Trying to write secure programs on Linux or Unix systems? Know someone who is? Will you have to be a _user_ of a Linux/Unix program that needs to be secure, and you know who the developer will be? Rejoice, I've just released version 3.000 of the "Secure Programming for Linux and Unix HOWTO". It's Free, and available for download & printing at: http://www.dwheeler.com/secure-programs It's available in a wide variety of formats, including PDF, HTML, and even ASCII text. A number of years ago I was very discouraged by the number of security-related flaws that were "the same ones we've seen for the last 30 years". So I wrote material on how to avoid common, well-known problems (this book). I give it away, in the hopes that by making it free, there will be NO EXCUSE for not developers knowing about how to write secure applications. Version 3.000 is now 158 pages long, full of specific information. Version 3.000 adds much more information on determining security requirements, including much more on the Common Criteria, as well as adding a number of improvements. And yes, I take suggestions (patches in Docbook preferred, code MIT licensed please). Many Linux distributions already include an older version of this book in their documentation set, since this is also distributed by the "Linux Documentation Project." Please, drop this book on developers who are developing Linux/Unix applications. I'm tired to seeing the same mistakes, over & over, and I suspect you're tired of having to live with their aftermath. A subset of its guidance is checked automatically by my "flawfinder" tool at: http://www.dwheeler.com/flawfinder --- David A. Wheeler
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 14:44:24 PST