08.09.17 20:34, Stephen Michell пише:
I chair ISO/IEC/JTC1/SC22/WG23 Programming Language Vulnerabilities. We publish
an international technical report, ISO IEC TR 24772 Guide to avoiding
programming language vulnerabilities through language selection use. Annex D in
this document addresses vulnerabilities in Python. This document is freely
available from ISO and IEC.
We are updating this technical report, adding a few vulnerabilities and
updating language applicability as programming languages evolve. We are also
subdividing the document by making the language-specific annexes each their own
technical report. For the Python Part, the major portions are written, but we
have about 6 potential vulnerabilities left to complete.
We need help in finishing the Python TR. We are looking for a few Python
experts that have experience in implementing Python language systems, or
experts in implementing significant systems in Python (for technical level,
persons that provide technical supervision to implementers, or that write and
maintain organizational Python coding standards.
Any links? There are a lot of documents on
http://www.open-std.org/JTC1/SC22/WG23/docs/documents, but some links
are dead, and I have no found Annex D in
http://www.open-std.org/JTC1/SC22/WG23/docs/ISO-IECJTC1-SC22-WG23_N0742-tr24772-1-after-meeting-50-20170817.pdf.
Maybe https://python-security.readthedocs.io/ can be useful to you.
--
https://mail.python.org/mailman/listinfo/python-list
