n0129

Document Sample
n0129 Powered By Docstoc
					Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17




ISO/IEC JTC 1/SC 22/OWGV N 0129 - Disposition of Consolidated Comments on OWGV Vulnerability Templates, 9 April 2008
To submit your comments, submit this spreadsheet using a filename with the following format: FML-
yymmdd.xls where "FML" is your initials and "yymmdd" is the date of submission. Please keep in mind
that your spreadsheet will be consolidated with many others. So it is important to follow these rules: (1)
Put your initials in column 1 of each of your comments; (2) hard code your comment numbers (DO NOT
USE A FORMULA) so that the comment numbers will remain unchanged when your spreadsheet is
consolidated with others; (3) use the comment categories as defined on the other tab of this spreadsheet;
(4) the three-letter vulnerability code must go in column 4; (5) the subsection of the vulnerability
description should go in column 5. PLEASE propose replacement text that will fix the problem you have
 Comm Com Cat Vulner I have already entered rationale                               Please delete and
described in your comment.Subsecti Comment andone comment as an example. Proposed newittext                              Disposition of comment
entor's ment ego ability         on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

CHP              TL    Glossar 3.5         Addition to the definition of 'Safety Critical'    Note: for this document, the Accepted
                       y                                                                      term 'safety critical' is used
                                                                                              for all vulnerabilies that may
                                                                                              result in 'safety hazards'.
                                                                                              Not withstanding that in
                                                                                              some domains a distinction
                                                                                              is made between 'safety-
                                                                                              related' (may lead to any
                                                                                              harm) and 'safety-critical'
                                                                                              (life threatening)



CHP              GT              through Remove the term "safety-related", to be              Replace all occurances of Accepted
                                 out the consistent with the glossary                         "safety related" (with or
                                 documen                                                      without hyphen) with 'safety
                                 t                                                            critical'




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                               8/6/2012                                                               Page 1 of 60
Commenting template (Version 4)                                                                                                               ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                  2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

CHP              TL              6.34.6    Suggest an additional example based on         int j = 100; {for (int j=0; j<10; Accepted but in 6.34.4
                                           different interpretations of the language      j++) ; cout << j; /* what
                                           definition (i.e. Microsoft ignoring it)        value? */} According to the
                                                                                          ISO C++ definition, the
                                                                                          output value should be 100,
                                                                                          but in some
                                                                                          implementations it will be
                                                                                          10, as the loop counter
                                                                                          remains in-scope after the
                                                                                          end of the loop statement.



DJM      1             XZI       6.14.4    Better wording                                 Converting a signed data       Editor will decide
                                                                                          type to a larger signed data
                                                                                          type or pointer can cause
                                                                                          unexpected behavior due to
                                                                                          the extension of the sign bit.


DJM      2             XZI       6.14.4    Better wording                                 For instance, this can occur Editor will decide
                                                                                          when a signed character is
                                                                                          converted to the type short
                                                                                          or a signed integer is
                                                                                          converted to the type long




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                       Page 2 of 60
Commenting template (Version 4)                                                                                                          ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                             2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                      Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      3             XZI       6.14.5    Better wording                               Strongly typed languages    Editor will decide
                                                                                        require greater enforcement
                                                                                        of type rules.

DJM      4             XZI       6.14.5    Another language characteristics to consider Languages that support      Accept
                                                                                        more than one integer type.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                         8/6/2012                                                                    Page 3 of 60
Commenting template (Version 4)                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                        Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      5             XZI       6.14.6    Better wording                 Use a sign extension library, Editor will decide
                                                                          standard function, or
                                                                          appropriate language-
                                                                          specific coding methods to
                                                                          extend signed values.

DJM      6             XZI       6.14.6    Better wording                 Use static analysis tools to Editor will decide
                                                                          help locate situations in
                                                                          which use of converted
                                                                          values might have
                                                                          unintended consequences.

DJM      7             XZH       6.15.1    More accurate wording          These issues arise from       These issues arise from mistakes
                                                                          mistakes in mapping the       in mapping the design into source
                                                                          design into source code, in   code, in moving between
                                                                          moving between languages      languages (such as between C-
                                                                          (such as between C-based      based languages where all arrays
                                                                          languages where all arrays    start at 0 and other languages
                                                                          start at 0 and Pascal-based   where arrays often start at 1
                                                                          languages where all arrays
                                                                          often start at 1




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                           8/6/2012                                                                      Page 4 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text               Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      8             XZH       6.15.1    Better wording.                                The issue also can arise in     The issue also can arise in
                                                                                          more algorithms where           algorithms where relationships
                                                                                          relationships exist between     exist between components, and the
                                                                                          components, and the             existence of a sentinel value
                                                                                          existence of a sentinal value   changes the conditions of the test.
                                                                                          changes the conditions of
                                                                                          the test.

DJM      9             XZH       6.15.4    Better wording                                    Such incorrect accesses    Accept. Also change calculation to
                                                                                             can cause cascading errors cascading in line 24.
                                                                                             or references to illegal
                                                                                             locations, resulting in
                                                                                             potentially unbounded
                                                                                             behaviour.
DJM      10            XZH       6.15.4    Delete paragraph starting “Off by one errors                                 Off-by-one errors are not often
                                           are not exploited ...” because it is not relevant                            exploited in attacks…
                                           to this subsection.
DJM      11            XZH       6.15.5    Delete all of the bullet points because they                                 Clive will propose a rewrite
                                           are methods of avoiding the vulnerability, not                               considering this point.
                                           applicable language characteristics

DJM      12            XZH       6.15.5    Add the bullet point                           An applicable language          Clive will propose a rewrite
                                                                                          characteristic is the use of    considering this point.
                                                                                          relational operators and
                                                                                          array indexing.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                     Page 5 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      13            XZH       6.15.6    Delete the sentence “Off-by-one errors are a                                  Reject. Also change "eg" to "e.g."
                                           common defect that is also a code quality
                                           issue” because we should avoid getting
                                           involved in issues of quality, we just want to
                                           reduce faults
DJM      14            XZH       6.15.6    the term 'structure indice' is new to me and                                  Clive will propose a rewrite
                                           needs to be defined.                                                          considering this point.
DJM      15            XZH       6.15.6    Alternative wording for the second bullet      Another way of saying this     Clive will propose a rewrite
                                           point                                          is that constants should not   considering this point.
                                                                                          explicitly appear in
                                                                                          expressions, they should
                                                                                          only appear in a symbolic
                                                                                          form (e.g., an identifier of
                                                                                          some kind).

DJM      16            XZH       6.15.6    Another bullet point                           Use of static analysis tools   Clive will propose a rewrite
                                                                                          to detect that a loop is       considering this point.
                                                                                          performing one too few or
                                                                                          one too many iterations
                                                                                          (e.g., based on arrays that
                                                                                          are accessed).




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                   Page 6 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      17            XZH       6.15.6    Delete last bullet point. Writing a coding                                      Possibly rewrite as: Length should
                                           standard is not in itself a mitigation; what                                    be a calculated function of the
                                           should the guideline actually say?                                              sentinel values to avoid
                                                                                                                           interpretation errors. Clive will
                                                                                                                           consider this in his rewrite.
DJM      18            XZH       6.15.7    Better wording                                    Languages should provide Clive will propose a rewrite
                                                                                             standard ways to access all considering this point.
                                                                                             elements in indexed
                                                                                             structures without the need
                                                                                             for numeric literals, as well
                                                                                             as tests to ensure that
                                                                                             algorithms cover the
                                                                                             declared ranges of whole
                                                                                             structures.

DJM      19            XYY       6.10.1    Better wording.                                   Wrap around errors occur Agree
                                                                                             whenever a value is
                                                                                             incremented past the
                                                                                             maximum value
                                                                                             representable in its type and
                                                                                             therefore "wraps around" to
                                                                                             a very small, negative, or
                                                                                             undefined value.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                              8/6/2012                                                                  Page 7 of 60
Commenting template (Version 4)                                                                                                               ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                  2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                            Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      20            XYY       37170     I'm not sure that shift is applicable here, left                                 Change second sentence of 6.10.1
                                           shift is invariably defined to loose bits                                        to read: "Using shift operations as
                                                                                                                            a surrogate for multiply or divide
                                                                                                                            may produce a similar error."

