The CERT C Secure Coding Standard (Paperback)

Robert C. Seacord

買這商品的人也買了...

商品描述

“I’m an enthusiastic supporter of the CERT Secure Coding Initiative. Programmers have lots of sources of advice on correctness, clarity, maintainability, performance, and even safety. Advice on how specific language features affect security has been missing. The CERT® C Secure
Coding Standard fills this need.”
—Randy Meyers, Chairman of ANSI C


“For years we have relied upon the CERT/CC to publish advisories documenting an endless stream of security problems. Now CERT has embodied the advice of leading technical experts to give programmers and managers the practical guidance needed to avoid those problems in new  applications and to help secure legacy systems. Well done!”

—Dr. Thomas Plum, founder of Plum Hall, Inc.

“Connectivity has sharply increased the need for secure, hacker-safe applications. By combining this CERT standard with other safety guidelines, customers gain all-round protection and approach the goal of zero-defect software.”
—Chris Tapp, Field Applications Engineer, LDRA Ltd.

“I’ve found this standard to be an indispensable collection of expert information on exactly how modern software systems fail in practice. It is the perfect place to start for establishing internal secure coding guidelines. You won’t find this information elsewhere, and, when it comes to software security, what you don’t know is often exactly what hurts you.”
—John McDonald, coauthor of The Art of Software Security Assessment


Software security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced  programmers believe.

This book is an essential desktop reference documenting the first official release of  The CERT® C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer  overflow, and other common software vulnerabilities.

商品描述(中文翻譯)

「我是CERT安全編碼計畫的熱情支持者。程式設計師在正確性、清晰度、可維護性、效能甚至安全性方面有很多建議來源。然而,關於特定語言功能如何影響安全性的建議一直缺乏。CERT C安全編碼標準填補了這一需求。」—Randy Meyers,ANSI C主席

「多年來,我們一直依賴CERT/CC發布的警示來記錄無窮無盡的安全問題。現在,CERT結合了領先技術專家的建議,為程式設計師和管理人員提供實用指南,以避免這些問題在新應用程式中出現,並幫助保護舊系統的安全。做得好!」—Dr. Thomas Plum,Plum Hall公司創始人

「連接性的大幅增加使得對安全、防駭的應用程式需求急劇上升。通過將這個CERT標準與其他安全指南結合,客戶可以獲得全方位的保護,並接近零缺陷軟體的目標。」—Chris Tapp,LDRA Ltd.現場應用工程師

「我發現這個標準是一個不可或缺的專家資訊集合,詳細說明現代軟體系統在實踐中如何失敗。這是建立內部安全編碼指南的完美起點。你在其他地方找不到這些資訊,而在軟體安全方面,你不知道的往往正是傷害你的東西。」—John McDonald,《軟體安全評估的藝術》共同作者

軟體安全對組織的運營和資產,以及個人的福祉都有重大影響。要創建安全的軟體,開發人員必須知道危險的存在。在C語言中進行安全編程可能比許多有經驗的程式設計師所認為的更困難。

這本書是一本必備的桌面參考資料,記錄了第一個官方版本的「CERT C安全編碼標準」。該標準列舉了那些在C語言中導致軟體漏洞的編碼錯誤,並根據嚴重性、被利用的可能性和修復成本進行了優先排序。每個指南都提供了不安全代碼的示例,以及安全的替代實現方法。如果統一應用這些指南,將消除導致緩衝區溢出、格式字串漏洞、整數溢出和其他常見軟體漏洞的關鍵編碼錯誤。