ISO/IEC JTC 1/SC 22/WG 23 N0153
Minutes:
Meeting #9 of ISO/IEC JTC 1/SC 22/WG 23 (Programming Language Vulnerabilities)
29 September to 01 October, 2008

These minutes were approved at Meeting #10, 15 April 2009


Meeting Times:

29 September 2008: 09:00 to 12:00 and 13:30 to 17:00
30 September 2008: 09:00 to 12:00 and 13:30 to 17:00
01 October 2008: 09:00 to 12:00

Meeting Location:

University of Stuttgart
Universitaetsstr. 38
Room 1.212
Stuttgart, DE

Meeting Logistics:

Meeting place is University of Stuttgart, Universitaetsstr. 38, Room 1.212, Stuttgart. The campus is in a suburb called Vaihingen (do not use this name unfiltered for navigation; you'll end up in the wrong place).

Closest airport is STR (Stuttgart). From the US, direct flights on Delta go there from Atlanta, everything else from the US connects somewhere. From within Europe, STR is your choice. The meeting place is a 15 minutes metro-ride from the airport.

The other decent airport is FRA (Frankfurt). It connects by high-speed train to Stuttgart. Some trains even count as flights and are sold by Lufthansa. (If not cheaply added, this leg is better paid directly to the train system, since not all trains are flights and you do not need reservations. The regular one-way fare is 54 Euro, 2.Class.) The trains run every 30-60 minutes depending on time-of-day. The ride takes about 70 minutes; the main train-station in Stuttgart is 12 minutes metro-ride to the meeting place. Flights connecting thru Frankfurt may have a long connect time; there just are not many flights because of the trains.

Host:

University of Stuttgart
Germany

Host Contact information:

Erhard Ploedereder

Agenda

1. Opening activities

1.1 Opening Comments (Ploedereder, Benito)

The meeting was convened by John Benito at 9:19. Our host, Erhard Ploedereder, described the meeting facilities.

1.2 Introduction of Participants/Roll Call

The following persons attended the meeting:

1.3 Procedures for this Meeting (Benito)

This is the first meeting of WG23 (see 2.1). The change in the status of the group requires some greater formality. For example, it will be necessary for national bodies to send in delegation lists.

We agreed to move all of the existing documents to WG23 with the same document numbers and to continue numbering the meetings in the same series of numbers. The Secretary will implement appropriate changes in the website.

1.4 Approval of previous Minutes [N0128] (Moore)

[For information: N0136 summarizes the Results of OWGV Editorial Meeting, 30 June to 02 July 2008 [dir] [zip]

The minutes of meeting #8 were approved.

1.5 Review of previous actions items and resolutions, Action Item and Decision Logs

The action item log was reviewed and updated.

1.6 Approval of Agenda [N0147]

The agenda was approved with changes. They are marked in place in red.

1.7 Information on Future Meetings

1.7.1 Future Meeting Schedule

This discussion was postponed to the end of the meeting so that the up-to-date status of the document could be considered. The plan is to meet with SC22 in Delft, Netherlands. Italy and Canada have volunteered to host meetings. Possibilities in Canada include Banff, Calgary, Ottawa and Toronto.

The following schedule was decided:

1.7.2 Future Agenda Items
1.7.3 Future Mailings

2. Reports on Liaison Activities

2.1 SC 22

N0137 2008-07-29   Business Plan and Convener's Report, ISO/IEC JTC 1/SC 22/OWG:Vulnerability, 2008-07-11, contributed by John Benito [pdf]

John Benito reported: In the resolutions [N0154] from its recent plenary meeting, SC22 approved the creation of WG23, Programming Language Vulnerabilities, to take up the work of the OWGV. John Benito was named as convener. There will be a call for additional countries to participate in the WG:

Resolution 08-03: Establishment of JTC 1/SC 22/WG 23, Programming Language Vulnerabilities

JTC 1/SC 22, noting that

  • the JTC 1/SC 22 Other Working Group on Vulnerabilities (OWG-V) has been in existence since 2006; and
  • OWG-V is responsible for the development and maintenance of ISO/IEC TR 24772, Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use

establishes JTC 1/SC 22/WG 23, Programming Language Vulnerabilities.

