July 1, 2003

Avoid Costly Security Flaws with O'Reilly's "Secure Coding: Principles and Practices "

Sebastopol, CA--Rarely a week goes by without an announcement of a new attack on computer systems. Viruses, worms, denials of service, and password sniffers are attacking all types of systems--from banks to e-commerce sites to seemingly impregnable government and military computers--at an alarming rate.

But, according to Kenneth R. van Wyk, coauthor of the new book, Secure Coding: Principles and Practices (O'Reilly, US $29.95), "there are really very few classes of errors being made." Despite their many manifestations and targets, nearly all attacks have one fundamental cause: the code underlying these computers and networks is not secure.

"Secure software doesn't happen by accident," says van Wyk. "The vast majority of security flaws being announced today are entirely avoidable."

Writing secure code isn't easy, and there are no quick fixes to bad code. According to Mark G. Graff, coauthor of "Secure Coding: Principles and Practices," to build code that repels attack, software developers must "understand where vulnerabilities come from and counteract those tendencies with time-proven practices."

"Good programmers write good code, bad programmers write bad code, but all programmers seem to write insecure code," says Marcus J. Ranum, principal author of the DEC SEAL firewall, TIS Gauntlet firewall, and Network Flight Recorder Intrusion Detection System. "Kudos to Mark and Ken for their explanation of the reasons it's so hard to write good secure code and what to do about it!"

"Secure Coding: Principles and Practices" makes the case that developers must be vigilant throughout the entire code lifecycle:

Trial and error can be a time consuming, costly, and embarrassing lesson when it comes to secure code. van Wyk and Graff have managed to pack decades of experience in secure coding into a concise and engaging book. "We have grey hairs, and we earned 'em learning the lessons we teach in the book," laughs Graff.

Jeremy Allison, the coauthor of Samba calls "Secure Coding": "A wonderful book...I wish it had been available when I was writing parts of Samba. I might not have had the last two security embarrassments to my name." Stephen E. Hansen, Information Security officer for Google, Inc., agrees: "I wish I had this book years ago as it has taken me years to figure these things out for myself."

Additional Resources:

Secure Coding: Principles & Practices
By Mark G. Graff, Kenneth R. van Wyk
ISBN 0-596-00242-4, 224 pages, $29.95 US, $46.95 CA, 20.95 UK
1-800-998-9938; 1-707-827-7000

About O'Reilly

O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.


Customer Inquiries
Sales/Customer Service

O'Reilly Media
(707) 827-7000

© 2008, O'Reilly Media, Inc.