I would recommend that the writer look into bcopy() and bzero(). If memory serves, they are the original primitives, and thus the most efficient. In the C++ world, string objects help protect the programmer from [him|her]self and tend the details. Certainly this is at the cost of efficiency, but then these days performance is a balance to reuse in the application programming space.
I am sorry to say that there are many environments where the management doesn't want anything but scripting tools like bash/csh/perl/php because they can't afford programmers who know C and C++. Their words, not mine, by the way. So then what I used to think of as prototyping tools now become what is used in production. That means that the security review must include not only software but also the underlying interpreter.