Secure Programming Cookbook for C and C++

Its strengths include:

--Good coverage of cryptography programming
--Task-oriented solutions to specific programming problems
--Easy to navigate "cookbook" style ("with recipes" as the authors call them)

However, some areas of improvement might be:

--Could use more coverage of important subjects (buffer overflows, etc.)
--spends a lot of space on narrower examples (like explaining certain APIs that are documented well online)
--Sometimes jumps into material without much background explanation (which was confusing for me)

It is probably not the first book you should read on the subject. This is more of a recipe guide that is useful if you get stuck on coding a particular topic that happens to be covered. The authors have done a good job of explaining what coverage they do and don't include.

Rating:
Summary: A task-oriented reference guide
Review: To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.

But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.

As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my projects.

This book is one reference that I will be going back over and over again. The authors and editors have done a wonderful job to make the reading flow nice and easy. It is also very well laid out by stating the problem you may encounter, followed by a solution and then detailed discussion section with code samples.

For any C/C++ programmer making software to be used by more than one person, this reference book is a must.

You can still read the Acknowledgments and marvel at my name on there, of course.

Rating:
Summary: Bought it for one reason but ended up using it.
Review: To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.

But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.

As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my projects.

This book is one reference that I will be going back over and over again. The authors and editors have done a wonderful job to make the reading flow nice and easy. It is also very well laid out by stating the problem you may encounter, followed by a solution and then detailed discussion section with code samples.

For any C/C++ programmer making software to be used by more than one person, this reference book is a must.

You can still read the Acknowledgments and marvel at my name on there, of course.