Convey to your vendors your concerns about software quality in their products.

Observe the rules presented in the chapter when designing or coding any software, and especially when writing software that needs extra privileges or trust, runs SUID or SGID, or provides a network service.

Don’t write your own versions of library functions.

Don’t create new network protocols when tested protocols are available.

Don’t invent your own encryption algorithms or protocols.

Check all arguments to library or system calls. Check return values from every call.

Think about using chroot for privileged programs.

Avoid storing or transmitting passwords in cleartext in any application.

Be very cautious about generating and using “random” numbers.

Include logging facilities in your programs.

Test your programs with random and deliberately malicious input.

Read Chen, Wagner, and Dean’s paper on setuid before writing a SUID program.