A detailed discussion of the following questions can be found in the "Appendix A" section on page 515.
What is a "secure" program?
What input must be validated in a secure program? What sort of validation is required?
How can you guard against attacks from the pool of trusted users?
Where can an exploitable buffer overrun occur? What functions are particularly prone to buffer overrun?
Can you avoid buffer overruns altogether?
How can you secure the memory in use by your application?
Are C and C++ inherently less secure than alternative languages?
Has the experience of C led to C++ being a better, more securely designed language?
How do you know when your program has been compromised?
What are the security requirements ...