Document ISO/IEC/JTC 1/SC 22/WG 23 N0786

Draft Minutes Meeting #53
ISO/IEC JTC 1/SC 22/WG23
26-27 April 2018


Meeting Location :
Red Hat Software
Brno, Czech Republic



Agenda

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell
Erhard Ploedereder
Clive Pygott
Paul Preney
David Keaton

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes of meeting 52 (N0773)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

Add to 44-08 to contact ASTM International (www.astm.org) w.r.t. unmanned air


#41-14 (Gernerics and Templates) Closed, Defer to #47-05 (on Hubert)


#44-08 (Letters to..) waiting on Stephen


#47-08 (Standard advice to lang designers) no progress on my part


#48-05 (TR-1 clause 7 review) I presume we'll do this as part of the mtg.


#52-03, #52-04  Revised TR-1 document will follow shortly


#52-05 (Clock Issues) waiting on Stephen


#52-06 (Reading TR-2) on my "next to do" list - with luck, I'll be done

by Friday a.m.


#52-09 (ODE rule in C) I just sent my answer


#52-10 (Python Annex) no progress by me (still have an idea which will

need > 6 months and will be risky, but have not found the time yet to

act on it)

1.6 Approval of Agenda

1.7 Future Meeting Schedule


2019





#65

Oct/ Nov 2019

Belfast, North Ireland with WG 21(?)


#64

22-23 August 2019

Seoul, Korea with SC 22


#63

TBD June 2019

WG 21, Cologne, Germany (?)


#62

TBD May 2019

Teleconference


#61

TBD April 2019

With WG 21


#60

TBD March 2019

Teleconference

#59

21-22 January 2019

Phoenix, AZ


2018

#58

8-9 Nov 2018

San Diego, CA with WG 21


#57

12-14/09/18

Toronto, Ontario, Canada with SC 22


#56

16 July 2018 160-1800 EDT

WebEx, to push documents towards ballot (parts 1, 2 and 3).


#55

6-7/06/18

With WG 21, Rapperswil, Switzerland, with WG 21


#54

14/05/18

Teleconference


#53

26-27 April 2018

Brno Chez Republic with WG 14















Liaison Activities

52.2.1 PL22.3/WG5 (Fortran) Gary Klimowicz

51.2.2 WG4 (COBOL)

52.2.3 WG9 (Ada) Erhard Ploedereder

52.2.4 PL22.11/WG14 C Clive Pygott

52.2.5 PL22.16/WG21 (C++) Michael Wong

52.2.6 MISRA C Clive Pygott

52.2.7 MISRA (C++) Clive Pygott

52.2.8 SPARK Joyce Tokar

52.2.9 Other Liaison Activities or National body reports

52.3. Document Review

52.3.1 TR 24772-1 Vulnerabilities, language independent (N0778)

We discuss N0778, N0783 and N0784 (783 and 784 are deltas from 778). The results of the discussion are found in N0786. The following AI’s were created.

AI 53-2 Clive , paul - In TR24772-1 clause 6.40 Templates and generics, consider how C++ Concepts affects this writeup. Consider creating a TR24772-(C++) clause 7 entry for Concepts that identifies any new vulnerability specific to C++

AI – 53-1 Stephen – Fix references and links in TR 24772-1

AI – 53-3 Erhard, Paul – TR24772-1 clause 6.43.5 and 6.44, develop clearer wording about consistent implementations across converging classes.

AI 53-4 Steve TR24772-1 clause 7.5.4, summarize CWE 604 and check the footnote to 7.5.4 for accuracy

AI 53-5 Steve, Paul, TR24772-1 clause 7.7.4 about SQL injection, develop wording for a recommendation to use a stored procedure.

AI 53-6 Paul TR24772-1 clause 7.13.4 on throttling system designs to stop DoS attacks, provide a write-up

AI 53-7 Stephen TR24772-1 clause 7.16, change “password” to credentials in subsection and rework to suit.

AI 53-8 Stephen TR24772-1 clause 7.33.3, make writeup follow “casting” 6.44 (i.e. no subtitles”



52.3.2 TR 24772-2 Ada language specific part

In 6.3.2, We discuss the appropriateness of guidance on atomic_components is in the right place. We may need additional wording in part 1 (or move the guidance to 6.61

The results of the Part 2 review

52.3.3 TR 24772-3 C language specific part, Document N0764

52.3.4 TR 24772-4 Python language specific part

52.3.5 TR 24772-8 Fortran

3.6 TR 24772-9 C++

3.7 Spark

3.8 Potential TR24772 Guidance on avoiding Programming Vulnerabilities – IS



4 Review of Assignment of responsibilities

AI – 53-1 Stephen – Fix references and links in TR 24772-1

AI 53-2 Clive , paul - In TR24772-1 clause 6.40 Templates and generics, consider how C++ Concepts affects this writeup. Consider creating a new vulnerability.

AI – 53-3 Erhard, Paul – TR24772-1 clause 6.43.5 and 6.44, develop clearer wording about consistent implementations across converging classes.

AI 53-4 Steve TR24772-1 clause 7.5.4, summarize CWE 604 and check the footnote to 7.5.4 for accuracy

AI 53-5 Steve, Paul, TR24772-1 clause 7.7.4 about SQL injection, develop wording for a recommendation to use a stored procedure.

AI 53-6 Paul TR24772-1 clause 7.13.4 on throttling system designs to stop DoS attacks, provide a write-up

AI 53-7 Stephen TR24772-1 clause 7.16, change “password” to credentials in subsection and rework to suit.

AI 53-8 Stephen TR24772-1 clause 7.33.3, make writeup follow “casting” 6.44 (i.e. no subtitles”

5 Resolutions and Action Items



6. Adjournment