DJM      21            XYY       6.10.1    Some processors saturate on overflow, this                                        Add to first sentence "…or
                                           needs to be discussed                                                             saturates to a defined but
                                                                                                                             unexpected value."
DJM      22            XYY       6.10.4    Better wording                                     Due to how arithmetic is       Due to how arithmetic is performed
                                                                                              performed by computers, if by computers, if a variable is
                                                                                              a primitive is incremented     incremented past the maximum
                                                                                              past the maximum value         value representable in its type, the
                                                                                              representable in its type, the system may fail to provide an
                                                                                              system may fail to provide overflow indication to the program.
                                                                                              an overflow indication to the The most common processor
                                                                                              program. The most              behavior is to "wrap" to very large
                                                                                              common processor               negative values, another behavior
                                                                                              behavior is to "wrap" to       is to saturate at an extreme value.
                                                                                              very large negative values,
                                                                                              another behavior is to
                                                                                              saturate at the largest
                                                                                              representable value.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                               8/6/2012                                                                     Page 8 of 60
Commenting template (Version 4)                                                                                                             ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      23            XYY       6.10.4    The applicable rule is “Don't shift numeric                                 Reject.
                                           quantties, only bitwise ones”?
DJM      24            XYY       6.10.4    Better wording                                 Wrap-around often            Editor will decide
                                                                                          generates an unexpected
                                                                                          negative value; this
                                                                                          unexpected value may
                                                                                          cause a loop to continue for
                                                                                          a very long time (because
                                                                                          the termination condition
                                                                                          requires a value greater
                                                                                          than some positive value) or
                                                                                          an array bounds violation. .
                                                                                          A wrap-around can
                                                                                          sometimes trigger buffer
                                                                                          overflows which can be
                                                                                          used to execute arbitrary
                                                                                          code.



DJM      25            XYY       6.10.5    Better wording                                 Languages which do not       Accept. Similar change in second
                                                                                          trigger an exception         bullet.
                                                                                          condition when a wrap-
                                                                                          around error occurs
DJM      26            XYY       6.10.5    Wording in second bullet point only applies                                 Reject
                                           on a right shift, not a left shift




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                     Page 9 of 60
Commenting template (Version 4)                                                                                                                    ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                       2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                             Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      27            XYY       6.10.6    First bullet point is a language choice issue                                     Delete first bullet
                                           and I thought we were not going there

DJM      28            XYY       6.10.6    Second bullet point is a high level (likely to be                                 Replace 2nd, 3rd, and 4th bullet
                                           out of developer control) design issue and                                        with: "Determine applicable upper
                                           not applicable                                                                    and lower bounds for the range of
                                                                                                                             all variables and use language
                                                                                                                             mechanisms or static analysis to
                                                                                                                             determine that values are confined
                                                                                                                             to this range."

DJM      29            XYY       6.10.6    Better wording                                      Analyze the software using    Accept
                                                                                               static analysis looking for
                                                                                               unexpected consequences
                                                                                               of arithmetic operations.

DJM      30            XYY       6.10.6    Alternative wording for last bullet point           Don't perform shift           Replace with: Avoid using shift
                                                                                               operations on arithmetic      operations as a surrogate for
                                                                                               values.                       multiplication and division. (Most
                                                                                                                             compilers will use the correct
                                                                                                                             operation when it is applicable.)

DJM      31            XYR       37170     The current wording does not explained why                                        Add sentence. "This sort of error
                                           this is a vulnerability                                                           suggests that the design has been
                                                                                                                             incompletely or inaccurately
                                                                                                                             implemented."




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                               8/6/2012                                                                        Page 10 of 60
Commenting template (Version 4)                                                                                                                ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                   2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                          Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      32            XYR       6.12.4    The first paragraph does not specify why this                                     Add sentence. "This sort of error
                                           is a mechanism of failure                                                         suggests that the design has been
                                                                                                                             incompletely or inaccurately
                                                                                                                             implemented.", then rewrite for
                                                                                                                             clarity.
DJM      33            XYR       6.12.4                                                     he value was forgotten           Reject
                                                                                            (almost certainly bug)
DJM      34            XYR       6.12.4    Delete fourth paragraph: Ignoring compiler                                        Delete phrase "a vulnerability in its
                                           warnings is a different vulnerability, if it is one                               own right"
                                           at all
DJM      35            XYR       6.12.5    Better wording.                                     Dead stores are possible in   Dead stores are possible in any
                                                                                               any languages that provide    language that provides
                                                                                               assignment. (Pure             assignment. (Pure functional
                                                                                               functional languages do not   languages do not have this issue.)
                                                                                               have this issue.)

DJM      36            XYR       6.12.5    Delete second bullet point. It is a longer form                                   Delete second sentence of second
                                           of the first bullet point                                                         bullet.
DJM      37            XYR       6.12.6    Better wording.                                 Use of static analysis tools      Add this bullet.
                                                                                           (which may include using




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                             8/6/2012                                                                        Page 11 of 60
Commenting template (Version 4)                                                                                       ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                          2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                  Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      38            XYL       6.6.1     Better wording.          The software does not            "A memory leak occurs when the
                                                                    sufficiently release allocated   software does not release allocated
                                                                    memory after it ceases to        memory after it ceases to be used,
                                                                    be used, which slowly            which slowly consumes available
                                                                    consumes available               memory. A memory leak can be
                                                                    memory. . This can be used       exploited by attackers to generate
                                                                    by attackers to generate         denial-of-service attacks and can
                                                                    denial-of-service attacks        cause premature shutdown for
                                                                    and can cause premature          safety-related systems.". Also,
                                                                    shutdown for safety-related      remove note.
                                                                    systems.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                     8/6/2012                                                                      Page 12 of 60
Commenting template (Version 4)                                                                                       ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                          2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                  Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      39            XYL       6.6.4     Better wording.          As a process or system       Editor will decide
                                                                    runs, any memory taken
                                                                    from dynamic memory and
                                                                    not returned or reclaimed
                                                                    (by the runtime system or a
                                                                    garbage collector) after it
                                                                    ceases to be used, may
                                                                    result in future memory
                                                                    allocation requests failing
                                                                    for lack of free space.
                                                                    Alternatively, memory
                                                                    claimed and partially
                                                                    returned can cause the
                                                                    heap to fragment, which will
                                                                    eventually result in an
                                                                    inability to take the
                                                                    necessary size storage[this
                                                                    is also a problem when
                                                                    storage is correctly
                                                                    returned]. Either condition
                                                                    may result in a memory
                                                                    exhaustion and potentially
                                                                    uncontrolled behavior if an
                                                                    application cannot handle
                                                                    the situation.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                     8/6/2012                                                                     Page 13 of 60
Commenting template (Version 4)                                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      40            XYL       6.6.4                                                     If an attacker can determine Editor will decide
                                                                                           the cause of an existing
                                                                                           memory leak, they may be
                                                                                           able to cause the
                                                                                           application to leak quickly
                                                                                           and to achieve the result
                                                                                           they are seeking.

DJM      41            XYL       6.6.4     In the third paragraph the use of 'should'                                   OBE
                                           makes no sense.
DJM      42            XYL       6.6.5     Better wording.                                 Any language that supports Editor will decide
                                                                                           a mechanisms to
                                                                                           dynamically allocate
                                                                                           memory and reclaim
                                                                                           memory under programmer
                                                                                           control.
DJM      43            XYL       6.6.5     The second bullet point is not an applicable                               Eliminate bullet list and rewrite
                                           characteristic.                                                            section to read: "This vulnerability
                                                                                                                      description is intended to be
                                                                                                                      applicable to languages that
                                                                                                                      support mechanisms to
                                                                                                                      dynamically allocate memory and
                                                                                                                      reclaim memory under program
                                                                                                                      control.".




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                                     Page 14 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                       Proposed new text           Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      44            XYL       6.6.5     The third paragraph is not an applicable                                  OBE
                                           characteristic.
DJM      45            XYL       6.6.5     The fourth paragraph is not an applicable                                 OBE
                                           characteristic.
DJM      46            XYL       6.6.6     Better wording.                               Use of Garbage collectors   Editor will decide
                                                                                         that reclaim memory that
                                                                                         will never be used by the
                                                                                         application again




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                    Page 15 of 60
Commenting template (Version 4)                                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      47            XYL       6.6.6     Better wording.                                 Allocating and freeing       Editor will decide
                                                                                           memory in different
                                                                                           modules and levels of
                                                                                           abstraction may make it
                                                                                           difficult for developers to
                                                                                           match requests to free
                                                                                           storage with the appropriate
                                                                                           storage allocation request.
                                                                                           This may cause confusion
                                                                                           regarding when and if a
                                                                                           block of memory has been
                                                                                           allocated or freed, leading
                                                                                           to memory leaks. In som
                                                                                           ecases these complications
                                                                                           can be simplified by
                                                                                           allocated and freed
                                                                                           particular storage at the
                                                                                           same level of abstraction,
                                                                                           and ideally in the same
                                                                                           code module.




