Programming is a joy. Writing secure computer programs is a chore. For most programmers, the struggle is to write code that performs properly under optimal conditions. For people striving to write secure programs, the program must be carefully defended against every conceivable mischievous attack that an authorized user might launch against the system. This is hard work and requires constant attention to the minutiae of computer languages, programming interfaces, and operating system internals. And the underlying design of Unix actually makes it harder, not easier, to write programs that are resistant to attack.
A single bug can result in a catastrophic security failure for even the best-written programs. Experience has shown that C and C++ are lousy languages for writing secure programs. But the alternatives?Perl, Java, and Python?are often unworkable for writing critical applications.
In this chapter, we presented a number of rules to follow when writing programs that are security-critical. For good programmers, many of these rules are self-evident. For other programmers, many of these rules may seem like a silly chore. Alas, experience has shown that they are not.