ISO/IEC JTC 1/SC 22/WG 23 N 0284
Revised format for language-specific annexes

Date: 2010-09-17
Contributed by: Jim Moore
Original file name:
Notes: Replaces N 0271 per Action Item #15-01

Each language-specific annex should have the following heading information and initial sections:

Annex <language> (Informative) Vulnerability descriptions for language <language> <language>.1 Identification of standards [This sub-clause should list the relevant language standards and other documents that describe the language treated in the annex. It need not be simply a list of standards. It should do whatever is required to describe the language that is the baseline.] <language>.2 General terminology and concepts [This sub-clause should provide an overview of general terminology and concepts that are utilized throughout the annex.]

Every vulnerability description of Clause 6 of the main document should be addressed in the annex in the same order even if there is simply a notation that it is not relevant to the language in question. Each vulnerability description should have the following format:

<language>.<x> <Vulnerability Name> [<3 letter tag>] <language>.<x>.0 Status, history, and bibliography [Revision history. This clause will eventually be removed.] <language>.<x>.1 Applicability to language [This section describes what the language does or does not do in order to deal with the vulnerability.] <language>.<x>.2 Guidance to language users [This section describes what the programmer or user should do regarding the vulnerability.]

In those cases where a vulnerability is simply not applicable to the language, the following format should be used instead:

<language>.<x> <Vulnerability Name> [<3 letter tag>] This vulnerability is not applicable to <language>.

Following the final vulnerability description, there should be a single sub-clause as follows:

<language>.<x> Implications for standardization [This section provides the opportunity to discuss changes anticipated for future versions of the language specification.]