There are a number of reasons for the many buffer overruns in production C and C++ code. The languages provide direct access to vulnerable memory, but developers also make mistakes, and there have historically been few defenses offered by compilers.

In the March 2008 issue of MSDN Magazine, Michael Howard, a Principal Security Program Manager at Microsoft, outlines some of the buffer overrun defenses available in Visual C++ 2005 and beyond.

Note that these defenses do not compensate for insecure code. Strive to create the most secure code possible, and if you don't know how to do that, then run right out and read some of the very good books available on the subject. You can also check out previous security topics covered in MSDN Magazine through our archives.