For those interested in secure coding, Robert Seacord of CERT is one of the main sources on the topic. Some of the notable books he has authored are:
- Secure Coding in C and C++
- Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
- Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
- The CERT Oracle Secure Coding Standard for Java
Seacord’s latest is the CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.
The book covers the entire core areas that every C programmer needs to know, including areas such as:
- characters and strings
- floating point
- memory management
- declarations and initialization
- error handling
The rules in the book can be used in parallel to ensure code is C11 (ISO/IEC 9899:2011) compliant.
Each of the rules in the book has the same format: title, description, noncompliant code examples and compliant solutions.
Programmers that implement these coding standards will find short-term gains in that the coding mistakes that leads to critical application errors such as buffer overflows are now mitigated.
This book is meant as a desktop reference for those coding in C. If you have programmers coding in C, you want to ensure that this book is on their desktop,
The goal of the book and its rules is meant to develop safe, reliable, and secure systems. Anyone who wants to do that should read definitely be reading CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.