UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC TR 24772-1

Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 December 2019
Status: active
Page Count: 184
ICS Code (Languages used in information technology): 35.060
scope:

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series.

It is applicable to the software developed, reviewed, or maintained for any application.

This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated.

Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

Document History

ISO/IEC DIS 24772-1
January 2, 2023
Programming languages — Avoiding vulnerabilities in programming languages — Part 1: Language independent catalogue of vulnerabilities
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and...
ISO/IEC TR 24772-1
December 1, 2019
Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and...

References

This document references:
IEC 61508-1 - Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements
Published by IEC on April 1, 2010
This International Standard covers those aspects to be considered when electrical/electronic/programmable electronic (E/E/PE) systems are used to carry out safety functions. A major objective of this...
This document references:
IEC 61508-2 - Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
Published by IEC on April 1, 2010
This part of the IEC 61508 series a) is intended to be used only after a thorough understanding of IEC 61508-1, which provides the overall framework for the achievement of functional safety; b)...
This document references:
IEC 61508-3 - Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 3: Software requirements
Published by IEC on April 1, 2010
This part of the IEC 61508 series a) is intended to be utilized only after a thorough understanding of IEC 61508-1 and IEC 61508-2; b) applies to any software forming part of a safety-related system...
This document references:
IEC 61508-4 - Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 4: Definitions and abbreviations
Published by IEC on April 1, 2010
This part of IEC 61508 contains the definitions and explanation of terms that are used in parts 1 to 7 of the IEC 61508 series of standards. The definitions are grouped under general headings so that...
This document references:
IEC 61508-5 - Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 5: Examples of methods for the determination of safety integrity levels
Published by IEC on April 1, 2010
This part of IEC 61508 provides information on – the underlying concepts of risk and the relationship of risk to safety integrity (see Annex A); – a number of methods that will enable the safety...
This document is referenced by:
ISO/IEC TR 24772-2 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 2: Ada
Published by ISO on April 1, 2020
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and...
This document is referenced by:
BS PD ISO/IEC TR 24772-2 - Programming languages — Guidance to avoiding vulnerabilities in programming languages Part 2: Ada
Published by BSI on April 30, 2020
A description is not available for this item.
This document is referenced by:
ISO/IEC TR 24772-3 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 3: C
Published by ISO on May 1, 2020
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and...
This document is referenced by:
BS PD ISO/IEC TR 24772-3 - Programming languages — Guidance to avoiding vulnerabilities in programming languages Part 3: C
Published by BSI on May 31, 2020
A description is not available for this item.
This document is referenced by:
CSA ISO/IEC TR 24772-2 - Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 2: Ada
Published by CSA on January 1, 2020
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and...
View Less
View All
Advertisement