Document ISO/IEC/JTC 1/SC 22/WG 23 N0674

Minutes of Meeting #46
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
15-16 September 2016

Meeting Location :

Austrian Standards Institute - ASI

Heinestraße 38 A-1020

Vienna Austria


Meeting Times:

15-16 June 2016: 0900-1700 Central European daylight time (0700-1500 UTC)

Agenda

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell - Convenor
Erhard Ploedereder - WG 9
Haibo Li - China
Chen Hai - China
Ulrich Neumerkel - Austria

WEBEX Clive Pygott - UK, MISRA C/C++
David Keaton - WG 14
Joyce Tokar - USA

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (meeting 45, document N663)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0667]

1.7 Future Meeting Schedule

2017

pre-mtg-51

20/11/17

Teleconference (UTC 2000, 2 hr)


post-mtg-50

16/10/17

Teleconference (UTC 2000, 2 hr)


#50

17-18 August 2017

BSI London (with SC 22 Plenary)


#49

12-13 June 2017

Vienna, Austria with Ada Europe(2 day)


post-mtg-48

15/05/17

Teleconference (UTC 2000, 2 hr)


#48

6-7 April 2017

IBM Markham, Canada (2 day)


pre-mtg-48

06/03/17

Teleconference (UTC 2100, 2 hr)

#47

23-24 January 2017

In-person (2 day)

2016

pre-mtg-47

21/11/16

Teleconference (UTC 2000, 2 hr)

oo

post-mtg-46

11/10/16

Teleconference (UTC 2000, 2 hr)





















2. Liaison Activities

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Document N673,

Discussion of fault tolerance (6.37). The current writeup is too much of a tutorial on fault handling and recovery, and not enough analysis on

3.2 TR 24772-2 Ada language specific part

Waiting for a proposal from SC 22/WG 9

3.3 TR 24772-3 C language specific part

Document N067?

3.4 TR 24772-4 Python language specific part

Document N0592.

3.5 TR 24772-8 Fortran

Document [N0560] needs review.

3.6 TR 24772-X C++

Consider document [N0582]


3.7 Bibliography for each TR24772 Part

3.8 Dirty Dozen Rules for C, generic, and other languages

Strategy on how to use and incorporate such rules.

4 Strategy (Face to face meetings only)

5 Publicity (Face to face meetings only)

6 Other Business

6.1 Review of Assignment of responsibilities


7. Resolutions and Action Items

8. Adjournment