Security vulnerabilities in software can in many cases be avoided if developers observe some basic points when coding. In particular, carelessness with strings originating from user entries gives rise to significant risks under C and C++. But even languages such as Java are unable to ensure that applications are invulnerable. Carnegie Mellon University's CERT (CERT/CC) has collected together a number of documents, presentations and webcasts on a "Secure Coding" page, with the aim of providing programmers with an overview of potential stumbling blocks and how to avoid them.
- CERT/CC, various authors: Secure Coding