DJM      48            XYL       6.6.6     Delete third paragraph. It does not solve the                                Reject
                                           problem being discussed.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                      Page 16 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                            Proposed new text           Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      49            XYL       6.6.6     Delete the fifth bullet point; it duplicates the                               Merge 4th and 5th into a single
                                           suggestion in the fourth bullet point                                          bullet.
DJM      50            XYL       6.6.6     Ne suggestion.                                     Use a static analysis tool  Add new bullet: "Use tooling which
                                                                                              which is capable of         is capable of detecting when
                                                                                              detecting when allocated    allocated storage is no longer used
                                                                                              storage is no longer used   and has not been freed (for
                                                                                              and has not been freed (for reuse).".
                                                                                              reuse).




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                               8/6/2012                                                                 Page 17 of 60
Commenting template (Version 4)                                                                                   ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                      2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                  Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      51            XYK       6.5.1     Better wording.          A dangling reference is a     Reject
                                                                    reference to an object
                                                                    whose lifetime has ended
                                                                    due to explicit deallocation
                                                                    or the stack frame in which
                                                                    the object resided has been
                                                                    freed due to exiting the
                                                                    dynamic scope of the
                                                                    function that created it. The
                                                                    memory for the referenced
                                                                    object may be reused;
                                                                    therefore, any access
                                                                    through the dangling
                                                                    reference may affect an
                                                                    unexpected location of
                                                                    memory, potentially
                                                                    corrupting the value of an
                                                                    unrelated object.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                     8/6/2012                                                                 Page 18 of 60
Commenting template (Version 4)                                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      52            XYK       6.5.1     Better wording                                  Such a “Double Free” may         Such a “Double Free” may corrupt
                                                                                           corrupt internal data            internal data structures of the heap
                                                                                           structures of the heap           administration, leading to faulty
                                                                                           administration, leading to       application behaviour (such as
                                                                                           extremely surprising , faulty    infinite loops within the allocator,
                                                                                           , application behaviour          returning the same memory
                                                                                           (such as infinite loops within   repeatedly as the result of distinct
                                                                                           the allocator, returning the     subsequent allocations, or
                                                                                           same memory repeatedly           deallocating memory legitimately
                                                                                           as the result of distinct        allocated to another request since
                                                                                           subsequent allocations, or       the first free call, to name but a
                                                                                           deallocating memory              few), or it may have no adverse
                                                                                           legitimately allocated to        effects at all.
                                                                                           another request since the
                                                                                           first free call, to name but a
                                                                                           few), or it may have no
                                                                                           adverse effects at all.




DJM      53            XYK       6.5.1     Delete fourth paragraph. It is not applicable                                    Reject
                                           and subjective.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                        Page 19 of 60
Commenting template (Version 4)                                                                                                             ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text               Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      54            XYK       6.5.1     Better wording.                                 With sufficient knowledge       With sufficient knowledge about
                                                                                           about the heap                  the heap management scheme
                                                                                           management scheme (often        (often provided by the OS or run-
                                                                                           provided by the OS or           time system), use of dangling
                                                                                           standard kernel), use of        references is an exploitable
                                                                                           dangling references can be      vulnerability, since the dangling
                                                                                           an exploitable vulnerability,   reference provides a method with
                                                                                           since the dangling              which to read and modify valid data
                                                                                           reference provides              in the designated memory locations
                                                                                           anmethod with which to          after freed memory has been re-
                                                                                           read and modify valid data      allocated by subsequent
                                                                                           in the designated memory        allocations.
                                                                                           locations after freed
                                                                                           memory has been re-
                                                                                           allocated by subsequent
                                                                                           allocations.


DJM      55            XYK       6.5.4     Delete first sentence. It starts off with a                                     Reject
                                           quote from the C standard and then
                                           duplicates non-applicable information that is
                                           also given elsewhere.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                      Page 20 of 60
Commenting template (Version 4)                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text               Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      56            XYK       6.5.4     Better wording.           Like memory leaks and         Editor will decide
                                                                     errors due to double de-
                                                                     allocation, the use of
                                                                     dangling references has two
                                                                     common and sometimes
                                                                     overlapping causes: Error
                                                                     conditions and other
                                                                     exceptional circumstances;
                                                                     and developer confusion
                                                                     over which part of the
                                                                     program is responsible for
                                                                     freeing the memory. In one
                                                                     scenario, the memory in
                                                                     question is allocated validly
                                                                     to another pointer at some
                                                                     point after its previous use
                                                                     (ie, allocation and
                                                                     subsequent free). However,
                                                                     the original pointer to the
                                                                     freed memory is used again
                                                                     , which points somewhere
                                                                     within the newly allocated
                                                                     storage. If the data is
                                                                     changed via this original
                                                                     pointer, it unexpectedly
                                                                     changes the value of the
                                                                     validly re-used memory.
                                                                     This induces unexpected
                                                                     behaviour in the affected
                                                                     program. If the newly
                                                                     allocated data happens to
bf567274-7730-4b6f-b440-f685a7cedbdf.xls                     8/6/2012
                                                                     hold a class description, in                                           Page 21 of 60
                                                                     C++ for example, various
Commenting template (Version 4)                                                                                   ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                      2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text          Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      57            XYK       6.5.5     Better wording          Languages that permit the Editor will decide
                                                                   use of pointers and that
                                                                   permit explicit deallocation
                                                                   by the developer or provide
                                                                   for alternative means to
                                                                   reallocate memory still
                                                                   pointed to by some pointer
                                                                   value




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                  Page 22 of 60
Commenting template (Version 4)                                                                                                               ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                  2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      58            XYK       6.5.6     Better wording.                                 Use a language or             Editor will decide
                                                                                           implementation that
                                                                                           performs garbage collection
                                                                                           and does not permit
                                                                                           developers to explicitly
                                                                                           release allocated storage. In
                                                                                           this case, the program may
                                                                                           have to set all
                                                                                           pointers/references to NULL
                                                                                           when the storage they point
                                                                                           to is no longer needed (or
                                                                                           else garbage collection will
                                                                                           not collect the referenced
                                                                                           memory). [This usage still
                                                                                           permits dangling references
                                                                                           to exist]



DJM      59            XYK       6.5.6     Better wording.                                 Use a coding style that does Editor will decide
                                                                                           not permits deallocation.

DJM      60            XYK       6.5.6     Fourth bullet. Delete first two sentences.                                    Agree
                                           They do not solve the stated problem (ie,
                                           does not deal with the case where the pointer
                                           has been assigned to another pointer)




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                        Page 23 of 60
Commenting template (Version 4)                                                                                                  ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                     2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                            Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      61            XYK       6.5.6     Another suggestion.                Use a static analysis tool       Use a static analysis tool that is
                                                                              that is capable of detecting     capable of detecting some
                                                                              when a pointer is used after     situations when a pointer is used
                                                                              the storage it refers to is no   after the storage it refers to is no
                                                                              longer live.                     longer live.

