Date: 8-Feb-2016
Author: S. Michell, SC 22/WG 23
Convenor
SQL annex, see N0348
Added new vulnerability [HCB], removed vulnerabilities [XYX] and [XZB], see N0274 AI #15-07
Added new vulnerabilities [WXQ] and [YZS], removed vulnerability [XYR], made the changes called for in the minutes of meeting #15, AI #15-08
Moved [AJN] to Clause 7, renamed [HTS], added advice per action item #15-05
Renumber Clause 6 and 7 to match the new outline adopted in Ottawa (Meeting #15)
Re-lettered Annexes as approved in Ottawa (Meeting #15)
Renumbered the outline in Annex A.2 and A.3
Added changes to Clause 7 per action item #15-04
Added index as discussed in Ottawa (Meeting #15)
Added entries to the table in Annex A.4 as discussed in Ottawa (Meeting #15)
Added MISRA C++ references to [BJL]
Added new CWE references to [XZS], [XYO], [RST], [HCB], [XYP], [NZN], [XYX], [XYY], and [EWR]
Changed white-list, black-list, JavaScript to be consistent
Fixed first bullet in 6.12.5 per N0301
Removed example in 6.20.3 per N0301
Added text to bullet number 3 of 6.22.5 per N0301
Fixed the relationship between CCB and CLL per meeting #16
Edited XYQ per N0290 from meeting #16
Miscellaneous formatting and editorial changes.
PDF is now bookmarked
Added entries to the index
Reworded 6.1, per N0323.
Added 6.2, moving the old text of 6.2 to 6.3 per N0323.
Added a new 7.1, moving the old text of 7.1 to 7.3 per N0323.
Added a new 7.2, moving the old text of 7.2 to 7.4 per N0323.
Renumbers clauses 6 and 7 per N0323.
Added N0322, new vulnerability [DJS], updating outline, index and table.
Added N0332, replacing XYY with FIF and PIK, updating outline, index and table.
Applied changes indicated in N0326.
Applied change indicated in N0329, changed NZN to OYB, updating outline, index and table.
Applied change indicated in N0327, changed YUK and SUK to MXB and SKL, updated outline, index and table.
Added Vulnerability name to 3 letter tag in index.
Changed the index template.
Added entries to the index.
Added the C programming language annex.
Added the Ruby programming language annex.
resulting in small editorial edits, no major changes
Added N0344, comments from meeting #18 markup of baseline draft of 24772 – N0338
Added N0343, Proposed changes to Clause 6 introduction
Added N0342, Comments from MISRA L on DTR 24772
Comments from meeting #19, see N0363
Proposed changes to Clause 4, see N0366
Added Clause 8 New Vulnerabilities per meeting #19, see N0369
Added Python Annex, see N0372
Update the reference to C++ to reflect the newly published standard
Added the new terms defined for the Concurrent vulnerabilities as per meeting #19, farmed from N0369
Added edits suggested by Clive Pygott, Liz Whiting, David Keaton, and Stephen Michell
Added the Ada Annex, contributed by WG 9
Editorial issues from David Keaton, Larry Wagoner, and Rod Chapman
N0381, reorganization of Clause 3, from meeting #20
N0378, PDF markup from meeting #20
Updated C Standard reference to 9899:2011
Updated IEEE 745:2008 to ISO/IEC/IEEE 60559:2011
Added SPARK annex, furnished by R. Chapman
Added an updated Python annex, furnished by Kevin Coyne
Added text from N0385 furnished by Jim Moore
Changed the page number entries in the Vulnerability table of A.4 to PDF bookmarks
Miscellaneous editorial changes
N0386 publish with no change bars, and no WG 23 front page.
Changed clause 3.1 per the Directives, Part 2, 5.2.4
Reorded the Annexes per meeting #20
Changed the Annexes per the Directives, Part 2
Renamed the annexes
Ada -> C
C -> D
Python -> E
Ruby -> F
SPARK -> G
N0388 publish with no change bars, and no WG 23 front page.
NOTE: N0389 sent to the SC 22 Secretariat for PDTR ballot, per meeting #20
N0409 published without change bars.
NOTE: N0410 sent to the SC 22 Secretariat for 2nd PDTR ballot, per meeting #22
Incorporated all changes noted in N0428.
Editorial changes
NOTE: N0427 sent to the SC 22 Secretariat for DTR ballot, per meeting #23
[AJN] Choice of Filenames and other External Identifiers
[NZN] Returning Error Status
[XYR] Unused Variable
[XYX] Boundary Beginning Violation
[XYY] Wrap-around Error
[XZB] Buffer Overflow
Added internal links to clause references within document
Corrected references to MISRA C 2004 to 2012,
Moved clauses 8.3 through 8.8 inclusive to 6.58 through 6.63 with the intent to write up language-specific vulnerabilities. Vulnerabilities [CGA], [CGT], [CGX], [CGS], [CGM], [CYG], [EFS], [SHL]
Added Annex I Fortran from N0442.
Remove Annexes C through I from N0461. Annexes become TR 24772-2 through -8
Integrated draft edits as found in N0513, 514, 515, 516, 517, 518, 521, 522. Significant changes are:
Elimination of section 6.2 Terminology (moved into section 4)
Change some terms, such as coercion -> implicit type conversion
Moved clause 6.3 -> 6.2, etc.
Made all guidance directive, not passive. Moved subjective text in 6.X.5 into section 6.X.3
Added direction to use static analysis tools in more subclauses (6.X.5)
Moved 6.64 and 6.65 to clause 7
Significant new guidance in 6.23.5 [LAV]
[REU] Termination Strategy -> [REU] Fault Tolerance and Failure Strategies
Moved [CGY] Inadequately Secure Communications to 7.30
Moved [EFS] Use of Unchecked Data from an Uncontrolled or Taineted Source -> 7.31