JTC 1/SC 22 appoints Mr. John Benito (US) as Convener.

The scope of this Working Group is to address any issues related to programming language vulnerabilities. Development and maintenance of ISO/IEC TR 24772, Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, is assigned to this Working Group.

The following JTC 1/SC 22 members have agreed to participate in this Working Group: Canada, Italy, Japan, the Netherlands, the United Kingdom and the United States. JTC 1/SC 22 instructs its Secretary to issue a three-month call for additional members.

Liaisons established between the former OWG-V and any other Working Groups and organizations shall be carried forward.

The title of the document was changed accordingly in the Programme of Work to Programming Language Vulnerabilities.

SC22 has a new chair, Rex Jaeschke. WG21 (C++) has a new convener, P J Plaugher.

A representative of the Ruby community attended the SC22 plenary as a part of the Japanese delegation. He may join WG23.

The convener of WG17 (Prolog) has asked to be added as the WG17 liaison to OWGV.

2.2 J3/WG5 (Fortran)

Dan Nagle reported: The recent meeting of J3 reviewed his draft of a Fortran annex [N0145] for two hours. The Fortran standard editor was unable to attend the review and provided comments [N0149] although lacking the background provided by the review. The committee seems generally supportive of the annex. Some vendors are concerned that they might have to detect additional conditions at compile-time; this can be viewed as an advantage or a disadvantage.

Nagle will report to WG5 and hopes to get a supportive resolution from their meeting in November. WG23 may have to be very tactful in describing recommendations for improvement to the language.

Erhard suggested that each language-specific annex should explain the language-specific terminology related to the general terminology described in the body of the TR. We should add this to the template.

2.3 J4/WG4 (COBOL)

No report

2.4 WG9 (Ada)

N0140 2008-07-29   Presentation made by Jim Moore to ISO/IEC JTC 1/SC 22/WG 9 with slide added to record discussion [pdf], 2006-08

Moore reported on the results of discussions with WG9 following his presentation in June 2008. (The discussion is summarized on the final page of [N0140].) Erhard Ploedereder emphasized the point that WG9 is concerned that adding language-specific annexes late in the process will run up against reluctance to chance the main body of the TR accordingly. After discussing the issue: WG23 resolved that all comments resulting from the PDTR ballot will be carefully considered and comments will not be rejected solely on the grounds that the existing text is "insufficiently wrong". WG23 will welcome drafts of language-specific annexes, as well as comments on the body resulting from drafting of the annexes, prepared during the PDTR ballot and thereafter as the document moves through technical balloting at the SC22 level.

2.5 J11/WG14 (C)

John Benito reported: WG14's current documents are in the final stages of approval; they have no open defects; and all of the WGs effort is being focused on their language revision. The biggest change is a memory model that supports concurrency. We anticipate that WG14 will draft a language-specific annex but, perhaps, not as quickly as the Fortran and Ada working groups.

2.6 J16/WG21 (C++)

John Benito reported: WG21 voted out a draft at their recent meeting; it will go to CD ballot shortly. It is a huge document containing many additions to the language. They have adopted all of the C99 changes as well as one of the Technical Reports on extended character types. They pulled back two work items for TRs because of heavy workload.

Derek Jones pointed out that because we don't have object-oriented vulnerablities, it is likely, at the moment, that the language-specific annex for C++ will look a lot like the C annex.

2.7 ECMA TC39/TG2 (C#)

No report

2.8 MISRA (C)

Clive Pygott reported: This group is now looking at C99 as a possible basis for MISRA C version 3.

2.9 MISRA (C++)

MISRA C++ was published. There is a forum for collecting comments from users.

2.10 SPARK

No report, but Praxis Critical Systems has indicated interest in contributing an annex.

2.11 MDC (MUMPS)

No report

2.12 SC7/WG19 (UML)

No report

2.13 Other Liaison Activities or National body reports

N0139 2008-07-29   Presentation made by John Benito to Military & Aerospace Electronics Forum [pdf], 2008-04 

There was interest in the presentation and in encouraging tool vendors to take up the work.

