标准编号:ISO/IEC TR 24772-1:2019
中文名称:编程语言 避免编程语言弱点的指南 第1部分:语言独立的指南
英文名称:Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance
发布日期:2019-12
标准范围
This document specifies software programming language vulnerabilities to be avoided in the
development of systems where assured behaviour is required for security, safety, mission-critical and
business-critical software. Language-specific descriptions of these vulnerabilities are provided in
other parts of the ISO/IEC 24772 series.
It is applicable to the software developed, reviewed, or maintained for any application.
This document does not address software engineering and management issues such as how to design
and implement programs, use configuration management tools, use managerial processes, and perform
process improvement. Furthermore, the specification of properties and applications to be assured are
not treated.
Vulnerabilities are described in a generic manner that is applicable to a broad range of programming
languages.
标准预览图
立即下载标准文件