From owner-freebsd-security  Tue Dec 17 11:17:51 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id LAA12651
          for security-outgoing; Tue, 17 Dec 1996 11:17:51 -0800 (PST)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id LAA12634
          for <security@freebsd.org>; Tue, 17 Dec 1996 11:17:12 -0800 (PST)
Received: (from guido@localhost) by gvr.win.tue.nl (8.8.4/8.8.2) id UAA03326; Tue, 17 Dec 1996 20:16:59 +0100 (MET)
From: Guido van Rooij <guido@gvr.win.tue.nl>
Message-Id: <199612171916.UAA03326@gvr.win.tue.nl>
Subject: Re: writing secure code (was crontab ...)
In-Reply-To: <32B6E407.3BDF@vailsys.com> from Hal Snyder at "Dec 17, 96 12:18:47 pm"
To: hal@vailsys.com
Date: Tue, 17 Dec 1996 20:16:59 +0100 (MET)
Cc: security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hal Snyder wrote:
> <someone> wrote:
>  
>  Is there someplace or some book that someone who is writing new
> software can
>  refer to for learning how to write secure code in the first place?  I
>  certainly don't want to ask some whiny security cop for each and every
>  little detail.... :)
> 
> I like Chapter 23 of Practical Unix & Internet Security, (2d Ed), by
> Garfinkel & Spafford, pub. O'Reilly & Associates.
> 


Look also at AUSCERT's document:
	ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist

-Guido