This site graciously hosted
by our friends at

8.  Summary

Table of Contents  |  Previous Section  |  Next Section

8.1  Lessons learned

In the course of this survey we searched, examined, and analyzed information about secure coding from hundreds of sources. The following observations, some surprising, were gleaned from the survey.
  • The last 12 months has seen a significant increase in the body of available materials. Anecdotally, about one-third of the most useful information is eighteen months old or less. Since little has changed technically, it is safe to infer a substantial upsurge in world-wide interest in the subject.
  • The relatively small proportion of detailed secure coding techniques that apply only to one language or platform was surprising. Almost all of the rules apply quite broadly. The main exception relates to the buffer overflow problems endemic to C/C++.
  • There were more commercial analysis tools than expected.
  • Surprisingly few independent tools are available for checking programs for security holes. It is suspected that many more exist, but are closely held in the hacker/attacker and consulting communities.
8.2  Directions for further study

For more technical information on secure coding projects, and a view of ongoing work, check the following centers for vulnerability testing research.
Table of Contents  |  Previous Section  |  Next Section

Site Contents Copyright (C) 2002, 2003 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.