• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

PD ISO/IEC TR 24772:2013

Superseded
Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by
superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

Information technology. Programming languages. Guidance to avoiding vulnerabilities in programming languages through language selection and use
Available format(s)

Hardcopy , PDF

Superseded date

03-04-2020

Language(s)

English

Published date

31-05-2013

Foreword
Introduction
1. Scope
2. Normative references
3. Terms and definitions, symbols and conventions
4. Basic concepts
5. Vulnerability issues
6. Programming Language Vulnerabilities
7. Application Vulnerabilities
8. New Vulnerabilities
Annex A (informative) - Vulnerability Taxonomy and List
Annex B (informative) - Language Specific Vulnerability
        Template
Annex C (informative) - Vulnerability descriptions for
        the language Ada
Annex D (informative) - Vulnerability descriptions for
        the language C
Annex E (informative) - Vulnerability descriptions for
        the language Python
Annex F (informative) - Vulnerability descriptions for
        the language Ruby
Annex G (informative) - Vulnerability descriptions for
        the language SPARK
Annex H (informative) - Vulnerability descriptions for
        the language PHP
Bibliography
Index

Defines software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software.

Committee
IST/5
DocumentType
Standard
Pages
340
PublisherName
British Standards Institution
Status
Superseded
SupersededBy

Standards Relationship
ISO/IEC TR 24772:2013 Identical

ISO/IEC TR 10000-1:1998 Information technology Framework and taxonomy of International Standardized Profiles Part 1: General principles and documentation framework
ISO/IEC 2382-1:1993 Information technology Vocabulary Part 1: Fundamental terms
RTCA DO 178 : C2011 SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION
ISO/IEC 30170:2012 Information technology Programming languages Ruby
ISO/IEC 15291:1999 Information technology Programming languages Ada Semantic Interface Specification (ASIS)
IEC 61508-5:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 5: Examples of methods for the determination of safety integrity levels (see Functional Safety and IEC 61508)
IEC 61508-4:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (see Functional Safety and IEC 61508)
IEC 61508-3:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements (see Functional Safety and IEC 61508)
ISO/IEC/IEEE 60559:2011 Information technology Microprocessor Systems Floating-Point arithmetic
ISO/IEC TR 15942:2000 Information technology Programming languages Guide for the use of the Ada programming language in high integrity systems
ISO 80000-2:2009 Quantities and units Part 2: Mathematical signs and symbols to be used in the natural sciences and technology
ISO/IEC 1539-1:2010 Information technology Programming languages Fortran Part 1: Base language
ISO/IEC 9899:2011 Information technology Programming languages C
IEC 61508-6:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (see Functional Safety and IEC 61508)
ISO/IEC TR 24731-1:2007 Information technology Programming languages, their environments and system software interfaces Extensions to the C library Part 1: Bounds-checking interfaces
ISO/IEC TR 24718:2005 Information technology — Programming languages — Guide for the use of the Ada Ravenscar Profile in high integrity systems
IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements (see Functional Safety and IEC 61508)
IEEE 754-2008 REDLINE IEEE Standard for Floating-Point Arithmetic
ISO/IEC 8652:2012 Information technology — Programming languages — Ada
IEC 61508-7:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures (see Functional Safety and IEC 61508)
IEC 61508-2:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (see Functional Safety and IEC 61508)

View more information
£356.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.