This message comes to you from MacDev-1(tm) -- the Mac(tm) OS Developer News and Info server. See below for more info on this list (including sub/unsub details). __________________________
For Immediate Release For more information, a review copy, cover art, or an interview with the authors, contact: Kathryn Barrett (707) 827-7094 or [EMAIL PROTECTED]
Security Begins with Well-Written Code O'Reilly Releases "Secure Programming Cookbook for C and C++"
Sebastopol, CA--Over the next three years, private organizations and government agencies will spend an estimated $21 billion on network security to fight off password sniffing, spoofing, buffer overflows, denials of service, viruses, worms, and other attacks. Despite this tremendous effort, experts including John Viega, coauthor of the "Secure Programming Cookbook for C and C++" (O'Reilly, US $49.95), assert that many security problems boil down to one fundamental cause: poorly written, poorly tested, and insecure code underlying applications that run the very systems everyone is trying so hard to secure.
That's not something system administrators can fix at the network level, Viega explains, but depends on programmers to write code that attackers cannot exploit. "Writing secure code is difficult, even for experts," he points out. "Unfortunately, programmers generally hold a world view that they write correct code all the time, and only occasionally do mistakes occur. In reality, mistakes are commonplace in nearly everyone's code." He points to a recent NIST study that estimates the computer industry in the United States alone spends $60 billion a year patching and customizing poorly written software.
Viega is one of the pioneers in the field of software security who wrote the first publicly available tool to help programmers find and fix security vulnerabilities in their own code. His new book, co-written by Matt Messier, takes the same practical approach to fortifying code. Rather than recite principals and guidelines, "Secure Programming Cookbook for C and C++" is a nuts-and-bolts reference that teaches by example, focusing on two of the most widely used programming languages available.
"There are already several other books out there on the topic of writing secure software," Viega explains. "Many of them are quite good, but they universally focus on the fundamentals, not code. None of them show you how to do such things as SSL-enable your applications properly, which can be surprisingly difficult."
The book shows how to eliminate common problems by providing code solutions that programmers can insert directly into their applications, along with explanations of why and how the code samples work. Viega and Messier cover a wide range of security topics, including cryptography (both symmetric and public key), random numbers, safe initialization, input validation, networking, authentication, access control, email, and anti-tampering. Altogether, there are more than 200 recipes to help programmers secure the C and C++ programs they write for both Unix (including Linux) and Windows environments.
Viega assumes that programmers who pick up "Secure Programming Cookbook for C and C++" already understand security basics, but that "strangely enough, programmers make the same mistakes over and over again," he says. "Most security problems have been seen before. It's rare to actually see a new one. We give people the tools they haven't had before, so they have a fighting chance."
Additional Resources:
Chapter 11, "Random Numbers," is available free online at: http://www.oreilly.com/catalog/secureprgckbk/chapter/index.html
For more information about the book, including Table of Contents, index, author bios, and samples, see: http://www.oreilly.com/catalog/secureprgckbk/
For a cover graphic in JPEG format, go to: ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/0596003943.jpg
Secure Programming Cookbook for C and C++ John Viega and Matt Messier ISBN 0-596-00394-3, 790 pages, $49.95 US, $77.95 CA, 35.50 UK [EMAIL PROTECTED] 1-800-998-9938 1-707-827-7000 http://www.oreilly.com
About O'Reilly O'Reilly & Associates is the premier information source for leading-edge computer technologies. The company's books, conferences, and web sites bring to light the knowledge of technology innovators. O'Reilly books, known for the animals on their covers, occupy a treasured place on the shelves of the developers building the next generation of software. O'Reilly conferences and summits bring alpha geeks and forward-thinking business leaders together to shape the revolutionary ideas that spark new industries. From the Internet to XML, open source, .NET, Java, and web services, O'Reilly puts technologies on the map. For more information: http://www.oreilly.com
__________________________
Please visit our sponsors:
RadGad(sm): The Place for Useful Gifts & Gadgets.(sm)
http://www.radgad.com/, mailto:[EMAIL PROTECTED], or 877-5-RADGAD MacTech(r) Magazine: The journal of Macintosh technology and development
http://www.mactech.com, mailto:[EMAIL PROTECTED], or 805-494-9797 DevDepot(sm): Your Source for RAM, Technical & Developer Products
http://www.devdepot.com, mailto:[EMAIL PROTECTED] or call 877-DEPOT-NOWTo submit a posting to MacDev-1, mailto:[EMAIL PROTECTED] To subscribe to MacDev-1, send mail to [EMAIL PROTECTED] with the SUBJECT line reading "SUBSCRIBE MACDEV-1". To unsubscribe, the SUBJECT line should read "UNSUBSCRIBE MACDEV-1".
MacTech, Developer Depot, RadGad, and Xplain Corporation are not responsible for any errors, omissions, or other inaccuracies in this message.
News may be propagated freely, but please attribute your source as MacTech Magazine, <http://www.mactech.com>.
--
