Document ISO/IEC/JTC 1/SC 22/WG 23 N0655

Draft Minutes Meeting #45
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
14-15 June 2016

Including pre-meeting Webex 16 May 2016

Meeting Location :

WebEx for pre-meeting WebEx

Scuola Superiore Sant'Anna,

Pisa, Italy for in-person meeting

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell convenor

Clive Pygott UK, MISRA C++ Liaison

David Keaton WG 14 Liaison, US

Larry Wagoner US,

Erhard Ploedereder WG 9 Liaison

Tullio Vardanega Italy

Florian Schanda UK, Spark

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes (meeting 44, document N65?)

1.5 Review of actions items and resolutions, Action Item and Decision Logs

Action log updated.


1.6 Approval of Agenda [N 0652]

Approved.

1.7 Future Meeting Schedule

AI – Steve. No local arrangements have been posted for the September (Austria) meeting. Steve to get those around ASAP.

2017

pre-mtg-51

TBD November 2017

Teleconference (UTC 2000, 2 hr)


post-mtg-50

TBD October 2017

Teleconference (UTC 2000, 2 hr)


#50

TBD August 2017

In-person (with SC 22 Plenary)


#49

TBD June 2017

In-Person (2 day)


post-mtg-48

TBD May 2017

Teleconference (UTC 2000, 2 hr)


#48

TBD April 2017

In-person (2 day)


pre-mtg-48

TBD March 2017

Teleconference (UTC 2100, 2 hr)

post-mtg-47

TBD February 2017

Teleconference (UTC 2100, 2 hr)

#47

23-24 January 2017

In-person (2 day)

with pre meeting telecon 21 Nov 2016 (UTC 2000 2 hr)

2016

#46

15-16 Sep 2016

Vienna, Austria (with SC 22 Plenary)

pre mtg telecon 15Aug 2016(UTC 2000)

post mtg telecon 11 October (UTC 2000)

#45

14-15 June 2016

Pisa, Italy with Ada Europe

with pre mtg telecon 16/5/16 UTC 1500)












2. Liaison Activities

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

No information

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

No information.

2.10 MISRA ©

2.11 MISRA (C++)

2.12 SPARK

No information.

2.13 SC7/WG19 (UML)

No information.

2.14 SC27/WG3, WG4 Security

No new information.

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 TR 24772-1 Vulnerabilities, language independent

Document N0xxx


Reviewing N0655 Time Vulnerabilities

We identify that the consumption of other resources besides time is a likely vulnerability that needs a write-up. AI – Steve to do this for meeting 45. Consider other vulnerabilities in Part 1.


We pass through N0655, Time-based vulnerabilities. Changes are captured in N0655. We agree that these vulnerabilities are application-level and not language level. Steve to add them into part & or TR24772-1 part 7, at the end, for review at meeting 45. We need to look at section 7 for a possible reorganization into topic areas. AI – Steve.


3.2 TR 24772-2 Ada language specific part

Waiting for a proposal from SC 22/WG 9 – expected at meeting 45

3.3 TR 24772-3 C language specific part

Document N0649.

3.4 TR 24772-4 Python language specific part

Discuss at meeting 41.

3.5 TR 24772-8 Fortran

Document [N0560] needs review.

3.6 TR 24772-X C++

Consider document [N0582]


3.7 Bibliography and normative referencing for each TR24772 Part

I

4 Strategy (Face to face meetings only)



5 Publicity (Face to face meetings only)


6 Other Business

6.1 Review of Assignment of responsibilities


7. Resolutions and Action Items


8. Adjournment