Document ISO/IEC/JTC 1/SC 22/WG 23 N0636

Draft Minutes Meeting #42
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
8 February 2016


Meeting Location :

Teleconference



Meeting Times:

8 February 2016: 1600-1800 EDT (2100-2300 UTC)

Local Arrangements:

N/A

Local Contacts:

N/A

IMPORTANT:

Teleconference Information:





Agenda

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell, convenor

David Keaton, WG 14, USA

Clive Pygott, UK

Larry Wagoner, USA

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (meeting 41)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0601]

1.7 Future Meeting Schedule


2017

#58

TBD November 2017

In-person or Teleconference


#57

TBD October 2017

Teleconference


#56

17-18 August 2017

London, UK (with SC 22 Plenary)


#55

TBD June 2017

Face-to Face, location TBD


#54

TBD May 2017

Teleconference (UTC 2000, 2 hr)


#53

TBD April 2017

In-person, Markham, ON with WG 14


#52

TBD March 2017

Teleconference (UTC 2100, 2 hr)

#51

TBD February 2017

Teleconference (UTC 2100, 2 hr)

#50

TBD January 2017

In-person (2 day), Tampa, FL


2016

#49

21/11/16

Teleconference

oo

#48

11/10/16

Teleconference

#47

15-16 Sep 2016

Vienna, Austria (with SC 22 Plenary)

#46

14-15 June 2016

With Ada Europe, Pisa, Italy

#45

05/05/16

Teleconference (UTC 2000, 2 hr)

#44

April 15-16 2016

BSI, London UK, with SC 22/WG 14

#43

07/03/16

Teleconference (UTC 2100, 2 hr)






2. Liaison Activities

For in-person meetings, unless specific issues arise.

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Review N0619, with material from Larry (N0623, N0629), Clive (N0630, N0631), Stephen (N0633) to be considered for addition.


We discuss Standing Document S0003, the editorial history of TR 24772. Steve shows the internal update of S0003 to account for changes to date. On major change is the removal of the language-specific annexes.

Issue – how to handle Parts 2 through N. Decision: Create S0003-1 for TR 24772-1, S0003-2 for TR 24772-2 Ada, etc.

AI 42-01. Steve to implement new editorial history of all parts from N0461 as S0003-2, S0003-3, etc.


We examined document N0629 Consolidated guidance, specifically the Part 1 guidance, did some rewording and moved the additional 10 items to make a top 20. The issue encryption (#11 in N0629) needs to move to section 7 guidance when developed.

AI 41-02– Steve – update Part 1 section 5.(last) with the new guidance for Part 1 from N0637

3.2 TR 24772-2 Ada language specific part

Waiting for a proposal from SC 22/WG 9.

3.3 TR 24772-3 C language specific part

See 3.8

3.4 TR 24772-4 Python language specific part

3.5 TR 24772-8 Fortran

Document [N0560] needs review.

3.6 TR 24772-X C++

Consider document [N0582]


3.7 Bibliography for each TR24772 Part

3.8 Dirty Dozen Rules for C, generic, and other languages

Consider N0622, plus material from Larry (N0629), which is almost identical to the last Part 3.

AI 41-03 - Clive - edit the material from N0629 Part 3 Item 1 to make the malloc example clear in HFC and possibly others in Part 3.

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities


7. Resolutions and Action Items

AI 42-01. Steve to implement new editorial history of all parts from N0461 as S0003-2, S0003-3, etc.


AI 41-02– Steve – update Part 1 section 5.(last) with the new guidance for Part 1 from N0637


AI 41-03 - Clive - edit the material from N0629 Part 3 Item 1 to make the malloc example clear in HFC and possibly others in Part 3.

8. Adjournment