标准摘要
[中文适用范围]: 本技术报告详细说明了在开发需要确保安全性、安保性、任务关键型和业务关键型软件的系统时应避免的软件编程语言漏洞。一般而言,本指南适用于为任何应用程序开发、审查或维护的软件。漏洞描述采用通用方式,适用于多种编程语言。 [外文原描述]: ISO/IEC TR 24772:2013 specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.
英文名称Information technology - Programming languages - Guidance to avoiding vulnerabilities in programming languages through language selection and use