Document ISO/IEC/JTC 1/SC 22/WG 23 N0591

Draft Minutes Meeting #39
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
21 October 2015

Meeting Location :

WebEx

Meeting Times:

21 October 2015: 1600-1800 EDT (2000-2200 UTC)

Local Arrangements:

N/A

Local Contacts:

N/A

IMPORTANT:

Teleconference Info

Agenda

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell
David Keaton
Larry Wagoner
Clive Pygott
Santiago Urueña Pascual
Erhard Ploedereder
Michael Fanning
Tullio Vardanega

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (meeting 38)

Approved.

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0585]

1.7 Future Meeting Schedule

2016

#47

TBD November 2016

Teleconference


#46

TBD October 2016

Teleconference


#45

14-16 Sep 2016

Vienna, Austria (with SC 22 Plenary)


#44

TBD June 2016

Face-to Face, location TBD


#43

TBD May 2016

Teleconference (UTC 2000, 2 hr)


#42

April 14-15 2016

BSI, London UK, with SC 22/WG 14


#43

07/03/16

Teleconference (UTC 2100, 2 hr)

#42

08/02/16

Teleconference (UTC 2100, 2 hr)

#41

11 -12 Jan 2016

Orlando, Florida (EST 0900-1700)

2015

#40

23/11/15

Teleconference (UTC 2100, 2 hr)

oo


















2. Liaison Activities

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Review the changes made at meeting 38, document [N0583]. All outstanding changes are shown in track changes. Consider document sent by Clive Pygott in [N0587]

This was the only item completed at this meeting. Other items will be considered at meeting 40.

The material send by Clive will be discussed at meeting 40.

3.2 TR 24772-2 Ada language specific part

Waiting for a proposal from SC 22/WG 9

3.3 TR 24772-3 C language specific part

Push to meeting 40.

3.4 TR 24772-4 Python language specific part

To be discussed at meeting 40.

3.5 TR 24772-8 Fortran

Document [N0560] needs review.

3.6 TR 24772-X C++

Consider document [N0582]


3.7 Bibliography for each TR24772 Part

The creation of the bibliography for each part is very much a work in progress. We need to decide a few issues:

  1. Should each bibliography be a repeat of the parent document’s?

  2. Should each bibliography include only material for that language?

  3. Should we put relevant text in the text of a Part to support a bibliographic reference?

  4. Guidelines for creating and using a bibliographic entry

Push to meeting 40.

3.8 Dirty Dozen Rules for C and generic

Material from Larry Wagoner. To be posted on web site, consider at meeting 40.

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities


7. Resolutions and Action Items

8. Adjournment