I am new to this list.
Skip suggested that I join.
I convene ISO/IEC/JTC1SC22/WG23 Programming Languages Working Group. We produce
a suite of international technical reports that document vulnerabilities in
programming that can lead to serious safety and security breaches.
We published TR 24772 "Guidance to avoiding programming language
vulnerabilities through language selection and use" in 2010 and again in 2013.
Edition one was a language independent look at such vulnerabilities. Edition
two added new vulnerabilities plus language specific annexes for Ada, C,
Python, PHP, Ruby, and Spark.
For this round, we have split the document into parts and are publishing the
language specific parts separately. We have added a few new vulnerabilities,
mostly associated with concurrency and object orientation for this iteration.
We target the team lead that guides and writes coding standards for an
organization, as opposed to the general programmer.
We plan to ballot and publish in 2018 TR 24772-1, the language independent
Part, as well as -2 Ada, -3 C, -4 Python and -8 Fortran.
Our Python Part needs completion to address the new vulnerabilities documented.
We want to do justice to all languages that we work with. We need experts to
help us complete the document, and then to review it. I have had initial
conversations with one expert. We hope for a bit more if possible. I
If interested, please contact me as listed below.
Our document list is at www.open-std.org/JTC1/sc22/wg23.
Thank you.
Stephen Michell
Maurya Software
stephen dot michell at maurya dot on dot ca
Phone: 1-613-299-9047
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
