Secure Coding in C and C++
September 2005 • Book
In this book, Robert Seacord identifies root causes for exploited software vulnerabilities and encourages programmers to adopt security best practices.
The SEI and the CERT Coordination Center (CERT/CC) are proud to announce the publication of Secure Coding in C and C++, by Robert C. Seacord. Published by Addison-Wesley, this book is part of the SEI Series in Software Engineering.
Commonly exploited software vulnerabilities are primarily caused by avoidable software defects. Having analyzed nearly 18,000 vulnerability reports over the past ten years, the CERT/CC has determined that a relatively small number of root causes account for most of them. This book identifies and explains these causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow's attacks, not just today's.
Drawing on the CERT/CC's reports and conclusions, Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
Secure Coding in C and C++ presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux.
Robert Seacord began programming professionally for IBM in 1982 and has been programming in C since 1985, and in C++ since 1992. Seacord is currently a senior vulnerability analyst with the CERT/CC. He is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).