Behind nearly every security vulnerability is poorly written or insecure code. Fix the code and a majority of the security vulnerabilities go away.
In the just released 2nd edition of Secure Coding in C and C++, author Robert Seacord of CERT has created an invaluable resource for developers.
Research from OWASP and CERT shows that a lion's share of core vulnerabilities can be found in a small number of root causes. In the book, Seacord tackles those root causes.
Like a good programmer, the book is methodical and details all of the core areas which can lead to security vulnerabilities. The book shows how they are exploited and how they can be fixed.
The average C programmer knows about buffer overflows, authentication, format strings and more. But if they don’t know how to write secure code, they will invariably write insecure code.
Aside from the inherent security and privacy benefits, there is significant cost savings to writing secure code.
For anyone who codes in C or C++, Secure Coding in C and C++ should be required reading.