The SEI and the CERT Coordination Center (CERT/CC) are proud to announce the publication of Secure Coding in C and C++, by Robert C. Seacord. Published by Addison-Wesley, this book is part of the SEI Series in Software Engineering.
Commonly exploited software vulnerabilities are primarily caused by
avoidable software defects. Having analyzed nearly 18,000 vulnerability
reports over the past ten years, the CERT/CC has determined that a
relatively small number of root causes account for most of them. This
book identifies and explains these causes and shows the steps that can
be taken to prevent exploitation. Moreover, this book encourages
programmers to adopt security best practices and develop a security
mindset that can help protect software from tomorrow's attacks, not
Drawing on the CERT/CC's reports and conclusions, Seacord
systematically identifies the program errors most likely to lead to
security breaches, shows how they can be exploited, reviews the
potential consequences, and presents secure alternatives.
Secure Coding in C and C++ presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux.
Robert Seacord began programming professionally for IBM in 1982 and
has been programming in C since 1985, and in C++ since 1992. Seacord is
currently a senior vulnerability analyst with the CERT/CC. He is
coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).