Secure Coding in C and C++


Posted on by Ben Rothke

Behind nearly every security vulnerability is poorly written or insecure code.  Fix the code and a majority of the security vulnerabilities go away.

In the just released 2nd edition of Secure Coding in C and C++, author Robert Seacord of CERT has created an invaluable resource for developers.

Research from OWASP and CERT shows that a lion's share of core vulnerabilities can be found in a small number of root causes.  In the book, Seacord tackles those root causes.

Like a good programmer, the book is methodical and details all of the core areas which can lead to security vulnerabilities.  The book shows how they are exploited and how they can be fixed.

The average C programmer knows about buffer overflows, authentication, format strings and more.  But if they don’t know how to write secure code, they will invariably write insecure code.

Aside from the inherent security and privacy benefits, there is significant cost savings to writing secure code.

For anyone who codes in C or C++, Secure Coding in C and C++ should be required reading.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

anti-malware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community