DJM      62            XYK       6.5.7     Change last paragraph to.          An storage allocation        Editor will decide
                                                                              interface should be
                                                                              provided that allows the
                                                                              called function to set the
                                                                              passed in pointer to NULL
                                                                              after the referenced storage
                                                                              is deallocated.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                               8/6/2012                                                                       Page 24 of 60
Commenting template (Version 4)                                                                                   ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                      2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      63            YOW       6.<x>.1   Better wording          When distinct entities are   Editor will decide (but we rejected
                                                                   defined in overlapping       the addition of the word
                                                                   nested scopes using the      "overlapping")
                                                                   same name it is possible
                                                                   that changes to the source
                                                                   code will result in an
                                                                   unintended change in the
                                                                   entity being referred to in
                                                                   another part of the source .
                                                                   For example, if the
                                                                   innermost definition is
                                                                   deleted from the source, the
                                                                   program may continue to
                                                                   compile without a diagnostic
                                                                   being issued because an
                                                                   identifier with the same
                                                                   name, defined in an outer
                                                                   scope, is visible but
                                                                   execution will provide
                                                                   different results




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                  Page 25 of 60
Commenting template (Version 4)                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      64            YOW       6.<x>.4   Better wording          If the either the definition of Editor will decide
                                                                   some_var or t_var that
                                                                   occurs in the nested scope
                                                                   is deleted (e.g., when the
                                                                   source is modified) it is
                                                                   necessary to delete all other
                                                                   references to that identifier
                                                                   within the identifiers scope.
                                                                   If a developer deletes the
                                                                   definition of t_var but fails to
                                                                   delete the statement that
                                                                   references it, then most
                                                                   languages require a
                                                                   diagnostic to be issued
                                                                   (e.g., reference to undefined
                                                                   variable). However, if the
                                                                   nested definition of
                                                                   some_var is deleted but the
                                                                   reference to it in the nested
                                                                   scope is not deleted, then
                                                                   no diagnostic will be issued
                                                                   (because the reference
                                                                   resolves to the definition in
                                                                   the outer scope) resulting in
                                                                   an unexpected change to
                                                                   the variable in the outer
                                                                   scope during program
                                                                   execution.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                        Page 26 of 60
Commenting template (Version 4)                                                                                      ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                         2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      65            YOW       6.<x>.4   Better wording          In some cases non-unique Editor will decide
                                                                   identifiers in the same
                                                                   scope can also be
                                                                   introduced through the use
                                                                   of identifiers whose
                                                                   common substring exceeds
                                                                   the length of characters the
                                                                   implementation considers to
                                                                   be distinct. For example, in
                                                                   the following code fragment:



DJM      66            YOW       6.<x>.4   Better wording          the external identifiers are Editor will decide
                                                                   not unique on
                                                                   implementations where only
                                                                   the first 31 characters are
                                                                   significant. This situation
                                                                   only occurs in languages
                                                                   that allow multiple
                                                                   declarations of the same
                                                                   identifier (other languages
                                                                   require a diagnostic to be
                                                                   issued).




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                     Page 27 of 60
Commenting template (Version 4)                                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                   Proposed new text                 Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      67            YOW       6.<x>.5   Better wording                            Definitions for new               Definitions for new identifiers
                                                                                     identifiers should not use a      should not use a name that is
                                                                                     name that is already visible      already visible within the scope
                                                                                     within the scope that the         that the new definition will be
                                                                                     new definition will be visible.   visible.
                                                                                     [No languages contain
                                                                                     facilities for preventing
                                                                                     'inadvertent' overloading]

DJM      68            YOW       6.<x>.6   Replace bullet point with.                Allow the same name to be Languages which allow the same
                                                                                     used for identifiers defined name to be used for identifiers
                                                                                     in overlapping scopes        defined in nested scopes

DJM      69            YOW       6.<x>.7   Replace first bullet point with.          Ensure that a definition of   Replace the first sentence with the
                                                                                     an entity does not occur in a proposed text.
                                                                                     scope where a different
                                                                                     entity with the same name is
                                                                                     accessible and can be used
                                                                                     in the same context.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                      8/6/2012                                                                      Page 28 of 60
Commenting template (Version 4)                                                                                                          ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                             2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      70            YOW       6.<x>.7   Replace second bullet point with:               Ensure that a definition of   Accept
                                                                                           an entity does not occur in a
                                                                                           scope where a different
                                                                                           entity with the same name is
                                                                                           accessible and has a type
                                                                                           which permits it to occur in
                                                                                           at least one context where
                                                                                           the first entity can occur.



DJM      71            YOW       6.<x>.7   Delete third bullet point. Languages don't                                   Change UtilizeUse to Use. Also
                                           provide this functionality.                                                  add this to implications for
                                                                                                                        standardization.
DJM      72            YOW       6.<x>.7   Delete fourth bullet point. It is not a                                      Replace with: Adopt a coding style
                                           suggestion for avoiding the vulnerability.                                   that provides that overloaded
                                                                                                                        operations or methods should form
                                                                                                                        families that share the same
                                                                                                                        semantics, share the same name,
                                                                                                                        have the same purpose, and are
                                                                                                                        differentiated by formal
                                                                                                                        parameters.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                                 Page 29 of 60
Commenting template (Version 4)                                                                                                 ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                    2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                  Proposed new text          Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      73            YOW       6.<x>.7   Replace last bullet point with:          Ensure that all identifiers Accept but add the sentence:
                                                                                    differ within the number of "Documennt the assumption."
                                                                                    characters considered to be
                                                                                    significant by the
                                                                                    implementations that are
                                                                                    likely to be used.
DJM      74            YOW       6.<x>.8   New reference to cite.                   Jones 2007 (sentence 790) Jones 2007 (sentence 792)




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                     8/6/2012                                                               Page 30 of 60
Commenting template (Version 4)                                                                                       ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                          2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text                 Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      75            AJN       6.x.1     Better wording           Interfacing with the directory   Interfacing with the directory
                                                                    structure or other external      structure or other external
                                                                    identifiers on a system on       identifiers on a system on which
                                                                    which software executes is       software executes is very common.
                                                                    very common. Differences         Differences in the conventions
                                                                    in the conventions used by       used by operating systems can
                                                                    operating systems can            result in significant changes in
                                                                    result in significant changes    behavior when the same program
                                                                    in behavior when the same        is executed under different
                                                                    program is executed under        operating systems. For instance,
                                                                    different operating systems.     the directory structure, permissible
                                                                    For instance, the directory      characters, case sensitivity, and so
                                                                    structure, permissible           forth can vary among operating
                                                                    characters, case sensitivity,    systems and even among
                                                                    and so forth can vary            variations of the same operating
                                                                    among operating systems          system. For example, Microsoft XP
                                                                    and even among variations        prohibits “/?:&\*”<>|#%”; but UNIX
                                                                    of the same operating            allows any character except for the
                                                                    system. . For example, on        reserved character / to be used in a
                                                                    OS X, “:” is prohibited as       filename.
                                                                    part of a filename; Microsoft    Some operating systems are case
                                                                    XP prohibits “/?:&\*”<>|#%”;     sensitive while others are not, this
                                                                    and many flavours of Unix        could result in the same filename
                                                                    allow any character except       being displayed as filename,
                                                                    for the reserved character /     Filename or FILENAME and all
                                                                    used to delineate the            would refer to the same file.
                                                                    directory structure.
                                                                    Some operating systems
                                                                    are case sensitive while
                                                                    others are not, this could
                                                                    result in the same filename
bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012
                                                                    being displayed as                                                      Page 31 of 60
                                                                    filename, Filename or
Commenting template (Version 4)                                                                                       ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                          2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      76            AJN       6.x.1     Better wording          Variations in what filename,     Variations in the filename, named
                                                                   named resource or external       resource or external identifier being
                                                                   identifier is being              referenced can be the basis for
                                                                   referenced can be the basis      various kinds of problems. Such
                                                                   for various kinds of             mistakes or ambiguity can be
                                                                   problems. Such mistakes          unintentional or intentional, in either
                                                                   or ambiguity can be              case they can be potentially
                                                                   unintentional or intentional ,   exploited, if surreptitious behaviour
                                                                   in either case they can be       is a goal.
                                                                   potentially exploited, if
                                                                   surreptitious behaviour is a
                                                                   goal.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                          Page 32 of 60
Commenting template (Version 4)                                                                                    ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                       2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                 Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      77            AJN       0.4       Better wording          The wrong named resource       The wrong named resource (e.g.,
                                                                   (e.g., a file) may be used ,   a file) may be used within a
                                                                   within a program, in a form    program in a form that provides
                                                                   that allows access to          access to resources that were not
                                                                   resources that were not        intended to be accessed.
                                                                   intended to be accessable.     Attackers could exploit this
                                                                   Attackers could exploit this   situation to intentionally misdirect
                                                                   situation to intentionally     access of a named resource to
                                                                   misdirect access to a          another named resource.
                                                                   named resource to another
                                                                   named resource.




DJM      78            AJN       0.5       Replace by.             Any language that allows       Ensure consistency with template.
                                                                   use of an API whose access     Change text to: "Any language
                                                                   to named resources various     providing for use of an API for
                                                                   across operating systems is    external access of resources with
                                                                   vulnerable to this problem.    varied naming conventions. In
                                                                                                  practice, this means all languages".




