Developers should take steps to prevent sensitive information such as passwords, cryptographic keys, and other secrets from being inadvertently visible to other applicationsleaked. This includes attempting to prevent such data from being written to disk.
...
To prevent the information from being written to a core dump, the size of core dumps that the program will generate should be set to 0. This can be accomplished by using setrlimit().
...
Compliant Solution (Privileged Process, POSIX)
The added security from using mlock() is limited (see the sidebar by Nick Stoughton).
Processes with elevated privileges can disable paging by "locking" memory in place using either mlock() (POSIX) or [Open Group 04]. This ensures that memory is never copied to the hard drive, where it may be retained indefinitely in nonvolatile storage.
...