Chapter 11. Stage 6: Secure Coding Policies

In this chapter:

Use the Latest Compiler and Supporting Tool Versions

Use Defenses Added by the Compiler

Use Source-Code Analysis Tools

Do Not Use Banned Functions

Reduce Potentially Exploitable Coding Constructs or Designs

Use a Secure Coding Checklist

As we mentioned in Chapter 7, the software industry is replete with security software coding best practices—of which very few are followed. The Security Development Lifecycle (SDL) mandates specific coding practices and backs up many of the practices with tests to verify that the policies are adhered to. This chapter outlines the high-level policy and best practices for secure coding. The chapter is purposefully high level because the low-level specifics are ...

Get Security Development Lifecycle now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial