□ «format bugs, in addition to the wuftpd bug» by Lamagra Agramal: www.securityfocus.com/archive/1/66842

□ Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 5, «Public Enemy #1: Buffer Overruns»

□ «UNIX locale format string vulnerability, CORE SDI» by Ivan Arce: www.securityfocus.com/archive/1/80154

□ «Format String Attacks» by Tim Newsham: www.securityfocus.com/archive/ 1/81565

□ «Windows 2000 Format String Vulnerabilities» by David Litchfield: www.nextgenss.com/papers/win32format.doc

□ «Write It Secure: Format Strings and Locale Filtering» by David A Wheeler: www.dwheeler.com/essays/write_it_secure_l.html