Absolutely, but my way of going about this would be to first show _why_ something is a best practice, rather than forcing people to take it at face value.

The problem is that people are allowed to take the easy route, they will never write secure code.

Writing secure code is always harder than not, and developers love to take shortcuts.

For example, many of the IO functions like gets() are no longer valid in C11 exactly because how unsafe they are.

A more conservative rule would be not to use C where security is a concern, unless you know what you're doing.

When you're writing the kind of software that's an invitation to hackers, like a web application, you should favor a language like PHP or Ruby, which takes things like buffer overflows out of the equation, and even then, you should know what you're doing.

> A more conservative rule would be not to use C where security is a concern, unless you know what you're doing.

Which if you follow my posts, you will see that I defend C and C++ should be replaced by safer systems programming languages, that exist since Modula-2 days.

Having said this, C and C++ are still used everywhere and will outlive most of us.

So when using them, for whatever reasons, at least one should take care to use the best practices regarding how to write secure and safe code in those languages.

Is it installed out of the box? I think you might need Xcode (or at least the command line tools). These instructions may help: http://railsapps.github.io/xcode-command-line-tools.html

> Is it installed out of the box?

No, Joe average user does not compile code.