Customer Review

7 of 8 people found the following review helpful
5.0 out of 5 stars The best how-to security book, July 5, 2007
This review is from: Secure Coding in C and C++ (Paperback)
This is an important book for people that write computer programs and their managers.
It is also very well organized and well written. Seacord reveals how the bad guys take
advantage of bugs in programs to break into a system or damage it. It is the most
complete list of exploitable bug types that I am aware of.

Many examples are given, naming software that have been exploited by bad guys. Some
may protest that this provides the bad guys with a list of easy targets. All of the
vulnerable software has been updated to fix the bug, and the improved version has been
available for a long time.

Everyone that writes software intended to be used by someone else should read this book.
Every organization that writes software should have a copy.

Most of the security flaws are buffer overflows. Secord shows how, from the simple use of
gets() through mistakes triggered by subtle differences in the rules for signed and unsigned
integers of various sizes. There are other ways, and some are quite subtle, but still
preventable. The bad guys are not Jay Leno's "Dumb crooks."

The primary way to frustrate the bad guys is to not have any of the bugs they exploit.
Seacord admits zero bugs is an elusive goal and recommends defense in depth by the use of
various freeware or commercial packages intended to trap or prevent certain errors.
He lists and describes many, with their strengths and weaknesses.

Read this book and make your code better. Read it again, next year.

The following are my opinions, based on over 40 years writing software, but I doubt
Seacord would disagree. Every security bug is also a bug that can cause a crash or a
wrong output from a program. The major cause of fewer bugs is the attitude of the
programmer. Managers can affect the attitude of the programmers by their choice of
questions. Do not ask "Is it done yet?" Instead try approaches like: "Tell me about how
you validated the inputs and how you identified all the inputs." "Who reviewed your test
cases?" "How did you decide you had tested enough?" The fewer bugs of any kind in your
product, the less likely the bad guys are going to target it, other things being equal.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Be the first person to comment on this review.

[Add comment]
Post a comment
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Amazon will display this name with all your submissions, including reviews and discussion posts. (Learn more)
Name:
Badge:
This badge will be assigned to you and will appear along with your name.
There was an error. Please try again.
Please see the full guidelines here.

Official Comment

As a representative of this product you can post one Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
The following name and badge will be shown with this comment:
 (edit name)
After clicking the Post button you will be asked to create your public name, which will be shown with all your contributions.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.  Learn more
Otherwise, you can still post a regular comment on this review.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
 
System timed out

We were unable to verify whether you represent the product. Please try again later, or retry now. Otherwise you can post a regular comment.

Since you previously posted an Official Comment, this comment will appear in the comment section below. You also have the option to edit your Official Comment.   Learn more
The maximum number of Official Comments have been posted. This comment will appear in the comment section below.   Learn more
Prompts for sign-in
 


Review Details

Item

4.6 out of 5 stars (11 customer reviews)
5 star:
 (8)
4 star:
 (2)
3 star:
 (1)
2 star:    (0)
1 star:    (0)
 
 
 
$54.99 $40.20
Add to cart Add to wishlist
Reviewer


Location: Acton , MA USA

Top Reviewer Ranking: 381,279