A secure program is able to stand up against attempts to abuse it, to break into it, or to use it for a purpose it was not intended for. This is more than a robust program; robust code meets its specification and doesn’t crash when you apply a little pressure. However, a robust program might not have been designed with security in mind and could still leak sensitive information under some extreme conditions. Sometimes it’s preferable to crash when used wrongly, rather than provide unintended output. So secure code might crash!

The definition of a secure program depends on the security requirements for the application. These are defined in part by what you can expect from the ...