As devices become more and more connected to each other, security becomes more and more important. Even devices that are not on the internet now may be at some point in the future. You never know what legacy code, with a potentially exploitable defect, will find it’s way into that future product.
So whether you are developing for the latest in must-have, network enabled gadgets or a toaster, you should always consider the security implications of your code.
It is now accepted as fact that the only way to secure a device is to design security in from the start. This does not just mean using encryption to secure data transfer. Some of the most common vulnerabilities are caused by basic programming mistakes.
How many people still use strcpy() in their C code? My guess is quite a few do, but it is a terrible risk, use strncpy() instead. Yes, that ‘n‘ makes all the difference, you are setting a limit to the size of source you will copy and, provided you ensure it is less than the size of your destination buffer, you know you won’t over-run that buffer.
I am not suggesting that this is all you have to do, it is just one of the common mistakes developers make.
This week a group of 30+ security experts published a list of the top 25 most serious programming errors. No matter what you are developing for, I encourage you to read the list and look at your own code, you may be surprised what you find.
The complete list can be found on the SANS Institue web site:
And if you think a toaster will never be networked, think again: