Buffer Overruns: Other resources

This excerpt from Chapter 1 of The 19 Deadly Sins of Software Security, shares resources on buffer overruns and a list of guidelines for securing code.

The 19 Deadly Sins of Software Security The following excerpt is from Chapter 1 of "The 19 Deadly Sins of Software Security" written by Michael Howard, David LeBlanc and John Viega. Click for the complete book excerpt series or visit McGraw-Hill to purchase the book.

Other resources


  • Do carefully check your buffer accesses by using safe string and buffer handling functions.
  • Do use compiler-based defenses such as /GS and ProPolice.
  • Do use operating-system-level buffer overrun defenses such as DEP and PaX.
  • Do understand what data the attacker controls, and manage that data safely in your code.
  • Do not think that compiler and OS defenses are sufficient -- they are not; they are simply extra defenses.
  • Do not create new code that uses unsafe functions.
  • Consider updating your C/C++ compiler since the compiler authors add more defenses to the generated code.
  • Consider removing unsafe functions from old code over time.
  • Consider using C++ string and container classes rather than low-level C string functions.

Click for the book excerpt series or visit McGraw-Hill to purchase the book.

Dig Deeper on Enterprise software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.