[转载]Secure Coding Call for Papers

原始连接：http://www.cert.org/secure-coding/

The primary cause of commonly exploited software vulnerabilities is software defects that could have been avoided. Through our analysis of thousands of vulnerability reports, the CERT/CC has observed that most of them stemmed from a relatively small number of root causes. If we can identify the root causes of vulnerabilities and develop secure coding practices for illustration, software producers may be able to take practical steps to prevent introduction of vulnerabilities into deployed software systems.

Toward that goal, our systematic approach has led us to identify program errors most likely to cause security breaches. We have also identified some good practices to avoiding certain categories of vulnerabilities. Software producers can use this information as they develop strategies to avoid vulnerabilities when they code new software.