Validating C and C++ for Safety and Security
Sometimes the only way to track down security flaws such as buffer overflows is to roll up your sleeves and manually review the code. Robert outlines a process for manual review that's based on Safe-Secure C/C++.
February, 2006: Validating C and C++ For Safety and Security
Table 2: Step 2Identify and mark counted loops.