←back to thread

Compiler Options Hardening Guide for C and C++

(best.openssf.org)
232 points pjmlp | 1 comments | 31 Mar 25 11:01 UTC | HN request time: 0.335s | source
Show context
MITSardine ◴[31 Mar 25 12:52 UTC] No.43534439[source]
If my C++ project is a simple utility supposed to take some files, crunch numbers, and spit out results, is there still the possibility it can be used for nefarious purposes?
replies(4): >>43535127 #>>43535170 #>>43535744 #>>43542888 #
1. rramadass ◴[01 Apr 25 04:35 UTC] No.43542888[source]
It depends on what exactly your program does and equally important, where it is deployed and used. Security is a matter of degree based on context i.e. there are levels of Security. It is not a all or nothing proposition.

If your program is going to be used for some non-critical work internally you don't have to bother much about attack surface/vectors etc. Just use some standard "healthy" compiler options and you are good.

If you would like to know more on this subject, i recommend reading the classic The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd et al.