Getting rid of insecure C function calls

by Jacek Artymiak

Related link:

Jose at the OpenBSD Journal informs us that the OpenBSD team is on another code pruning trip.

So, if you want to learn how to replace dangerous standard C library functions with their bounds-checking equivalents (which is not always as simple as cut and paste), watch source-changes for information on such modifications and read relevant diffs. That's probably the best coaching in using safe function calls you can get for free :-)

Another place to look for good secure programming information is Secure Programming for Linux and Unix HOWTO by David A. Wheeler.

Also, there is a very good book on the subject, Building Secure Software by John Viega and Gary McGraw, which should be essential reading for all programmers.