Final Draft International Standard
ISO/IEC FDIS 24772-1
Programming languages — Avoiding vulnerabilities in programming languages — Part 1: Language-independent catalogue of vulnerabilities
Reference number
ISO/IEC FDIS 24772-1
Edition 1
© ISO 2024
Final Draft
International Standard
Under development
This draft is in the approval phase.
Will replace ISO/IEC TR 24772-1:2019

Abstract

This document catalogues common software programming language vulnerabilities and their mitigations in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application. This document is Part 1 of a series. Vulnerabilities and their mitigations are described in this document in a generic manner that is applicable to a broad range of programming languages. This document is supplemented by other Parts in this series that describe how vulnerabilities catalogued in this document arise and how they can be mitigated in specific programming languages, such as C, C++, Ada, Java, Python, SPARK, and Fortran.

General information

  • Status
     : Under development
    Stage
    : Final text received or FDIS registered for formal approval [50.00]
  • Edition
     : 1
  • Technical Committee :
    ISO/IEC JTC 1/SC 22
    ICS :
    35.060 
  • RSS updates

Life cycle

Sustainable Development Goals

This standard contributes to the following Sustainable Development Goals

3
Good Health and Well-being
4
Quality Education
9
Industry, Innovation and Infrastructure
12
Responsible Consumption and Production

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

  2. Store
  3. Standards catalogue
  4. ICS
  5. 35
  6. 35.060
  7. ISO/IEC FDIS 24772-1