''At Cisco, we have adopted the CERT C Coding
Standard as the internal secure coding standard for all
C developers. It is a core component of our secure
development lifecycle. The coding standard described in
this book breaks down complex software security topics
into easy-to-follow rules with excellent real-world
examples. It is an essential reference for any developer
who wishes to write secure and resilient software in C
and C++.'' -Edward D. Paradise, vice president,
engineering, threat response, intelligence, and
development, Cisco Systems Secure programming in C can
be more difficult than even many experienced programmers
realize. To help programmers write more secure code, The
CERT(R) C Coding Standard, Second Edition, fully
documents the second official release of the CERT
standard for secure coding in C. The rules laid forth in
this new edition will help ensure that programmers' code
fully complies with the new C11 standard; it also
addresses earlier versions, including C99. The new
standard itemizes those coding errors that are the root
causes of current software vulnerabilities in C,
prioritizing them by severity, likelihood of
exploitation, and remediation costs. Each of the text's
98 guidelines includes examples of insecure code as well
as secure, C11-conforming, alternative implementations.
If uniformly applied, these guidelines will eliminate
critical coding errors that lead to buffer overflows,
format-string vulnerabilities, integer overflow, and
other common vulnerabilities. This book reflects
numerous experts' contributions to the open development
and review of the rules and recommendations that
comprise this standard. Coverage includes * Preprocessor
* Declarations and Initialization * Expressions *
Integers * Floating Point * Arrays * Characters and
Strings * Memory Management * Input/Output * Environment
* Signals * Error Handling * Concurrency * Miscellaneous
Issues |
|