Secure Programming

viega writes "Matt Messier and I have just launched a secure programming web site. While this site does support our new book The Secure Programming Cookbook for C and C++ , it also serves as a thorough resource for developers. It has numerous links to articles and other topical resources, new recipes that demonstrate secure programming techniques a large glossary and the obligatory web log. We accept outside submissions, and will reward the best recipe submission each month-- O'Reilly will publish it on the O'Reilly Network web site and will give the author a free book. There's already a decent amount of new content, including recipes on avoiding malloc()/new-related integer overflows, watching out for security problems in API differences and issues when truncating data. There's also an RSS feed for the web log."

Re: Not just speed

[Dodge+This]

Yes I agree that each language has its place. However I believe that C/C++ should have the biggest place in the IT environment. Aside from the fact that it's fast, there aren't too many languages that can match the flexibility of C/C++. I've found myself banging my head on the desk when I've used VB and (to a lesser extent) Delphi for certain projects.

My main point however is that I already believe that programmers in general are either too lazy or not competent enough to wright good code. If people come to rely on having all their code/bounds checking done by a compiler then the situation will become worse. The world will depend on a handful of elite programmers who are *still* able to write the compilers. What if an exploit is found in the compiler's compiled code???