Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and we were aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals.

The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.

Copyright © 2002 by Addison-Wesley

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada.

The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please contact:

U.S. Corporate and Government Sales
(800) 382-3419
[email protected]

Visit us on the Web at www.awprofessional.com

Library of Congress Cataloging-in-Publication Data

Viega, John.
         Building secure software : how to avoid security problems the
    right way / Viega, John, McGraw, Gary.
                 p.     cm.
         Includes bibliographical references and index.
         ISBN 0-201-72152-X
         1. Computer software—Development.     2. Computer security.
3. System design.     I. McGraw, Gary, 1966–     II. Title.
    QA76.76.D47 V857 2001
    005.1—dc21                                                                    2001046055

ISBN 0-201-72152-X

Text printed in the United States on recycled paper at RR Donnelley Crawfordsville in Crawfordsville, Indiana.

9th     Printing        June 2008