Merge pull request #22 from Xazax-hun/guidelines-update

Add some more resources to the best practices guidelines
ossf · May 2, 2024 · bd43d3c · bd43d3c
2 parents 7af6645 + 1d66082
commit bd43d3c
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/docs/best-practice-non-memory-safe-by-default-languages.md b/docs/best-practice-non-memory-safe-by-default-languages.md
@@ -2,12 +2,18 @@
 
 This working group recommends using a memory-safe by default language whenever possible or practical. However, when using a memory-safe by default language is not possible or practical, there are developer practices that will improve memory safety, even if it is not the default.
 
+## Language independent guidelines
+
+* Chromium is using the [rule of 2](https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md) to improve security. This involves sandboxing unsafe code that processes untrusted input.
+
 ## C
 
 * [Scope-based resource management for the kernel](https://lwn.net/Articles/934679/)
 
 ## C++
 
-* [Making C++ Memory-Safe Without Borrow Checking, Reference Counting, or Tracing Garbage Collection](https://verdagon.dev/blog/vale-memory-safe-cpp)
-* [C++ Core Guidelines](https://github.com/isocpp/CppCoreGuidelines)
-* [C/C++ Hardening Guide](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Compiler-Hardening-Guides)
+* [Google's whitepaper](https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/) summarizes most of the security mitigations they have in place for C++ including sanitizers, fuzzing, guidelines, and static analysis.
+* Microsoft's [response](https://learn.microsoft.com/en-us/cpp/code-quality/build-reliable-secure-programs) to NISTIR 8397 summarizes best practices to build reliable and secure C++ programs for the Windows platform.
+* Apple's [Secure Coding Guide](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html) includes generic advices for C, C++ and Objective C, as well as some platform specific guidelines.
+* The [C++ Core Guidelines](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines) is a collection of best practices to write better and safer C++.
+* The [C/C++ Hardening Guide](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html) discusses what compiler options to use to mitigate the risks of vulnerabilities getting exploited.