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                    8/6/2012                                                                     Page 33 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      79            AJN       0.6       Replace first bullet point by:                 Use a named resource           Where possible, use an API that
                                                                                          access API that is compliant   provides a known, common set of
                                                                                          with ISO/IEC 9945:2003         conventions for naming and
                                                                                          (IEEE Std 1003.1-2001).        accessing external resources, such
                                                                                                                         as POSIX, ISO/IEC 9945:2003
                                                                                                                         (IEEE Std 1003.1-2001)."

DJM      80            AJN       0.6       Delete second bullet point (equivalent to                                     Analyze the range of intended
                                           bullet point 1)                                                               target systems, develop a suitable
                                                                                                                         API for dealing with them, and
                                                                                                                         document the analysis.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                   Page 34 of 60
Commenting template (Version 4)                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                        Proposed new text               Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DJM      81            AJN       0.6       Additional suggestion          Ensure that programs adapt      "Ensure that programs adapt their
                                                                          their behavior to the           behavior to the platform on which
                                                                          platform on which they are      they are executing, so that only the
                                                                          executing, so that only the     intended resources are accessed.
                                                                          intended resources are          This means that information on
                                                                          accessed. This means that       such characteristics as the
                                                                          information on such             directory separator string and
                                                                          characteristics as the          methods of accessing parent
                                                                          directory separator string      directories need to be
                                                                          and methods of accessing        parameterized and not exist as
                                                                          parent directories need to      fixed strings within a program."
                                                                          be parametrised and not         Also add a bullet: "Avoid creating
                                                                          exist as fixed strings within   resources which are discriminated
                                                                          a program.                      only by differences in case in their
                                                                                                          names."



DMJ-2       1          XYH       6.3.1     Better Wording                 “valid memory area” ->
                                                                          “valid memory location”          Accept
DMJ-2       2          XYH       6.3.4     Better Wording                 “valid memory area” ->
                                                                          “valid memory location”          Accept
DMJ-2       3          XYH       6.3.4     Better Wording                 “often result in the failure” ->
                                                                          “sometimes results in the
                                                                          termination”
                                                                                                           Reject




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                           8/6/2012                                                                      Page 35 of 60
Commenting template (Version 4)                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                        Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DMJ-2       4          XYH       6.3.5     Replace first bullet           Languages that permit the
                                                                          use of pointers and do not
                                                                          check the validity of the
                                                                          location being accessed
                                                                          prior to the access.
                                                                                                        Accept
DMJ-2       5          XZP       7.11.1    Better Wording                 “excessive amount” ->
                                                                          “excessive number”            Accept
DMJ-2       6          XZP       7.11.1    Replace last sentence          This could ultimately lead to
                                                                          a denial of service that
                                                                          could prevent any other
                                                                          applications accessing
                                                                          these resources.
                                                                                                        Accept




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                           8/6/2012                                                                 Page 36 of 60
Commenting template (Version 4)                                                                                                          ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                             2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                       Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DMJ-2       7          XZP       7.11.4    Replace first three paragraphs, which are not The mechanism of failure
                                           a mechanism of failure                        may be external factors
                                                                                         beyond the control of the
                                                                                         application (e.g., the
                                                                                         number of incoming             Reject, but replace the sentence on
                                                                                         requests that have to be       lines 32-33 with the following: "In
                                                                                         processed) or may be the       some cases an attacker or a defect
                                                                                         result of an application       may cause a system to fail in an
                                                                                         requesting excessive           unsafe or insecure fashion by
                                                                                         amounts of a resource (e.g.,   causing an application to exhaust
                                                                                         a request for very large       the available resources." Also,
                                                                                         amounts of temporary           delete the word "successfully" in
                                                                                         storage).                      line 34.
DMJ-2       8          XZP       7.11.5    Delete first bullet                                                          Accept
DMJ-2       9          XZP       7.11.5    Second bullet                                 “authorized user” ->
                                                                                         “application”                  Accept
DMJ-2      10          XZP       7.11.5    Second bullet                                 Delete third and remaining     Reject but in line 21 change "login"
                                                                                         sentences.                     to "authentication"
DMJ-2      11          XZP       7.11.5    Better Wording                                Ensure that protocols have     In lines 26-28: Ensure that
                                                                                         specific limits of scale       applications have specific limits of
                                                                                         placed on them                 scale placed on them, and ensure
                                                                                                                        that all failures in resource
                                                                                                                        allocation cause the application to
                                                                                                                        fail safely.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                     Page 37 of 60
Commenting template (Version 4)                                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                       Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DMJ-2      12          XZP       7.11.5    Better Wording                                Ensure that all failures in
                                                                                         resource allocation cause
                                                                                         the application to fail
                                                                                         gracefully and release the
                                                                                         resources allocated to it.
                                                                                                                       See above
DMJ-2      13          XZP       7.11.5    Add suggestion                                Ensure that applications      Reject
                                                                                         only hang onto resources
                                                                                         for the minimum amount of
                                                                                         time they are required.

DMJ-2      14          AMV       6.17.4    Better Wording                                “computer codes” ->
                                                                                         “program”                     "applications"
DMJ-2      15          AMV       6.17.4    Better Wording                                “of program -> “of a
                                                                                         program”                      accept
DMJ-2      16          AMV       6.17.4    Better Wording                                “offer safer” ->”offer less
                                                                                         error prone”                  Accept
DMJ-2      17          AMV       6.17.4    Second paragraph. Delete “, and the ability
                                           of code optimizers to do their jon”                                         Reject
DMJ-2      18          AMV       6.17.4    Paragraph after bullet list                   “produces” -> “may            Accept and correct sentence
                                                                                         produce”                      fragment




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                  Page 38 of 60
Commenting template (Version 4)                                                                                                             ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                       Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DMJ-2      19          AMV       6.17.5    Replace paragraph by                          This vulnerability description   This vulnerability description
                                                                                         applies to any programming       applies to any programming
                                                                                         languages that permits           language that permits multiple
                                                                                         multiple views of the same       interpretations of the same bit
                                                                                         bit pattern.                     pattern.

DMJ-2      20          AMV       6.17.6    Better Wording                                “computer codes” ->
                                                                                         “program”                        "applications"
DMJ-2      21          AMV       6.17.6    Second sentence, better wording               “unusual” -> “uncommon”
                                                                                                                          Reject
DMJ-2      22          AMV       6.17.6    Better Wording, second paragraph              “preferable” -> “suggested'
                                                                                                                          Reject
DMJ-2      23          AMV       6.17.6    Delete second sentence of third paragraph
                                                                                                                          Replace with, "It is easier to avoid
                                                                                                                          such operations when the
                                                                                                                          language clearly identifies them."
DMJ-2      24          AMV       6.17.6    Better Wording, third paragraph               A much more difficult
                                                                                         situation occurs when
                                                                                         pointers are used to achieve
                                                                                         type reinterpretation
                                                                                                                          Accept
DMJ-2      25          AMV       6.17.6    Better Wording, third paragraph last          Therefore it is important to
                                           sentence                                      explicitly comment the
                                                                                         source where intended
                                                                                         reinterpretations occur
                                                                                                                          Accept




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                       Page 39 of 60
Commenting template (Version 4)                                                                                                          ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                             2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

DMJ-2        26        AMV       6.17.7    Better Wording                                 Because the ability to
                                                                                          perform reinterpretation is
                                                                                          sometimes necessary, but
                                                                                          the need for it is not
                                                                                          common, programming
                                                                                          language designers might
                                                                                          consider giving caution
                                                                                          labels to operations that
                                                                                          permit reinterpretation      Reject but insert the word
                                                                                                                       "sometimes" before "necessary".
jb       1        TL   CCB       6.x.5     C' code example is not valid 'C' code. All     Add a better example that is Accept. Add enum to beginning of
                                           examples should be valid code if a             valid code.                  line 35 and change to "b=stop". Fix
                                           programming language is call out. Example                                   font of "c" in line 36 and change
                                           in this case should probably be valid C++ as                                "will" to "may".
                                           well.
jb       4        GE XYW         6.6.8     Is this a note to the editor or ?                                            Delete




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                   Page 40 of 60
Commenting template (Version 4)                                                                                                                ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                   2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                               Proposed new text            Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

JWM      1       TL    AMV       6.x.7     Language designers could address a serious            Add the following text:      Accept
                                           problem by offering appropriately checked             "Because of the difficulties
                                           union types. This would avoid the necessity           with undiscriminated unions,
                                           for programmers to synthesize those types             programming language
                                           using unsafe mechanisms.                              designers might consider
                                                                                                 offering union types that
                                                                                                 include distinct
                                                                                                 discriminants with
                                                                                                 appropriate enforcement of
                                                                                                 access to objects."



