WG 14 Document: N 1590
G3 New Work
Item Proposal
March 2007
PROPOSAL FOR A NEW WORK
ITEM
Date of presentation of
proposal: |
Proposer: ISO/IEC JTC 1/SC 22/WG 14 |
Secretariat: |
ISO/IEC JTC 1 N XXXX
|
A proposal for a new work
item shall be submitted to the secretariat of the ISO/IEC joint
technical committee concerned with a copy to the ISO Central
Secretariat.
Presentation of the proposal - to be
completed by the proposer.
Title Information Technology — Programming languages, their environments and system software interfaces — C Secure Coding Rules |
Scope This Technical Specification will specify a set of secure coding rules for the C Programming Language. Each rule will contain:
This International Standard will not specify:
|
Purpose and justification An important part of secure coding in any programming language is a set of well-documented and enforceable coding rules. The rules specified in this Technical Specification will apply only to the C Programming Language. These rules are intended to apply to analyzers, including static and/or dynamic tools, and C language compilers that diagnose insecure code beyond the requirements of the current ISO C language standard. All rules are meant to be enforceable by some type of a static analysis tool. |
Programme of work |
Relevant documents to be considered
|
Co-operation and liaison Liaison with ISO/IEC JTC 1/SC 22/WG 23 (Programming Language Vulnerabilities) |
Preparatory work offered with target date(s) A preliminary working draft is circulated with this New Work Item Proposal |
Signature: |
Will the service of a
maintenance agency or registration authority be required?
........No..............
Are there any known accessibility requirements and/or dependencies (see: http://www.jtc1access.org)?........No............ -If yes, please specify on a separate page
Are there any known requirements for cultural and linguistic adaptability?.........No.................. -If yes, please specify on a separate page |
Comments and recommendations
of the JTC 1 or SC XXSecretariat - attach a separate page as an
annex, if necessary
Comments with respect to
the proposal in general, and recommendations thereon: |
Voting on the proposal -
Each P-member of the ISO/IEC joint technical committee has an
obligation to vote within the time limits laid down (normally three
months after the date of circulation).
Date of circulation:
|
Closing date for voting:
|
Signature of Secretary: |
NEW WORK ITEM PROPOSAL
- |
|
|
Criterion |
Validity |
Explanation |
A. Business Requirement |
|
|
A.1 Market Requirement |
Essential _X__ |
An essential element of secure coding in the C programming language is a set of well-documented and enforceable coding rules. |
B. Related Work |
|
|
B.1 Completion/Maintenance of current standards |
Yes ___ |
|
B.2 Commitment to other organization |
Yes ___ |
|
B.3 Other Source of standards |
Yes ___ |
|
C. Technical Status |
|
|
C.1 Mature Technology |
Yes ___ |
The immaturity of the technology is the reasoning behind requesting a TS. |
C.2 Prospective Technology |
Yes ___ |
|
C.3 Models/Tools |
Yes ___ |
|
D. Conformity Assessment and Interoperability |
|
|
D.1 Conformity Assessment |
Yes ___ |
|
D.2 Interoperability |
Yes ___ |
|
E. Adaptability to Culture, Language, Human Functioning and Context of Use |
|
|
E.1 Cultural and Linguistic Adaptability |
Yes
___ |
We believe the technology being developed for the secure coding rules will support cultural and linguistic adaptability. |
E.2 Adaptability to Human Functioning and Context of Use |
Yes
___ |
|
F. Other Justification |
|
|
Notes to Proforma
A.
Business Relevance.
That which identifies market place relevance in terms of what problem
is being solved and or need being addressed.
A.1 Market
Requirement. When submitting a NP, the proposer shall identify
the nature of the Market Requirement, assessing the extent to which
it is essential, desirable or merely supportive of some other
project.
A.2 Technical Regulation. If a Regulatory
requirement is deemed to exist - e.g. for an area of public
concern e.g. Information Security, Data protection, potentially
leading to regulatory/public interest action based on the use of this
voluntary international standard - the proposer shall identify this
here.
B. Related Work. Aspects of the
relationship of this NP to other areas of standardisation work shall
be identified in this section.
B.1 Competition/Maintenance.
If this NP is concerned with completing or maintaining existing
standards, those concerned shall be identified here.
B.2
External Commitment. Groups, bodies, or for a external to JTC 1
to which a commitment has been made by JTC for Co-operation and or
collaboration on this NP shall be identified here.
B.3
External Std/Specification. If other activities creating
standards or specifications in this topic area are known to exist or
be planned, and which might be available to JTC 1 as PAS, they shall
be identified here.
C. Technical Status.
The proposer shall indicate here an assessment of the extent to which
the proposed standard is supported by current technology.
C.1
Mature Technology. Indicate here the extent to which the
technology is reasonably stable and ripe for standardisation.
C.2
Prospective Technology. If the NP is anticipatory in nature
based on expected or forecasted need, this shall be indicated
here.
C.3 Models/Tools. If the NP relates to the
creation of supportive reference models or tools, this shall be
indicated here.
D. Conformity Assessment and
Interoperability Any other aspects of background
information justifying this NP shall be indicated here.
D.1
Indicate here if Conformity Assessment is relevant to your project.
If so, indicate how it is addressed in your project plan.
D.2
Indicate here if Interoperability is relevant to your project.
If so, indicate how it is addressed in your project plan
E.
Adaptability to Culture, Language, Human Functioning and Context of
Use
NOTE: The following criteria
do not mandate any feature for adaptability to culture, language,
human functioning or context of use. The following criteria require
that if any features are provided for adapting to culture, language,
human functioning or context of use by the new Work Item proposal,
then the proposer is required to identify these features.
E.1
Cultural and Linguistic Adaptability.
Indicate here if cultural and natural language adaptability is
applicable to your project. If so, indicate how it is addressed in
your project plan.
ISO/IEC TR 19764 (Guidelines, methodology,
and reference criteria for cultural and linguistic adaptability in
information technology products) now defines it in a simplified way:
- "ability for a product, while keeping
its portability and interoperability properties, to:
- be
internationalized, that is, be adapted to the special characteristics
of natural languages and the commonly accepted rules for their se, or
of cultures in a given geographical region;
- take into account
the usual needs of any category of users, with the exception of
specific needs related to physical constraints
Examples of characteristics of natural
languages are: national characters and associated elements (such as
hyphens, dashes, and punctuation marks), writing systems, correct
transformation of characters, dates and measures, sorting and
searching rules, coding of national entities (such as country and
currency codes), presentation of telephone numbers and keyboard
layouts. Related terms are localization, jurisdiction and
multilingualism.
E.2
Adaptability to Human Functioning and Context of Use.
Indicate here whether the proposed standard takes into account
diverse human functioning and diverse contexts of use. If so,
indicate how it is addressed in your project plan.
NOTE:
1.
Human functioning is defined by the World Health Organization at
http://www3.who.int/icf/beginners/bg.pdf
as: << In ICF (International Classification of Functioning,
Disability and Health), the term functioning refers to all body
functions, activities and participation. >>
2. Content of
use is defined in ISO 9241-11:1998 (Ergonomic requirements for office
work with visual display terminals (VDTs) Part 11: Guidance on
usability) as: << Users, tasks, equipment (hardware, software
and materials), and the physical and societal environments in which a
product is used.>>
3. Guidance for Standard Developers to
address the needs of older persons and persons with disabilities).
F. Other Justification Any other
aspects of background information justifying this NP shall be
indicated here.