Great question received just before the holidays.
The security of software is paramount, especially in any communications systems (routers, switches, servers). We are all fimiliar with “patch Tuesdays” as efforts to thwart security holes in software are a constant.
Surprisingly, few Computer Science majors include skills on secure coding. Furthermore, policies and procedures to ensure secure coding practices may not even exist. Just look at the lacking entry at Wikipedia!
Thus, it is a sesitive area for all of us in the communications business.
- There is a great site created by OWASP (Open Web Application Security Project) that attempts to document the appropriate Secure Coding Practices in the form of a wiki. This is a great starting point. Hundreds of Universities and Corporations are jumping on board.
- The CERT team also has a page on Secure Coding.
- There is an old site called Secure Coding.org that has a reference to a book and some other materials.
We hope that starts you off in the right place. If you have any additions you think we should make, please let us know.