British Standards Institution

Source:: ISO/IEC
Committee:: IST/5 - Programming languages, their environments and system software interfaces
Categories:: Information management | Standardization. General rules

Scope

This document itemizes programming language vulnerabilities in Fortran to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this need for assured behaviour is applicable to the software developed, reviewed, or maintained for any application.

This document explains how the vulnerabilities catalogued in ISO/IEC 24772-1:2024 “Programming languages -- Avoiding vulnerabilities in programming languages -- Part 1: “Language-independent catalogue of vulnerabilities” manifest in Fortran and documents mechanisms that can be used to avoid the vulnerabilities.

Purpose

ISO/IEC 24772-1 apply to the Fortran programming language as well as avoidance mechanisms that can be applied by the Fortran development team.

ISO/IEC 24772-1:2024, ISO/IEC TR 24772-2 (for programming language Ada) and ISO/IEC TR 24772-3 (for programming language C) are already published, with ISO/IEC 24772-2 and ISO/IEC 24772-3 being prepared for an update. This document provides a similar catalogue of vulnerabilities for the programming language Fortran.

Comment on proposal

Required form fields are indicated by an asterisk (*) character.

How important do you think standardization is in this area? *

Do you agree that a standard on this subject is feasible?: *

Please give reasons for your selections above: *

Would you or your organization use the standard? *

Would you or your organization be prepared to participate in the development of the standard or to comment on the draft when it is available? *

Are you aware of any regulation, existing standards and other good practice information in this area in the UK (e.g. Industry codes of practice; company specifications, international or European Standards)? *

Would the development of a standard(s) in this area have a particular impact/relevance to SME, consumer, environmental or societal interests? *

Are you aware of any other organizations to which this proposal may be relevant? If so please provide details below. *

Additional comments on the scope or proposal:

Although BSI will not usually enter into correspondence regarding individual comments or suggestions we may wish to contact you to seek further clarification. Please indicate whether this will be acceptable: *

Discard

Please email further comments to: debbie.stead@bsigroup.com

Standard timeline

1. Proposal

Proposal start date:

08/01/2025

Proposal end date:

02/03/2025

2. Draft

3. Public Comments

4. Comment Resolution

5. Approval

6. Publication

Learn more about the standards development process

Standards Development

ISO/IEC NP 24772-8 Information technology — Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 8: Catalogue of vulnerabilities for the programming language Fortran

Scope

Purpose

Comment on proposal

Discard changes?

Submit comment

Submit comment

Follow standard

Unfollow standard

Error