LDW      1       5     BQF       6.x.5     second sentence should read "an                       For instance, in many        AIP: Delete the word "statement"
                                           assignment operator" since the word                   languages the order of       from the current wording.
                                           operator refers to left- and right-hand side          evaluation of the operands
                                                                                                 appearing on the left- and
                                                                                                 right-hand side of an
                                                                                                 assignment operator is
                                                                                                 unspecified,…

LDW              5     AJN                 Section numbers need to be corrected (e.g.                                         Accept
                                           section "6.x.2" is "0.2", section "6.x.3" is "0.3",
                                           etc.)




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                               8/6/2012                                                                    Page 41 of 60
Commenting template (Version 4)                                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              5     BQF       6.x.5     Missing "the" in "either A or B operand"          For instance, while the        Accept. Add "the". Fix font to be
                                                                                             following assignment           like line 17.
                                                                                             statement contains
                                                                                             unspecified behavior in
                                                                                             many languages (I.e., it is
                                                                                             possible to evaluate either
                                                                                             the A or B operand first,

LDW              5     BQF       6.x.6     "behaviors" should be singular in "...allows a    ...allows a finite set of more Accept. Also, 6.8.6: correct
                                           finite set of more than one behaviors…"           than one behavior...           capitalization

LDW              3     BQF       6.x.7     Although the one bullet item in 6.x.7 does        By using constructs that       Insert new first bullet: "By using
                                           capture the essence of the solution, the          have defined behavior.         constructs that have specified
                                           proposed new text as a second bullet item is      Although even simple           behaviour". Keep existing text as
                                           likely a more practical expression of what a      constructs such as "A = B"     second bullet..
                                           developer should do.                              can have undefined
                                                                                             behavior, less complicated
                                                                                             code generally leads to
                                                                                             more defined behavior
                                                                                             since in less complicated
                                                                                             code, the order of
                                                                                             evaluation is less likely to
                                                                                             matter.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                              8/6/2012                                                                   Page 42 of 60
Commenting template (Version 4)                                                                                                             ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                          Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              5     BQF                 Uses the old template -- needs to be updated                                   Check for consistency of template.
                                           to reflect the new template (e.g. 6.x.5 should
                                           not be Interrupting the Failure Mechanism" --
                                           should be "Range of language characteristics
                                           considered"

LDW              3     BRS       6.x       The title of "Leveraging experience and          Switch back to                  Change title to "Leveraging
                                           expertise" is vague and doesn't capture the      "Maintainability" as the title. experience"
                                           content of BRS.
LDW              1     BVQ                 Need references for examples cited such as                                     Accept pending contribution from
                                           Microsoft Excel and the software developer                                     Clive
                                           who programmed the autopilot

LDW              5     BVQ                 Uses the old template -- needs to be updated                                   Check for consistency of template.
                                           to reflect the new template (e.g. 6.x.5 should                                 Add space to ISO 9001 in line 18 of
                                           not be Interrupting the Failure Mechanism" --                                  6.48.6. Change CMM to CMMI®
                                           should be "Range of language characteristics
                                           considered"

LDW              4     CCB       6.x.1     "thise" should be "these"                                                      Accept
LDW              4     CCB       6.x.5     Entries should be bulleted.                                                    Accept
LDW              4     CCB       6.x.5     Missing ")" at end of second paragraph                                         Accept
LDW              4     CCB       6.x.6     Missing word in "Use static analysis that        "Use static analysis tools    Accept
                                           detect…"                                         that detect…"
LDW              4     CCB       6.x.6     Last item should be bulleted                                                   Accept




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                     Page 43 of 60
Commenting template (Version 4)                                                                                                                  ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                     2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              4     CCB       6.x.7,    Remove template italized text                                                      Accept
                                 6.x.8
LDW              4     CLL       6.x.1     Needs to be on a new line                                                          AIP: Remove dangling text in
                                                                                                                              status
LDW              4     CLL       6.x.1     Remove "[Note from Tom: sounds exactly                                             Accept
                                           right to me]" at end of first paragraph

LDW                    CSJ       6.x.4     Expand the reasoning behind "The last is so       "The last is so specialized      "The last is so specialized and
                                           specialized that it will not be treated in this   and rarely used in practice      supported by so few languages
                                           description."                                     that it will not be treated in   that it will not be treated in this
                                                                                             this description."               description."

LDW              4     CSJ       6.x.4     Last sentence "This particular problem is         "This particular problem is      "This particular problem is
                                           described in SAM"                                 described in the Order of        described in the Order of
                                                                                             Evaluation section."             Evaluation section (SAM)."




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                             8/6/2012                                                                        Page 44 of 60
Commenting template (Version 4)                                                                                                          ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                             2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                          Proposed new text           Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              3     CSJ       6.x.5     First bullet -- don't all procedural languages   "Procedural languages"      AIP: delete the word "procedural".
                                           have by definition of procedural language the                                Change "value. This includes" to
                                           ability to define sub-programs and pass data                                 "values, including"
                                           to them?
LDW              4     DCM       6.x.1     Reference to XYK -- XYK is "pointer use after    Eliminate sentence.         Delete sentence. Also, correct
                                           free"                                                                        numbering of sub-sections.
LDW              4     EWD       6.x.1     "harder to maintainable"                         "harder to maintain"        Agree
LDW              3     EWD       6.x.7     There are some things that can be                Languages should            Add 6.41.7 with text: "Languages
                                           standardized in languages that can               encourage structured        should support and favor
                                           encourage structured programming.                programming through their   structured programming through
                                                                                            constructs to the extent    their constructs to the extent
                                                                                            possible.                   possible."

LDW              3     EWF       6.x.7     First bullet is vague -- doesn't answer to what "Ensuring that undefined    Agree
                                           language construct it is referring. Also        language constructs are not
                                           change the third entry to a bullet and fix the used."
                                           font.
LDW              5     EWF                 Uses the old template -- needs to be updated                                Check consistency of template
                                           to reflect the new template (e.g. 6.x.5 should
                                           not be Interrupting the Failure Mechanism" --
                                           should be "Range of language characteristics
                                           considered"




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                  Page 45 of 60
Commenting template (Version 4)                                                                                                      ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                         2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                          Proposed new text       Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              4     FAB       6.x.1     Description needs to be reworded to provide Some constructs in           Make this parallel to BQF.
                                           a better understanding of the vulnerability. computer languages are not
                                                                                        fully defined (see
                                                                                        Unspecified Behavior
                                                                                        section) and thus leave
                                                                                        compiler implementations to
                                                                                        decide how the construct
                                                                                        will operate. The behavior
                                                                                        of a program, whose source
                                                                                        code contains one or more
                                                                                        instances of constructs
                                                                                        having implementation-
                                                                                        defined behavior, can vary
                                                                                        when the source code is
                                                                                        recompiled or relinked.




