REVIEW - Secure Coding in C and C++

Title:

Secure Coding in C and C++

Author:

Robert C. Seacord

ISBN:

0321335724

Publisher:

Addison-Wesley Professional (2006)

Pages:

341pp

Reviewer:

Pete Goodliffe

Reviewed:

November 2008

Rating:

★★☆☆☆

There are fewer books devoted to writing secure code than many other topics in the software engineering world. And this is clearly a field that many more developers need education in. It sits in Addison Wesley's CERT/SEI series, so it appears authoritative. Indeed, many chapters are written in collaboration with the author's CERT colleagues. But does it live up to this and is it a worthwhile addition to the (albeit small) security party?

As the title suggests, the book focusses on security in C and C++ alone. It opens with a dry but customary survey of the appalling state of software security in modern code and goes on to lambast C and C++ (with some merit, the majority of insecure code is written in C and C++ - but does that make them insecure languages?). Seacord draws primarily on Windows and Linux as examples, which is a good choice, and each chapter shows practical examples of exploits in real code, which helps ground the discussion.

The book is split into sections covering main areas of code vulnerability, including string-based attacks, pointer subterfuge, memory management and so on. They are each reasonable discussions of the topic, but to fully understand the material the reader must understand C/C++ reasonably proficiently beforehand. Student programmers would probably need a more gentle paced introduction to security.

My main reservation about this book is it's C++ coverage. There are really no good examples of secure C++ code - despite the book's title. Seacord mostly deals with C-related problems (which are indeed many and numerous). The book does not satisfactorily describe how the C++ idiom is inherently safer than C (and too often we are talking about the mythical "C/C++" language, as if the two languages are one and the same).

Good programming in C is necessarily very different from good programming in C++. This is not made clear at all, and few places show some of the more secure idioms available to the C++ programmer. For example, the entire description of C++ iostream output is two paragraphs and a small quote from Meyer's "Effective C++". This is in a 40-odd page chapter on I/O security (mainly discussing printf/scanf vulnerabilities and buffer overflow problems). There is also an interesting claim that it is "as easy" to create a safe abstract type in C as in C++. Hmm. In a modern security book that claims to be about C++ this doesn't seem justifiable.

This is not a bad book, but perhaps does not live up to the expectations I had of it.


Book cover image courtesy of Open Library.