Python programming language vulnerabilities

2017-09-09 Thread Stephen Michell 
I chair ISO/IEC/JTC1/SC22/WG23 Programming Language Vulnerabilities. We publish 
an international technical report, ISO IEC TR 24772 Guide to avoiding 
programming language vulnerabilities through language selection use. Annex D in 
this document addresses vulnerabilities in Python. This document is freely 
available from ISO and IEC.

We are updating this technical report, adding a few vulnerabilities and 
updating language applicability as programming languages evolve. We are also 
subdividing the document by making the language-specific annexes each their own 
technical report. For the Python Part, the major portions are written, but we 
have about 6 potential vulnerabilities left to complete.

We need help in finishing the Python TR. We are looking for a few Python 
experts that have experience in implementing Python language systems, or 
experts in implementing significant systems in Python (for technical level, 
persons that provide technical supervision to implementers, or that write and 
maintain organizational Python coding standards.

If you are interested in helping, please reply to this posting.

Thank you
Stephen Michell
Convenor, ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python programming language vulnerabilities

2017-09-10 Thread Stephen Michell 
My apologies. I maintain that website.

There should have been no broken links. I will fix that.

The previous version of TR 24772 had annexes for language-specific material. We 
have split those out, so the main document (Tr 24772-1) only has language 
independent material. The last Python document is N0702 at 
open-std.org/sc22/wg23//docs/documents.html. This document was one that Serihy 
could not access. That link is fixed, so it can be accessed now.


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python programming language vulnerabilities

2017-09-11 Thread Stephen Michell 
CORRECTION.
My sincere apologies to anyone that tried the link that I posted. The actual 
link is

www.open-std.org/jtc1/sc22/wg23

follow the link to documents, or go directly there via

www.open-std.org/jtc1/sc22/wg23/docs/documents.html

I was informed that there are some broken links to documents. I believe that 
they are all fixed now.


-- 
https://mail.python.org/mailman/listinfo/python-list