Never trust user input (this includes file data, network data, etc.).

Never use unvalidated length or size values.

Always make use of the exploit mitigation techniques offered by modern operating systems wherever possible. Under Windows, software has to be compiled with Microsoft’s Visual C++ 2005 SP1 or later, and the appropriate compiler and linker options have to be used. In addition, Microsoft has released the Enhanced Mitigation Experience Toolkit,^[20] which allows specific mitigation techniques to be applied without recompilation.

Don’t ever trust media file extensions (see Section 2.5 below).