3. Document Review 

3.1 Editor's draft of PDTR 24772

N0138 2008-08-20 Replaces [N0134] Editor's draft of PDTR 24772, prepared by John Benito [pdf]. Spreadsheet for providing comments [xls].

N0146 2008-09-10 References [N0138] Consolidated comments on [N0138], as of the date issued. It includes comments from Jones and Pygott. [xls]

The agenda was changed to substitute a later consolidation of the comments [N0148].

All of the comments were considered in the meeting. Their disposition is recorded in [N0159]. In some cases, dispositions are recorded in other documents as noted below.

3.2 New vulnerability descriptions

N0143 2008-08-26   New Vulnerability Descriptions Proposed by J3 (Fortran), contributed by Dan Nagle [doc, pdf]

[N0143] was revised and logged as [N0164] with the following results:

Note that new descriptions will not be incorporated into the draft for the first PDTR ballot because they are not yet mature. They will be considered again at the December editor's telecon.

The agenda was changed to add Larry Wagoner's proposed rewrites of section 6.18 [N0150], section 7.10 [N0151], and section 7.13 [N0152].

[N0150] was revised as [N0158] and accepted as a rewrite of 6.18. [N0151] was revised as [N0162] and accepted as a rewrite of 7.10. [N0152] was revised as [N0163] and accepted as a rewrite of 7.13. These will appear in the draft for the first PDTR ballot.

3.3 Language specific annexes

N0145 2008-09-05   Draft of language-specific annex for Fortran, contributed by Dan Nagle [txt]
N0144 2008-09-05   Proposed template for language specific annexes, contributed by Larry Wagoner [doc]

The agenda was changed to add [N0149], comments on [N0145] from the editor of the Fortran standard.

[N0144] was revised and logged as [N0165].

ACTION: Dan will revise his proposal [N0145] to deal with comments from the Fortran editor [N0149] and the revised template for language-specific annexes [N0165] and will submit it to WG5. Ultimately, it will be sent back to us for inclusion in the TR.

ACTION: John and Dan will collaborate on a description of the logistics for handing annexes back and forth and dealing with comments with the goal that the language committee retains control over the technical content.

3.4 Documents received during meeting

The agenda was changed to consider -- as time permits -- contributions received during the course of the meeting.

N0155 2008-09-30   Proposed vulnerability description "Concurrency [CGW]," contributed by Steve Michell
N0156 2008-09-30   Proposed revision of "6.20 Buffer Overflow [XZB]," contributed by Erhard Ploedereder
N0157 2008-09-30   Proposed revision of "6.17 Unchecked Pointer Arithmetic in Buffer Access (XYX)", contributed by Erhard Ploedereder

[N0157] was revised and accepted as [N0160] for inclusion in the PDTR.

[N0156] was revised and accepted as [N0161] for inclusion in the PDTR.

[N0155] was considered and Steve took notes regarding possible improvements. ACTION: Steve Michell. Revise and resubmit [N0155] to deal with issues raised during discussion at Meeting #9.

4. Other Business

The agenda was changed to include a discussion of how to move forward after this meeting.

We reaffirmed the schedule in [N0130]. Action items needed for the ballot are due by 6 october, but...we will *not* include brand new descriptions in the document. There will be an editor's rationale explaining that the document is open to additional material.

The PDTR ballot will also be distributed to SC22 working groups with a request for their comments.

We discussed future meetings:

The intention is to do another PDTR ballot after the April 2009 meeting.

The July 2009 meeting would look at language annexes.

ACTION: Jim Moore. Update [N0130] in light of previous decisions and relog it.

5. Resolutions

5.1 Review of Decisions Reached

WG23 resolved that all comments resulting from the PDTR ballot will be carefully considered and comments will not be rejected solely on the grounds that the existing text is "insufficiently wrong". WG23 will welcome drafts of language-specific annexes, as well as comments on the body resulting from drafting of the annexes, prepared during the PDTR ballot and thereafter as the document moves through technical balloting at the SC22 level.

5.2 Review of Action Items

5.3 Thanks to Host

We enthusiastically thanked Erhard and his staff for the fine meeting facilities.

6. Adjournment

The meeting adjourned at 13:02.