[Python-Dev] Python vulnerabilities

Stephen Michell stephen.michell at maurya.on.ca
Mon Sep 11 21:58:39 EDT 2017


I am new to this list. 

Skip suggested that I join. 

I convene ISO/IEC/JTC1SC22/WG23 Programming Languages Working Group. We produce a suite of international technical reports that document vulnerabilities in programming that can lead to serious safety and security breaches. 

We published TR 24772 "Guidance to avoiding programming language vulnerabilities through language selection and use" in 2010 and again in 2013. Edition one was a language independent look at such vulnerabilities. Edition two added new vulnerabilities plus language specific annexes for Ada, C, Python, PHP, Ruby, and Spark. 

For this round, we have split the document into parts and are publishing the language specific parts separately. We have added a few new vulnerabilities, mostly associated with concurrency and object orientation for this iteration. 

We target the team lead that guides and writes coding standards for an organization, as opposed to the general programmer. 

We plan to ballot and publish in 2018 TR 24772-1, the language independent Part, as well as -2 Ada, -3 C, -4 Python and -8 Fortran. 

Our Python Part needs completion to address the new vulnerabilities documented. We want to do justice to all languages that we work with. We need experts to help us complete the document, and then to review it. I have had initial conversations with one expert. We hope for a bit more if possible. I

If interested, please contact me as listed below. 

Our document list is at www.open-std.org/JTC1/sc22/wg23. 

Thank you. 

Stephen Michell
Maurya Software
stephen dot michell at maurya dot on dot ca
Phone: 1-613-299-9047
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170911/ba002a27/attachment.html>


More information about the Python-Dev mailing list