On Fri, Apr 18, 2014 at 8:12 PM, John D. Verne <[email protected]> wrote: > On Fri, Apr 18, 2014 at 01:18:02AM +0100, Kevin Chadwick wrote: >> There are tools such as static analysers and Todd and Theo's talk on >> strl*, porting security guidelines etc. and many books (that may or may >> not recommend c++ ;-)) and even Ada to C conversion but with added >> worries about compilers and obfuscation or the Go language where >> applicable but is there a particular reference many recommend or use to >> brush up for secure C coding in a fashion akin to K&R's "C bible" being >> recommended by past threads for learning C and referencing? >> > I can recommend "Secure Coding in C and C++" by Seacord. It's sort of a > handbook style, with some intro and discussion in the early chapters and > then a sort of cookbook style later on.
I did some digging on that book (and I am ordering it - thanks for the recommendation ) and found the CERT C Coding Standard: * The Cert C Secure Coding Standard * The Cert C Coding Standard, Second Edition The second one seems to be the second edition of the first one. The main difference between the two (despite the release date) seems that the second one contains only rules, where the first one contains recommendations and some rules. For a distinction of the two: https://www.securecoding.cert.org/confluence/display/seccode/Rules+versus+Recommendations If you want to read a "faster moving" version of the books online: https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Coding+Standard cheers
