ThisbookisanessentialdesktopreferencefortheCERTCcodingstandard.TheCERTCCodingStandardisanindispensablecollectionofexpertinformation.ThestandarditemizesthosecodingerrorsthataretherootcausesofsoftwarevulnerabilitiesinCandprioritizesthembyseverity,likelihoodofexploitation,andremediationcosts.Eachguidelineprovidesexamplesofinsecurecodeaswellassecure,alternativeimplementations.Ifuniformlyapplied,theseguidelineswilleliminatethecriticalcodingerrorsthatleadtobufferoverflows,formatstringvulnerabilities,integeroverflow,andothercommonsoftwarevulnerabilities.
新版特色:
ThematerialinthisbookhasbeenupdatedfortheC11Standard,includinganewsectiononconcurrency.ThiseditionhasalsobeenupdatedtoaccountforC11AnnexKBounds-checkedinterfacesandothersecurityimprovementsinthestandard.(Omittedfromthisedition:variousrules,nonnormativeguidelines,nonnormativePOSIXappendix,andMicrosoftspecificappendix)圖
書特色與優點
1.Providesthefixedsetofrulesthatorganizationsmustfollowinordertocertifycompliancewitharecognizedsecuritystandard,backedbyCERTandISO/IEC
2.Guidelinesincludesuggestionsforimprovingsystemperformanceandhowtoimprovesourcecodereadability
3.Eachruleisexemplifiedbycompliantandnon-compliantsamplecode4.FullyupdatedforthenewC11standard5.Thiseditionincludesanewsectiononconcurrency
DEVELOPING SECURE CODING AND FOR THE
