FreeBSD Dev Handbook

Chapter 3 on Secure Programming is interesting.

I was looking for this, and the following quote:

Use strncpy and snprintf() when the length is known (or implement some other form of bounds-checking when the length is unknown). In fact, never ever use gets() or sprintf(), period. If you do - we will send evil dwarfs after you.