2100 Powell Street, 10th Floor
Emeryville, California 94608
To arrange bulk purchase
19 Deadly Sins of Software Security
Copyright 2005 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
1234567890 CUS CUS 0198765
Jane K. Brownlow
Senior Project Editor
Apollo Publishing Services
Patti Lee Series
Peter F. Hancik
This book was published with Corel Ventura Publisher.
Information has been obtained by McGraw-Hill/ Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/ Osborne, or others, McGraw-Hill/ Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
For my incredible family. There is nothing that
For my father, who taught me the value of always learning new things and taking on new challenges.
For Mom. Shes responsible for my intellectual
About the Authors
is a senior security program manager in the security engineering
, Ph.D., is currently Chief Software Architect for Webroot Software. Prior to joining Webroot, he
is the original author of the 19 deadly programming flaws that received press and media attention, and this book is based on his discoveries. He is the founder and CTO of Secure Software (www.securesoftware.com). He co-
About the Tech Editors
is a senior principal software security engineer at Symantec Corporation. He leads Symantecs Product Security team, whose mission includes helping Symantec product
David A. Wheeler has had many years of experience in improving software development practices for higher-risk systems, such as large and/or secure systems. He is coeditor/coauthor of the book Software Inspection: An Industry Best Practice , author of the books Ada 95: The Lovelace Tutorial and Secure Programming for Linux and Unix HOWTO , and the author of the IBM developerWorks Secure Programmer column series. He lives in Northern Virginia.