5.1 DiscussionThe Importance of Writing Secure Code
According to Perforce (n.d.) approximately 90% of security incidents that were reported are attributed to an exploitation of the vulnerabilities in software code and design. Chapter five of Howard and LeBlanc (2003) declares the buffer overrun to be “Public Enemy #1” (p. 153). The authors go on to state that C and C++ give programmers a myriad of ways to “shoot themselves in the foot” (p. 153). Specific examples of buffer overruns include stack overruns, heap overruns, array indexing errors, format string bugs, Unicode and ANSI buffer size mismatches. Buffer overflows can be used to crash programs, corrupt data, and access sensitive files (Perforce, n.d.).
Before you begin, be sure you review the following resources:
- Writing secure codeLinks to an external site.
- Secure Coding PracticesLinks to an external site.
- An introduction to buffer overflowLinks to an external site.
Discussion Topic
In your post, you will need to cover Buffer Overruns in C describing either array numbering issues or numeric variable declaration sizing issues.
In your original post, answer the following:
- Give an example of a buffer overflow in C
- The code below contains a simple example of an overrun in an array. Find and discuss the error.