C/C++ Standards

1. It is worth to check the C and C++ standard updates regarding the new and obsolete features, the future trend and getting the standard references. The following paragraphs give brief information about C, C++ and other related standards. For full information please visit their websites.

2. The ISO/IEC (International Organization for Standardization/ The International Electrotechnical Commission) Programming languages, their environments and system software interfaces documentation can be obtained at ISO/IEC Programming Language Standard Documentation. The related documentations are:

   ISO/IEC 9899:1999 - C.

   ISO/IEC 14882:2003 - C++.

   ISO/IEC 9945-1:2003 - POSIX, Part 1.

   ISO/IEC 9945-2:2003 - POSIX, Part 2.

   ISO/IEC 9945-3:2003 - POSIX, Part 3.

   ISO/IEC 9945-4:2003 - POSIX, Part 4.

   ISO/IEC 23270:2003 - C#.

3. Freely Available Standards ISO/IEC Standard can be found at iso.org.

4. Take note that the C# standard is available in ISO/IEC but not Java (Sun Microsystems). WG was standardization Working Group of the SC which is a SubCommittee of the JTC1, a Joint Technical Committee of ISO and IEC. SC22 (SubCommittee 22) is the international standardization subcommittee for programming languages, their environments and system software interfaces. Their web site is available at Open Standard. It is worth to visit the site for latest updates and the obsolete items of the standards. For C, C++ and POSIX WG information is summarized as follows:

   1. JTC1/SC22/WG14 is the international standardization working group for the C programming language. Embedded C also included under WG14. JTC1/SC22/WG21 is the international standardization working group for the C++ programming language.

   2. POSIX was under WG15 but this working group was already disbanded in September 2004. POSIX is an Operating System interface standardized by ISO/IEC, IEEE and The Open Group. A POSIX Advisory Group (PAG) was formed to take over some of the activities of WG15. WG15 is liaised by The Open Group (X/Open). The latest specification, A Single UNIX Specification Version 3 is available HERE.

   3. This standard incorporating the IEEE Std 1003.1 and ISO/IEC 9945 and integrating the industry's Open Systems standards. ISO/IEC 9945 consists of the following parts (The ISO/IEC codes shown above), under the general title: Information technology Portable Operating System Interface (POSIX®):

      1. Part 1: Base Definitions.

      2. Part 2: System Interfaces.

      3. Part 3: Shell and Utilities.

      4. Part 4: Rationale.

5. The GNU C Library can be obtained GNU.ORG. ANSI (American National Standards Institute) C and C++ are covered by the ISO/IEC standards and they are more general.

6. Though the performances of C and C++ still considered 'critical', the current unsecured standard C and C++ functions (libraries) such as string manipulations generated many vulnerabilities for decades. Many C and C++ implementations depend on the programmers side to make it secure. Rather than designing new C/C++ libraries from scratch, typical steps taken just doing the patches to the libraries. You can find Secure C and C++ standards published by CERT.ORG: CERT C Programming Language Secure Coding Standard and CERT C++ Programming Language Secure Coding Standard. You can download many pdf docs from their publication and presentation page.

7. Other resource related to C & C++ Secure coding can be found aitcnet.org. You may want to try a certification of secure coding, Secure Programming Skills Assessment (SPSA) at SANS.

8. Before the new C++ standard will be gazetted, Microsoft has already proposed and approved by ECMA (ECMA-372) and then ISO for its C++/CLI standard. This C++/CLI is implemented in the .NET programming language family, the C++ .NET and it is a Microsoft extension to the C++ (and also an extension to ISO C++ as well). You can download and read the C++/CLI design rationale by Herb Sutter. Some arguments from UK for this C++/CLI standardization can be found here and the response by ECMA to the arguments can be found here.

9. In the meantime the C++ creator, Dr. Bjarne Stroustrup, is proposing a new C++ standard dubbed as C++09 (supposed to be published in 2009) implementing new features and extensions. Watch Bjarne Stroustrup interview video at Waterloo University's computer science club.