The OpenSSF Best Practices Working Group has created a guide for compiler and linker options to produce reliable and secure code using native or cross toolchains for C and C++. Compiler options hardening aims to create application binaries with security mechanisms against potential attacks and to integrate well with existing platform security features in modern operating systems. Recommended options for GCC and Clang/LLVM include flags for detecting vulnerabilities at compile time and enabling run-time protection mechanisms. Hardening compiler options is crucial for addressing memory safety errors common in C and C++ code. Enabling these options can help counter vulnerabilities and improve software security overall. Implementing these recommendations can significantly enhance software security practices.
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html