OT: Book review? Writing Secure Code

Sorry, way OT, but I assume quite a few of you have read
*Writing Secure Code, Second Edition *by Michael Howard and
David LeBlanc.

Is this book any good? Is it worth my time or is it filled
with fluff; are there a lot of technical examples in it?

m.
http:</http:>

It is a good book, but there is not a lot for driver writers. Basically it
is saying the obvious such as worry about buffer overflow, access to device
objects, etc. Most of the book is on user space and database things.

Now I still consider it good because as the mathematicion Pascal said
“Common sense is not so common”. The book is a good reminder we need to be
careful.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“MM” wrote in message news:xxxxx@ntdev…
> Sorry, way OT, but I assume quite a few of you have read
> *Writing Secure Code, Second Edition *by Michael Howard and David
> LeBlanc.
>
> Is this book any good? Is it worth my time or is it filled
> with fluff; are there a lot of technical examples in it?
>
> m.
> http:
>
></http:>

> Sorry, way OT, but I assume quite a few of you have read

*Writing Secure Code, Second Edition *by Michael Howard and
David LeBlanc.

Is this book any good? Is it worth my time or is it filled
with fluff; are there a lot of technical examples in it?

VERY good, though not much related to kernel.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

On Oct 31, 2006, at 6:56 PM, Maxim S. Shatskih wrote:

> Sorry, way OT, but I assume quite a few of you have read
> *Writing Secure Code, Second Edition *by Michael Howard and
> David LeBlanc.
>
> Is this book any good? Is it worth my time or is it filled
> with fluff; are there a lot of technical examples in it?

VERY good, though not much related to kernel.

Ditto. There is nice sample code for various kinds of stack/heap/
format string bugs and the basics of how to exploit them. There’s a
deep dive on security descriptors including code that runs as far
back as NT showing how to do it right. Etc.

Worthwhile.

-sd