LDW              5     FAB                 Uses the old template -- needs to be updated                             Check consistency of template
                                           to reflect the new template (e.g. 6.x.5 should
                                           not be Interrupting the Failure Mechanism" --
                                           should be "Range of language characteristics
                                           considered"




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                              Page 46 of 60
Commenting template (Version 4)                                                                                                              ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                 2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                            Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              4     FLC       6.1.4     Missing word in "Typically, conversion errors      Typically, numeric            Accept
                                           in data integrity issues, but may also result in   conversion errors result in
                                           safety and security vulnerabilities." Second       data integrity issues, but
                                           sentence is basically a repeat of the first        they may also lead to a
                                           sentence -- suggest combining.                     number of safety and
                                                                                              security issues.
LDW              4     FLC       6.1.6     The sentence "To protect against corruption        Eliminate sentence.           Accept
                                           of memory, integer values used in any of the
                                           following ways must be correct:" looks like it
                                           has been superseded by the following
                                           sentence.
LDW              3     GDL       6.x.6     Make a stronger statement that recursion           Avoid recursion except in    Insert new first bullet: "Minimize the
                                           should only be used extremely rarely or even       extremely rare occurrences use of recursion."
                                           not at all. The first statement is very good,      under tight restrictions. It
                                           but make the statement that it should be rare      can be very difficult to
                                           stronger.                                          implement in a safe and
                                                                                              secure manner.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                             8/6/2012                                                                       Page 47 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              4     HFC       6.x.1     Reword the first paragraph: "Define “access     The code produced for           Agree
                                           via a data pointer” to mean “fetch or store     access via a data or
                                           indirectly through that pointer”; define        function pointer requires
                                           “access via a function pointer” to mean         that the type of the pointer is
                                           “invocation indirectly through that pointer”.   appropriate for the data or
                                           The code produced for access via a pointer      function being accessed.
                                           requires that the type of the pointer is        Otherwise undefined
                                           appropriate for the data or function being      behavior can occur.
                                           accessed; otherwise undefined behavior can      Specifically, “access via a
                                           occur. (The detailed requirements for           data pointer” is defined to
                                           “appropriate” type vary among languages.)"      be “fetch or store indirectly
                                                                                           through that pointer” and
                                                                                           “access via a function
                                                                                           pointer” is defined to be
                                                                                           “invocation indirectly
                                                                                           through that pointer." The
                                                                                           detailed requirements for
                                                                                           what is meant by the
                                                                                           “appropriate” type varies
                                                                                           among languages.



LDW                    HFC       6.x.1     Comma needed after access: "Even if the         "Even if the type of the       Agree
                                           type of the pointer is appropriate for the      pointer is appropriate for the
                                           accesserroneous…"                               access, erroneous…"




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                   Page 48 of 60
Commenting template (Version 4)                                                                                                         ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                            2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text           Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              4     LAV       6.x.1     "Possible" misspelled in last sentence: "In     "In such cases it must be   Agree
                                           such cases it must be posisble…"                possible…"
LDW              4     LAV       6.x.6,    Items should be bulleted.                                                   Agreed.
                                 6.x.7
LDW              4     NMP       6.x.4     Reword: "Static analysis while can identify     "While static analysis can   Agree
                                           many problems early; heavy use of the pre-      identify many problems
                                           processor can limit the effectiveness of many   early, heavy use of the pre-
                                           static analysis tools."                         processor can limit the
                                                                                           effectiveness of many static
                                                                                           analysis tools."

LDW              4     NZN       6.x.6     Items should be bulleted.                                                   Reject
LDW              4     SAM       6.x.4     Need a period after the first sentence                                      Agreed




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                                Page 49 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text           Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              3     TEX       6.x.4     Second sentence is inconsistent with the first:   Readers of source code       Agree
                                           "Readers of source code often make                often make assumptions
                                           assumptions about what has been written. A        about what has been
                                           common assumption is that a loop control          written. A common
                                           variable is not modified in the body of its       assumption is that a loop
                                           associated loop (such variables are not           control variable is not
                                           usually modified in the body of a loop). A        modified in the body of its
                                           reader of the source may incorrectly assume       associated loop since such
                                           that a loop control variable is modified in the   variables are not usually
                                           body of its loop and write (incorrect) code       modified in the body of a
                                           based on this assumption."                        loop. A reader of the
                                                                                             source may incorrectly
                                                                                             assume that a loop control
                                                                                             variable is not modified in
                                                                                             the body of its loop and
                                                                                             write (incorrect) code based
                                                                                             on this assumption.


LDW              4     TEX       6.x.5     Items should be bulleted.                                                     Agree
LDW              5     TEX       All       Change from italic to regular                                                 Agree




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                                  Page 50 of 60
Commenting template (Version 4)                                                                                                                  ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                                     2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                             Proposed new text                Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW              3     TRJ       6.x.6      "Use only libraries written in-house and have      "Libraries written in-house      Replace last bullet with "Use only
                                            been developed with safety-critical                should be developed with         libraries known to have been
                                            requirements." -- Using only in-house              consistent interface             developed with consistent and
                                            libraries is a large requirement and is similar    requirements. For safety-        validated interface requirements."
                                            to expecting that someone only develop code        critical and security-critical   Also delete 2nd bullet item.
                                            using formal methods. Suggest that this be         code, use only libraries
                                            framed a little more for the general               written in-house."
                                            population.

LDW              5     YOW       6, 6.x.4   The concept: "Non-unique identifiers in the                                         In 6.34.4, lines 7-12, add a cross-
                                            same scope can also be introduced through                                           reference to AJN.
                                            the use of identifiers whose common
                                            substring exceeds the length of characters
                                            the implementation considers to be distinct.
                                            For example, in the following code fragment:"
                                            suggests that the title "Identifier name reuse"
                                            doesn't completely cover this vulnerability.
                                            Suggest changing the title of this vulnerability
                                            to "Identifiers." There is some overlap with
                                            AJN -- may want to consider modifying AJN
                                            to include this issue and eliminate it from
                                            YOW.



LDW-2          1 GT              1.5        Need to add subsection "How to use this                                             Assigned as an action item
                                            document"




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                              8/6/2012                                                                        Page 51 of 60
Commenting template (Version 4)                                                                                                    ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                       2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                            Proposed new text   Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW-2          2 GT              5         There are corresponding vulnerability                                  We decided that all of the
                                           descriptions (or sections) on some of these                            appropriate descriptions already
                                           topics such as unspecified behaviour or                                exist
                                           undefined behaviour. For consistency,
                                           maybe there should likely be corresponding
                                           sections on the others, or the vulnerability
                                           descri
LDW-2          3 GT              6         Need more of an intro, need to talk about the                          Assigned as an action item
                                           three letter unique identifier, the sections for
                                           the vulnerabilities, etc. -- much of this text
                                           could be drawn from the generic template.

LDW-2          4 GT              6/TOC     A flat presentation is given. It was decided at                        Move three-character codes to end
                                           the Pittsburgh meeting that this would be the                          of subtitle, enclosed in brackets.
                                           case. This makes the readers first                                     Put the descriptions in the same
                                           impression of the table of contents as                                 order as the outline.
                                           disorganized and lacking any organizational
                                           structure. Would suggest some better org

LDW-2          5 GT              Outline   Eliminate section "1. Human Factors." Move                             Remove empty categories, e.g E.4
                                           BRS to section 4, Documentation. Possibly                              Documentation
                                           rename "Documentation" as something like
                                           Capturing Knowledge. Alternatively could
                                                                                  one
                                           split BRS into a two or more documents –
                                           focusing on documentation and another fo




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                             8/6/2012                                                          Page 52 of 60
Commenting template (Version 4)                                                                                                   ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                      2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text   Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW-2          6 GT              Outline   Suggest new vulnerability for Section 7.1                             Move XZH Off-by-one-Error into
                                           Constants: need a vulnerability description                           E.13.2.
                                           for constants –likely obvious one is that one
                                           should use constants so they cannot be
                                           accidentally changed, use of function
                                           generations of sentinel values, etc. – need

LDW-2          7 GT              Outline   Suggest new vulnerability for Section 6 –                             Write a new vulnerability
                                           Characters and strings - talk about the lack of                       discussing C, C++, library routines
                                           a termination character for strings, strcpy vs.                       and POSIX. Also other language
                                           strncpy                                                               calls to these languages and
                                                                                                                 environments. It is the user's
                                                                                                                 responsibility to supply terminators
                                                                                                                 in inter-language calls. Also,
                                                                                                                 reading user input into fixed size
                                                                                                                 buffers. Also, using inappropriate
                                                                                                                 library routines. Larry took an
                                                                                                                 action item to write this.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                            Page 53 of 60
Commenting template (Version 4)                                                                                                   ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                      2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                           Proposed new text   Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

LDW-2          8 GT              Outline   Three sections in the outline: Section 8                              We decide to remove these items
                                           Objects, Section 14.6 Signals, and Section                            from the outline.
                                           15.1 Portable Code do not have any
                                           vulnerabilities associated with them. Surely
                                           there are some. New ideas for vulnerabilities
                                           for these sections are needed.

LDW-2          9 GT              Outline   Examine those items in 16 with the thought of                         No change
                                           putting them in other sections so as to get rid
                                           of the miscellaneous category/section. One
                                           suggestion is that Section 16.2 should be
                                           removed.

