Working Group [N0171]. Narrative version submitted to Ada User as an article [N0171a].

2008-06: Presentation made by Jim Moore to ISO/IEC JTC 1/SC 22/WG 9 with slide added to record discussion [N0140]

2008-04: Presentation made by John Benito to Military & Aerospace Electronics Forum [N0139]

2008-02: Presentation planned by John Benito, [N0119]

2007-09: Presentation to conference in Singapore, [N0101]

2007-06: Presentation to SSTC Conference, [N0082]

2006-06: Presentation to WG9, Ada language working group [N0011]

2006-03: Presentation to WG14, C language working group [N0006]


Disclaimer  Most of the items contained in this web site and its associated files and directories are preliminary working material of ISO/IEC JTC 1/SC 22, subject to review and correction.  

The web site is maintained for the convenience of the participants in SC 22/WG 23 (Programming Language Vulnerabilities) by:

James W. Moore, James.W.Moore@ieee.org.