ISO/IEC JTC1/SC22/WG5-N1686

       SC22 Other Working Group - Vulnerabilities - Liaison Report

                 Dan Nagle, 2007 July 31

OWG-V continues to meet four times per year, and is steadily writing
its Type 2 TR.  The web site is http://www.aitcnet.org/isai/
OWG-V is charged with writing a document which will provide guidance
for those who want to write their own coding standards.
The most recent draft is OWG-V N0079.  The document is organized
with a language-independent portion discussing vulnerabilities
in general (for example, array index out-of-bounds) to be followed
by language specific portions (for example, in Fortran, use
whole array operations) for each (C/C#/Ada/Fortran) language.

The next meeting is during September/October of this year.  I expect
that after the next meeting, the Vulnerabilities list will be well
enough developed to start work on the Fortran-specific list.
OWG-V was pleased to hear that J3 had added a portability annex
to our committee draft.

While substantial parts of OWG-V's work are devoted to safety
and security issues, reliability issues from the perspective
of programmers coding applications with very long execution times
are also being considered.  OWG-V intends to establish its own method
of operation regarding issues involving sequential execution and
integer data only prior to tackling floating point issues and
parallel execution issues.

The work of OWG-V has benefitted Fortran by focusing attention
on issues of confidence in a program's correctness, and
the addition of the above-mentioned annex.

At some point in the future, perhaps some years from now,
it may be worthwhile to visit the issue of whether there are
features which might be added to Fortran to good benefit
in light of the OWG-V document.