Sebastopol, CA--Rarely a week goes by without an announcement of a new attack on computer systems. Viruses, worms, denials of service, and password sniffers are attacking all types of systems--from banks to e-commerce sites to seemingly impregnable government and military computers--at an alarming rate.
But, according to Kenneth R. van Wyk, coauthor of the new book, Secure Coding: Principles and Practices (O'Reilly, US $29.95), "there are really very few classes of errors being made." Despite their many manifestations and targets, nearly all attacks have one fundamental cause: the code underlying these computers and networks is not secure.
"Secure software doesn't happen by accident," says van Wyk. "The vast majority of security flaws being announced today are entirely avoidable."
Writing secure code isn't easy, and there are no quick fixes to bad code. According to Mark G. Graff, coauthor of "Secure Coding: Principles and Practices," to build code that repels attack, software developers must "understand where vulnerabilities come from and counteract those tendencies with time-proven practices."
"Good programmers write good code, bad programmers write bad code, but all programmers seem to write insecure code," says Marcus J. Ranum, principal author of the DEC SEAL firewall, TIS Gauntlet firewall, and Network Flight Recorder Intrusion Detection System. "Kudos to Mark and Ken for their explanation of the reasons it's so hard to write good secure code and what to do about it!"
"Secure Coding: Principles and Practices" makes the case that developers must be vigilant throughout the entire code lifecycle:
Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code--ways of protecting software from being exploited even if bugs can't be fixed.
Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment--not just the command lines and environment variables that are the focus of most security analysis).
Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods--for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.
Trial and error can be a time consuming, costly, and embarrassing lesson when it comes to secure code. van Wyk and Graff have managed to pack decades of experience in secure coding into a concise and engaging book. "We have grey hairs, and we earned 'em learning the lessons we teach in the book," laughs Graff.
Jeremy Allison, the coauthor of Samba calls "Secure Coding": "A wonderful book...I wish it had been available when I was writing parts of Samba. I might not have had the last two security embarrassments to my name." Stephen E. Hansen, Information Security officer for Google, Inc., agrees: "I wish I had this book years ago as it has taken me years to figure these things out for myself."
What critics, security professionals, executives, academics, and other readers have said about "Secure Coding: Principles and Practices"
Secure Coding: Principles & Practices
By Mark G. Graff, Kenneth R. van Wyk
ISBN 0-596-00242-4, 224 pages, $29.95 US, $46.95 CA, 20.95 UK
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
PRESS QUERIES ONLY