LDW-2        10 GT               Outline   The scope of OWGV has widened from the                                No change
                                           original thoughts of over a year ago. This is
                                           not a bad thing, but as a consequence we
                                           should revisit those vulnerabilities that were
                                           deemed to be outside of scope (those
                                           deemed "OUT") to see if they now fall within




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                          Page 54 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

TP       1       TL    XYI       6.x.5     Locking and unlocking is over-kill if the       All variables involved in     Reject. XYI is not part of the draft
                                           variable is thread-local or unaliased block-    switch statements should be TR.
                                           local.                                          thread-local, or unaliased
                                                                                           block-local, or locked before
                                                                                           the statement starts and are
                                                                                           unlocked when the
                                                                                           statement ends.

TP       2       E     XZB       6.x.1     I thought we had agreed to use the term         Globally replace "heap       Accept. Also change "POSIX
                                           "buffer overflow in heap" throughout; this is   overflow" with "buffer       malloc" to "malloc".
                                           reflected in the title of the topic. This       overflow in heap". Add one
                                           replacement should be made globally.            sentence: "Sometimes the
                                                                                           term 'heap overflow' is used
                                                                                           to designate this
                                                                                           vulnerability."

TP       3       E     XYW       all       I think Derek might have missed the meeting Revise XZB and XYW to             Reject. Ask Tom to provide specific
                                           where we addressed the CWE terminology          reflect our agreement re      comments.
                                           and how to fix it. My recollection is that we   CWE terminology.
                                           agreed to point out that they should change
                                           "stack overflow" to "buffer overflow in stack",
                                           and etc for "heap".




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                            8/6/2012                                                                    Page 55 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text               Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

TP       4       E     BQF       6.x.1     cut-and-paste error                            The external behavior of a      Accept : "is not fully predictable".
                                                                                          program, whose source           Change "recompiled or relinked" to
                                                                                          code contains one or more       "(re)compiled or (re)linked".
                                                                                          instances of constructs
                                                                                          having unspecified
                                                                                          behavior, when the source
                                                                                          code is recompiled or
                                                                                          relinked, is not predictable.

TP       5       TL    AJN       0.6       Do we know in advance that Win32 systems Phrase the requirement in a OBE
                                           do conform to 9945:2003 in this area of      less POSIX-centric fashion.
                                           filesystems?
TP       6       E     JCW       6.x.0                                                  Delete old note: "NEEDS        Remove old notes.
                                                                                        TO BE WRITTEN: Tom
                                                                                        Plum"
TP       7       TL    PLF       6.x.4     Even within IEEE 754 representations, there Add an appropriate              Add suggested text as the
                                           are different representations of the 128-bit sentence?                      penultimate sentence. In the final
                                           ("long double") formats.                                                    sentence, change "bit
TP       8       E     XZH       several   spelling                                     serrupticiously-               Accept
                                                                                        >surreptitiously, featurs-
                                                                                        >features, sentinal->sentinel
                                                                                        (x4), algrithm->algorithm, eg-
                                                                                        >e.g., comparisons-
                                                                                        >comparison, mistakes-
                                                                                        >mistake, [empty bullet],




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                      Page 56 of 60
Commenting template (Version 4)                                                                                                           ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                              2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                         Proposed new text             Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

TP       9       E     LAV       6.x.1     grammar                                         "All variables"->"Each         Agreed. Also, change "flavours" to
                                                                                           variable", "their type"->"its "variants".
                                                                                           type", "it/them"->"variables",
                                                                                           "it the defect"->"the defect"

TP       10      E     LAV       6.x.5     spelling                                        definied->defined           Agreed.
TP       11      TL    SYM       6.x.4     mention the new C++0x "concepts"; add to        Add a paragraph before      Agree
                                           Bibliography: * Douglas Gregor, Jaakko Jarvi,   "Similar confusion": The
                                           Jeremy Siek, Bjarne Stroustrup, Gabriel Dos     problems described in the
                                           Reis, Andrew Lumsdaine: Concepts:               two prior paragraphs can be
                                           Linguistic Support for Generic Programming      reduced by a language
                                           in C++                                          feature (such as the
                                           <http://www.research.att.com/~bs/oopsla06.p     "concepts" being designed
                                           df>. OOPSLA'06, October 2006. * Gabriel         for the C++ revision).
                                           Dos Reis and Bjarne Stroustrup: Specifying
                                           C++ Concepts
                                           <http://www.research.att.com/~bs/popl06.pdf
                                           >. POPL06. January 2006.

TP       12      TL    KOA       6.x.1                                                     "such as && for the bitwise   Agree
                                                                                           operator &, or vice versa"




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                          8/6/2012                                                                     Page 57 of 60
Commenting template (Version 4)                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                               2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                        Proposed new text              Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

TP       13      TH KOA          6.x.4     Let's assume that this sentence is correct: if ((a == b) | (c = (d-1))        Agree
                                           "There is no guarantee which of the two     [i.e., single vertical bar]
                                           subexpressions (a==b) or (c-(d-1)) will be
                                           executed first." Then the example should be
                                           changed to match that sentence.

TP       14      E     REU       6.x.0     Tom Plum finished his tasks here (I think) … "Tom Plum will provide" ->       Already cleaned up in draft TR.
                                                                                            "Tom Plum provided"; "Tom
                                                                                            will describe" -> "Tom
                                                                                            described"
TP       15      E     AMV       6.x.0     grammar                                          "Names was" -> "Name         Accept
                                                                                            was"
TP       16      E     AMV                                                                  change "character as an      Accept. "pointer as an integer"
                                                                                            integer" to something less
                                                                                            confusing
TP       17      E     OTR                 In C and C++, the callee cleans up the           [not sure yet]               Accept. In Line 39, does->do. Line
                                           callee's part of the stack, then returns to the                               40, will->could. Line 22, will -> may.
                                           caller, which cleans up the caller's part of the                              Line 40 (two place): stack or
                                           stack. So one of these vulnerabilities won't                                  memory may be corrupted.
                                           occur in C or C++, even though the others
                                           might.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                           8/6/2012                                                                       Page 58 of 60
Commenting template (Version 4)                                                                                                ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                   2003-07-17



Comm Com Cat Vulner Subsecti Comment and rationale                                Proposed new text          Disposition of comment
entor's ment ego ability on
Initials #     ry Code
              (se
                e
              the
              cat
             ego
               ry
             tab)

TP       999     E                         Reviewed without comment:                                         Not a comment
                                           YOW,XYR,XYK,DCM,NAI,XYZ,TEX,FAB,EW
                                           F,EWD,EOJ,NYY,CLL,HFC,MTW,SAM,BRS,
                                           XZI,STR,XYL,CCB,MEM,XYY,GDL,FLC,XYP,
                                           BVQ,XYQ,IHN,NZN,IHN,
                       IHN                 **Excellent write-up                                              Fix font in lines 14-16 and 34-35.

                                 6.x.6     **Needs work                           Reliance on a particular     Not a comment
                                                                                  data layout can be tempting,
                                                                                  but different
                                                                                  implementations can cause
                                                                                  data layouts to change.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                  8/6/2012                                                                 Page 59 of 60
Categories                                                                                                                            ISO/IEC JTC 1/SC 7/WG 7 N0727
                                                                                                                                                          2003-07-17



Comments
Impact rank             Category code         Category title
    1                       GT                General Technical
    2                       TH                Technical High (major)
    3                       TL                Technical Low (minor)
    4                       GE                General Editorial
    5                       E                 Editorial

General Technical
Covers a Technical problem that exists in many places throughout the document. The many occurrences make this the highest impact category. It is preferable
to use specific individual references to each case instead of this category if at all possible.

Technical High
Major technical problems. Proposed replacement text is mandatory.

Technical Low
Minor problems. These problems are often of a more significant nature than a simple editorial change. Proposed new text is mandatory.
General Editorial
Covers an Editorial problem that exists in many places throughout the document. For example, correct spelling from “organisation” to “organization” for all
occurrences. It is preferable to use specific individual references to each case instead of this category if at all possible.
Editorial
Covers grammar, missing or duplicated text, missing or incorrect cross-references, incorrect numbering, spelling and punctuation problems. These are all
matters that should be able to be resolved offline by the Project Editor. Terminology changes are not Editorial. Proposed new text is requested to facilitate
document updating.




bf567274-7730-4b6f-b440-f685a7cedbdf.xls                                        8/6/2012                                                                      Page 60 of 60

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:8/7/2012
language:
pages:60