ISO/IEC TR 24772-1:2019 编程语言 避免编程语言弱点的指南 第1部分：语言独立的指南

标准编号：ISO/IEC TR 24772-1:2019

中文名称：编程语言 避免编程语言弱点的指南 第1部分：语言独立的指南

英文名称：Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance

发布日期：2019-12

标准范围

本文件规定了在安全、安全、任务关键型和业务关键型软件需要有保证的行为的系统开发中应避免的软件编程语言漏洞。ISO/IEC 24772系列的其他部分提供了这些漏洞的特定语言描述。它适用于为任何应用程序开发、审查或维护的软件。本文档不涉及软件工程和管理问题，例如如何设计和实现程序、使用配置管理工具、使用管理过程以及执行过程改进。此外，没有处理要保证的特性和应用的规格。漏洞以适用于多种编程语言的通用方式进行描述。

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series.
It is applicable to the software developed, reviewed, or maintained for any application.
This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated.
Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

标准预览图