The current state of software today is generally poor.The quality of the software in most systems does not trust placed in that software.Software security failures are common, and the effect range from inconvenience to severe problems.Much of computer security deals with handling problems created by programming errors, including analyzing and countering attacks that exploit these problems.A variety of causes underlie this problem.One cause is the failure of practitioners to practice "defensive programming,"in which basic principles of robust coding guard against unexpected inputs and events.This style of programming is often called "secure programming" or "secure coding".It is programming that deals with common programming errors(such as failing to check that the size of an input is no greater that the size of where it is to be stored), and should more properly be called "robust programming".
Robust programming is “a style of programming that prevents abnormal termination or unexpected actions”. This style has four central principles that distinguish it from more conventional programming:
1. Paranoia: the program or function should not trust anything it does not generate
2. Stupidity: assume the user or invoker cannot read any manuals, and be prepared to handle incorrect, malformed, and invalid inputs
3. Dangerous implements: keep internal data structures and functions hidden, so users and callers cannot alter or invoke them (accidentally or deliberately
4. Can’t happen: handle cases you believe are impossible, because even if they are, someone who changes the program may make that case possible